Enterprise Information Security Management Based on Context-Aware RBAC and Communication Monitoring Technology

Wu, Meiyu; Yu, Ming-Hsien

doi:10.1155/2013/569562

Cited by 9 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First, there are various emergency situations in medical environments, and it is crucial to respond to such situations promptly [ 10 ]. Therefore, the situation must be taken into consideration when deciding access permissions, and access decisions should change, depending on the severity of the situation [ 11 ]. Second, MISs store sensitive data, such as personal information and medical records, and information leakages in this field are likely to result in egregious violations of patient confidentiality.…”

Section: Introductionmentioning

confidence: 99%

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

Choi

Kim

Park

2015

Computational and Mathematical Methods in Medicine

View full text Add to dashboard Cite

Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment.

show abstract

Section: Introductionmentioning

confidence: 99%

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

Choi

Kim

Park

2015

Computational and Mathematical Methods in Medicine

View full text Add to dashboard Cite

show abstract

“…Monitoring can be achieved through logging, observing, and recording a person's behaviour. New information equipments are available to help security personnel and system administrators enforce and monitor information security policies (Mei-Yu & Ming-Hsien, 2013). The devices are technical methods that can provide backup, logging, blocking and monitory functions.…”

Section: Operations Security Access Control and Monitoring And Reviewsmentioning

confidence: 99%

“…The devices are technical methods that can provide backup, logging, blocking and monitory functions. Communication monitoring technologies can filter, record, or block suspected activities in order to reduce the occurrence of security incidence (Mei-Yu & Ming-Hsien, 2013). Logging of data is important for monitoring and forensics purposes and should include network traffic monitoring.…”

Section: Operations Security Access Control and Monitoring And Reviewsmentioning

confidence: 99%

Towards Modelling the Impact of Security Policy on Compliance

Yaokumah

Brown

Dawson

2016

Journal of Information Technology Research

View full text Add to dashboard Cite

This study develops a model, based on the controls present in ISO/IEC 27002 framework, to integrate the role of technical and administrative security controls. The model provides better understanding of how security policy can influence security compliance and the pathway through which this effect is generated. Data were collected from 223 IT security and management professionals. Using Partial Least Square Structural Equation Modelling (PLS-SEM) and testing hypotheses, the study finds that information security policy has significant indirect influence on information security compliance. The effect of security policy is fully mediated by security roles and responsibilities, operations security activities, and security monitoring and review activities. Security policy strongly influences operations security activities and has the greatest effect on security roles and responsibilities. Among the three mediating variables, monitoring and reviews has the most significant influence on security compliance. Conversely, the impact of security policy on compliance is not significant.

show abstract

Exploring the Impact of Security Policy on Compliance

Yaokumah

Kumah

2018

Global Implications of Emerging Technology Trends

View full text Add to dashboard Cite

Extant studies on compliance with security policies have largely ignored the impact of monitoring, security operations, and roles and responsibilities on employees' compliance. This chapter proposes a theoretical model that integrates security policy, monitoring, security operations, and security roles to examine employees' security compliance. Data were collected from 233 IT security and management professionals. Using partial least square structural equation modelling and testing hypotheses, the study finds that information security policy has significant indirect influence on information security compliance. The effect of security policy is fully mediated by security roles, operations security activities, and security monitoring activities. Security policy strongly influences operations security activities and has the greatest effect on security roles and responsibilities. Among the three mediating variables, monitoring has the most significant influence on security compliance. Conversely, the direct impact of security policy on compliance is not significant.

show abstract

Enterprise Information Security Management Based on Context-Aware RBAC and Communication Monitoring Technology

Cited by 9 publications

References 13 publications

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

Towards Modelling the Impact of Security Policy on Compliance

Exploring the Impact of Security Policy on Compliance

Contact Info

Product

Resources

About