VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
Health information security 2 : Basic concepts
1. Information Security
Basic Concepts
Dr. Lasantha Ranwala
MBBS, MD- Health Informatics
Cert. in Ethical Hacking & Cyber Forensic
Senior Registrar in Health Informatics
3. Security Vs
Availability
Health care decision making is
depending on the information
Life saving decision
No /minimal breakdown time
4. Privacy Vs
Confidentiality Vs
Security
Privacy
is defined as an individual right to
control the acquisition, uses or
disclosures of his or her information.
Confidentiality
is the property, that information is
not made available or disclosed to
unauthorized individuals, entities, or
processes.
5.
6. Privacy Vs
Confidentiality Vs
Security
Security
processes and methodologies which designed
and implemented to protect print, electronic, or
any other form of confidential, private and
sensitive information or data from unauthorized
access, use, misuse, disclosure, destruction,
modification, or disruption
7. Terms used in
Security
Information Security
IT security
Computer Security
Network Security
Cyber Security
9. Concepts and
Definitions
Basic security concepts important to
information
CIA
Concepts relating to the people who use
that information
AAA
Common terms
Vulnerabilities
Threat
Like hood
Impact
Risk
10. CIA Triad
Confidentiality: “need to
ensure that information is
disclosed only to those who are
authorized to view it"
Availability: "need to ensure
that the business purpose of the
system can be met and that it is
accessible to those who need to
use it."
Integrity: " need to ensure that
information has not been changed
accidentally or deliberately, and that it
is accurate and complete
11. Authentication
Authentication is proving that a
user is the person he or she
claims to be.
That proof may involve
Something g the user knows
(such as a password)
something the user has
(such as a “smartcard”) or
something about the user
that proves the person’s
identity (such as a fingerprint)
12. Authorization
Authorization is the act of
determining whether a
particular user (or computer
system) has the right to
carry out a certain activity,
such as reading a file or
running a program.
14. Accountability (non-
repudiation)
Security is strong when the
means of authentication
cannot later be refuted—the
user cannot later deny that
he or she performed the
activity
This is known as non-
repudiation
15.
16. Likehood
Possibility that threat may
materialize
Usually subjective assessment
based on experiences
Can make it less subjective and
more objective if use past
information past incidents types,
effects , time…..etc
17. Consequences
How and up to what degree
the threat make impact on
organization
Worst case out come
Ex:
Financial lost
Exposure of personal sensitive
data
Destruction of server room..
18. Risk
The potential for an unwanted or
adverse outcome resulting from an
incident, event, or occurrence, as
determined by the likelihood that a
particular threat will exploit a particular
vulnerability, with the associated
consequences.
Risk = Likelihood X Consequences
20. Development of Cyber Security in Health
setup
Cyber
Security
Information
Security
Health Institution
Cyber
Security
Information
Security
Health Institution
Cyber Security
Information
Security
Health Institution