2. The Foundation
⦿ Core healthcare solutions are associated with set of:
⦿ Business -> Whether implicitly/explicitly, mobile system must
execute on a profitable business model, and need strengthen
its security & secure its privacy.
⦿ Legal -> Solution must operate to be in compliance or face
legislative penalty, have security and privacy legislation across
the globe, and requires special and specific guidance.
⦿ Technology -> Need written procedural manner, also system
that asynchronous, responsive and web enabled.
⦿ Social-> Attitudes, beliefs, and assumptions made by the
common user when they interact with computing solutions.
3. The Security Dimension
⦿ Protection of computer security is typically focused on
ensuring that:
⦿ Confidentiality -> Information is not accessed by unauthorized
persons
⦿ Integrity -> Information is not altered by unauthorized persons
in a way that is not detectable by authorized users
⦿ Authentication -> Users are the persons they claim to be
⦿ Access control -> Qualified users access only those resources
that they are entittled to access and not denied by its
⦿ Nonrepudiation -> The originators of messages cannot deny
that they in fact sent the message
⦿ Avaibility -> A system is operational and functional data a
given moment
4. The Mobile Platform System
⦿ Securely access medical data from a secured backend
database
⦿ Not store personally identifiable information on the device
⦿ Ensure that the hardware and software of mobile device is
secure
⦿ MOBILE SECURITY
REFERENCE
ARCHITECTURE
(MRSA) by US
Federal CIO Council
and the US
Department of
Homeland
5. Inside MRSA
⦿ Virtual Private Network -> Method for creating secure connection
⦿ Mobile Device Management -> Administration and supervision of
app, data, configuration setting
⦿ Mobile App Management -> provides a subset operations provided
by MDM
⦿ Identity and Access Management -> Integrating and coordinating
service
⦿ Mobile App Store -> Repository of mobile apps
⦿ Mobile App Gateway -> App-specific network security for mobile app
infrastructures
⦿ Data Loss Prevention -> Prevent loss on transmission
⦿ Intrusion Detection System -> Matching known attack and alerts
when suspicious traffic is seen
⦿ Gateway and Security Stack -> Prevent damage to backend and
can be inspected by standard network defense