Detecting information technology risk factors in a telemedicine system
| Authors: Mikov D.A. |  |
| Published in issue: #3(3)/2016 | |
| DOI: 10.18698/2541-8009-2016-3-24 | |
Category: Informatics, Computer Engineering and Control | Chapter: Methods and Systems of Information Protection, Information Security |
|
Keywords: remote health condition monitoring system, IDEF model, information technology risk analysis, risk factors, information security threats, potential damage, vulnerabilities of an automated system, countermeasures |
|
| Published: 02.12.2016 | |
We suggest a method for researching information flows in an automated system based on function modelling employing the IDEF0 methodology. We analyse the specifics of detecting information security threats, potential damage, vulnerabilities of the automated system, and developing corresponding countermeasures. We developed an IDEF0 model of the operation of a telemedicine system. By analysing the model developed, we detected information security risk factors in a telemedicine system for remote health condition monitoring and suggested countermeasures.
References
[1] Mikov D.A. Analysis of methods and tools which are used in the various stages of information security risk assessment. Voprosy kiberbezopasnosti, 2014, no. 4 (7), pp. 49-54 (in Russ.).
[2] Mikov D.A. Analysis of data stream research methods for information security risk assessment. Ezhemesyachnyy nauchnyy zhurnal "Prospero", 2014, no. 7, pp. 28-33 (in Russ.).
[3] Anishchenko V.S., Buldakova T.I., Dovgalevskiy P.Ya. et al. Conceptual model of virtual centre of public health services. Informatsionnye tekhnologii, 2009, no. 12, pp. 59-64 (in Russ.).
[4] Buldakova T.I., Krivosheeva D.A. Security threats in systems of the remote monitoring. Voprosy kiberbezopasnosti, 2015, no. 5(13), pp. 45-50 (in Russ.).
[5] Eyers D.M., Bacon J., Moody K. Oasis role-based access control for electronic health records. IEE Proceedings - Software, 2006, vol. 153, no. 1, pp. 16-23. DOI: 10.1049/ip-sen: 20045038
[6] Ferraiolo D.F., Kuhn D.R. Role based access control. 15th National Computer Security Conference, 1992, pp. 554-563.
[7] Sandhu R., Coyne E.J., Feinstein H.L., Youman C.E. Role-based access control models. IEEE Computer, 1996, vol. 29, no. 2, pp. 38-47. DOI: 10.1109/2.485845
[8] Buldakova T.I., Dzhalolov A.Sh. Analysis of data processes and choices of data-processing and security technologies in situation centers. Nauchno-tekhnicheskaya informatsiya. Ser. 1, 2012, no. 6, pp. 16-22. (Eng. version of journal: Scientific and Technical Information Processing, 2012, vol. 39, no. 2, pp. 127-132. DOI: 10.3103/S0147688212020116)