ENISA’s Contribution to National Cyber Security Strategies

Liveri, Dimitra; Sarri, Anna; Darra, Eleni

doi:10.1007/978-3-658-21655-9_5

Cited by 5 publications

(6 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“… National cybersecurity strategies and reference reports : Documents regarding the currently applied cybersecurity strategies in the pilot countries and relevant reports (e.g. regarding guidelines or best practices) primarily provided by the European Union Agency for Network and Information Security (ENISA) [ 17 , 18 ]. …”

Section: Methodsmentioning

confidence: 99%

Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

Natsiavas

Rasmussen²,

Voss-Knude³

et al. 2018

BMC Med Inform Decis Mak

View full text Add to dashboard Cite

BackgroundIncreased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients’ and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit.MethodsOur methodology relied on four pillars: (a) a gap analysis study, reviewing a range of relevant projects/initiatives, technologies as well as cybersecurity strategies for HIT interoperability and cybersecurity; (b) the definition of user scenarios with major focus on cross-border health data exchange in the three pilot countries of the project; (c) a user requirements elicitation phase containing a threat analysis of the business processes entailed in the user scenarios, and (d) surveying and discussing with key stakeholders, aiming to validate the obtained outcomes and identify barriers and facilitators for HIT adoption linked with cybersecurity and interoperability.ResultsAccording to the gap analysis outcomes, full adherence with information security standards is currently not universally met. Sustainability plans shall be defined for adapting existing/evolving frameworks to the state-of-the-art. Overall, lack of integration in a holistic security approach was clearly identified. For each user scenario, we concluded with a comprehensive workflow, highlighting challenges and open issues for their application in our pilot sites. The threat analysis resulted in a set of 30 user goals in total, documented in detail. Finally, indicative barriers of HIT acceptance include lack of awareness regarding HIT risks and legislations, lack of a security-oriented culture and management commitment, as well as usability constraints, while important facilitators concern the adoption of standards and current efforts for a common EU legislation framework.ConclusionsOur study provides important insights to address secure and interoperable health data exchange, while our methodological framework constitutes a paradigm for investigating diverse cybersecurity-related risks in the health sector.Electronic supplementary materialThe online version of this article (10.1186/s12911-018-0664-0) contains supplementary material, which is available to authorized users.

show abstract

Section: Methodsmentioning

confidence: 99%

Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

Natsiavas

Rasmussen²,

Voss-Knude³

et al. 2018

BMC Med Inform Decis Mak

View full text Add to dashboard Cite

show abstract

“…As a common challenge for all EHR providers, the security risk is a core topic of research, especially given the complex nature of healthcare systems. Relying on human vigilance alone is not a practical method for security records (Millard, 2017); as reflected in a report by the European Union Agency for Network and Information Security (ENISA), which outlines how cyber-attacks on e-health systems have a high societal impact (Liveri, Sarri, & Skouloudi, 2015). New systems are needed for safeguarding EHRs.…”

Section: Ehr Securitymentioning

confidence: 99%

Securing electronic health records against insider-threats: A supervised machine learning approach

et al. 2022

View full text Add to dashboard Cite

“…Four-stage cycle of action based on the PDCA model involves control and continuous improvement of the strategy, policy and products in the domain of cyberspace protection. On this basis, ENISA proposes four, cyclically repeating stages of programme management starting from its development, execution, evaluation and adjustment [16].…”

Section: Assumptions Of the Pdca Model In Cyberspace Protectionmentioning

confidence: 99%

“…The evaluation phase is the key element of the functioning of the national programme of cyberspace protection. The planned, systematised and cyclical evaluation supports the achievements of the programme objectives and contributes to its continuous development [16]. Conducting the evaluation, we need to provide the information about its results to all the entities involved in the cyberspace protection.…”

Section: Assumptions Of the Pdca Model In Cyberspace Protectionmentioning

confidence: 99%

In search of EU law in the domain of cyberspace protection – the proposal based on the Cyber-PDCA model

Kańciak

2017

Journal of Cyber Security Technology

View full text Add to dashboard Cite

Technological progress causes modifications of the development of cyberspace and its capacity. The changes proceed towards the evergreater involvement of the users, expansion into other domains of social and economic life and increasing tendency to abandon the traditional methods of functioning of a state and substitute them with the digital solutions. It may seem to be quite an obvious claim; however, it is worth referring to it in the light of further considerations. The scope of effects and consequences as well as the impact zone are significant; however, the works on assigning legal frameworks to cyberspace are not adequately advanced. The initiatives related to cyberspace are connected mainly with its technical side. Consequently, this aspect is examined and described most thoroughly in the domestic and international literature of the subject. ARTICLE HISTORY

show abstract

ENISA’s Contribution to National Cyber Security Strategies

Cited by 5 publications

References 0 publications

Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

Securing electronic health records against insider-threats: A supervised machine learning approach

In search of EU law in the domain of cyberspace protection – the proposal based on the Cyber-PDCA model

Contact Info

Product

Resources

About