Towards a maturity model for health-care cloud security (M<sup>2</sup>HCS)

Akinsanya, Opeoluwa Ore; Papadaki, Maria; Sun, Lingfen

doi:10.1108/ics-05-2019-0060

Cited by 21 publications

(13 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…to propose a novel maturity model for health-care cloud security, which focuses on assessing cyber security in cloud-based health-care environments by incorporating the sub-domains of health-care cyber security practices and introducing health-carespecific cyber security metrics [72] 3.2 to use innovative technology in healthcare to treat, diagnose and monitor patients [43] 2.2 to investigate medical information security to gain a better understanding of trends in research related to medical information security [96] 1.2 to present a novel approach, called BotDet, for botnet Command and Control traffic detection to defend against malware attacks in critical ultrastructure systems [44] 2.2 to develop a model of factors associated with healthcare data breaches. Variables were operationalized as the healthcare facilities' level of exposure, level of security, and organizational factors [45] 2.2 to record public and physicians' awareness, expectations for, and ethical concerns about the use of EHRs [46] 2.2…”

Section: Discussionmentioning

confidence: 99%

Section: Publications' Aim Subclassmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Risk in Health Facilities: A Systematic Literature Review

et al. 2020

View full text Add to dashboard Cite

The current world challenges include issues such as infectious disease pandemics, environmental health risks, food safety, and crime prevention. Through this article, a special emphasis is given to one of the main challenges in the healthcare sector during the COVID-19 pandemic, the cyber risk. Since the beginning of the Covid-19 pandemic, the World Health Organization has detected a dramatic increase in the number of cyber-attacks. For instance, in Italy the COVID-19 emergency has heavily affected cybersecurity; from January to April 2020, the total of attacks, accidents, and violations of privacy to the detriment of companies and individuals has doubled. Using a systematic and rigorous approach, this paper aims to analyze the literature on the cyber risk in the healthcare sector to understand the real knowledge on this topic. The findings highlight the poor attention of the scientific community on this topic, except in the United States. The literature lacks research contributions to support cyber risk management in subject areas such as Business, Management and Accounting; Social Science; and Mathematics. This research outlines the need to empirically investigate the cyber risk, giving a practical solution to health facilities.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Publications' Aim Subclassmentioning

confidence: 99%

Cyber Risk in Health Facilities: A Systematic Literature Review

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Juliadotter and Choo [119] 2015 Risk Theoretical Both Otero [120] 2015 Risk Theoretical Defender Solic et al [121] 2015 Risk Theoretical Defender Sugiura et al [122] 2015 Risk Theoretical Defender Wei et al [123] 2015 Risk Theoretical Defender You et al [75] 2015 Security Theoretical Defender Brožová et al [51] 2016 Risk Theoretical Defender Brynielsson et al [124] 2016 Awareness Theoretical Defender Granåsen and Andersson [125] 2016 Resilience Theoretical Defender Orojloo and Azgomi [126] 2016 Risk Theoretical Attacker Aiba and Hiromatsu [127] 2017 Risk Theoretical Defender Damenu and Beaumont [103] 2017 Risk Implementation Defender Ramos et al [41] 2017 Review -Defender Rass et al [52] 2017 Risk Theoretical Defender Alohali et al [128] 2018 Risk Theoretical Defender Li et al [82] 2018 Risk Theoretical Defender Morrison et al [43] 2018 Review -Both Pramod and Bharathi [129] 2018 Risk Theoretical Defender Proença and Borbinha [89] 2018 Maturity Implementation Defender Rueda and Avila [130] 2018 Risk Theoretical Defender Shokouhyar et al [104] 2018 Risk Theoretical Defender Stergiopoulos et al [131] 2018 Risk Theoretical Defender You et al [132] 2018 Maturity Theoretical Defender Akinsanya et al [133] 2019 Maturity Theoretical Defender Bharathi [134] 2019 Risk Theoretical Defender Fertig et al [135] 2019 Awareness Theoretical Defender Husák et al [31] 2019 Review -Defender Salih et al [136] 2019 Risk Theoretical Defender Cadena et al [34] 2020 Review -Defender Wirtz and Heisel [137] 2020 Risk Theoretical Defender Ganin et al [138] 2020 Risk Theoretical Defender Luh et al [90] 2020 Risk Theoretical Both Table A3. The in...…”

Section: Validation Methodsmentioning

confidence: 99%

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

et al. 2021

View full text Add to dashboard Cite

Cybersecurity threats are on the rise, and small- and medium-sized enterprises (SMEs) struggle to cope with these developments. To combat threats, SMEs must first be willing and able to assess their cybersecurity posture. Cybersecurity risk assessment, generally performed with the help of metrics, provides the basis for an adequate defense. Significant challenges remain, however, especially in the complex socio-technical setting of SMEs. Seemingly basic questions, such as how to aggregate metrics and ensure solution adaptability, are still open to debate. Aggregation and adaptability are vital topics to SMEs, as they require the assimilation of metrics into an actionable advice adapted to their situation and needs. To address these issues, we systematically review socio-technical cybersecurity metric research in this paper. We analyse aggregation and adaptability considerations and investigate how current findings apply to the SME situation. To ensure that we provide valuable insights to researchers and practitioners, we integrate our results in a novel socio-technical cybersecurity framework geared towards the needs of SMEs. Our framework allowed us to determine a glaring need for intuitive, threat-based cybersecurity risk assessment approaches for the least digitally mature SMEs. In the future, we hope our framework will help to offer SMEs some deserved respite by guiding the design of suitable cybersecurity assessment solutions.

show abstract

“…US energy sector and the DOE defined the MM as "a set of characteristics, attributes, indicators, or patterns that represent capability and progression in a particular discipline" (C2M2, 2021). According to Le and Hoang (2016) and Akinsanya et al (2019), a MM is a good tool that helps organizations evaluate performance and identify weaknesses to build improvement plans to attain their goals. Curtis and Mehravari (2015) mentioned that the MM provides standards used to assess the current level of capability and maturity of processes and practices that help the organizations put their goals based on their level of importance.…”

Section: Literature Reviewmentioning

confidence: 99%

“…The hybrid, however, is a combination of both the progression and the MMs (Allen and Mehravari, 2014). In another study by Akinsanya et al (2019), the researchers define the cyber security MM as "a tool that can track improvements made over time from embedding security within an organization's daily and strategic workflows and between similar organizations in an industry." There is a big necessity for cybersecurity MMs, which can enable people to better manage organizations (Stevanovi c, 2011) and assist in evaluating their current procedures for cybersecurity assurance (Payette et al, 2015).…”

Section: Literature Reviewmentioning

confidence: 99%

The impacts of the cyber-trust program on the cybersecurity maturity of government entities in the Kingdom of Bahrain

Shaheen

Zolait

2023

ICS

View full text Add to dashboard Cite

Purpose This study aims to determine the impacts of the Bahrain Government framework [cyber-trust program (CTP)] on the cybersecurity maturity of government entities and how the CTP can impact the cybersecurity of government entities in the Kingdom of Bahrain. Design/methodology/approach The authors used a quantitative and qualitative approach. The data were collected by conducting semi-structured interviews with the information technology experts in the Bahrain Government entities participating in the CTP. Also, quantitative data was obtained through a questionnaire distributed to relevant people in the information technology field. Findings The findings of this study suggest that the CTP had a significant impact on the cybersecurity assurance of the government entities that participated in the CTP; it increased the employees’ awareness, reduced the number of cyberattacks and optimized the available resources. The findings also highlighted the role of top management in the success of the implementation of the CTP. The results also ensure that the CTP’s maturity model affected the cybersecurity compliance of an organization and the implementation of cybersecurity policies and controls. Practical implications This study enhances cybersecurity researchers’ and practitioners’ understanding of the impact of the CTP and its components and evaluates its influence on Bahrain’s cybersecurity assurance. Originality/value This study implies that to achieve better cybersecurity, managers should focus on implementing the policies and controls provided by cybersecurity frameworks to enhance cybersecurity assurance.

show abstract

Towards a maturity model for health-care cloud security (M²HCS)

Cited by 21 publications

References 21 publications

Cyber Risk in Health Facilities: A Systematic Literature Review

Cyber Risk in Health Facilities: A Systematic Literature Review

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

The impacts of the cyber-trust program on the cybersecurity maturity of government entities in the Kingdom of Bahrain

Contact Info

Product

Resources

About

Towards a maturity model for health-care cloud security (M2HCS)

Cited by 21 publications

References 21 publications

Cyber Risk in Health Facilities: A Systematic Literature Review

Cyber Risk in Health Facilities: A Systematic Literature Review

Respite for SMEs: A Systematic Review of Socio-Technical Cybersecurity Metrics

The impacts of the cyber-trust program on the cybersecurity maturity of government entities in the Kingdom of Bahrain

Contact Info

Product

Resources

About

Towards a maturity model for health-care cloud security (M²HCS)