The document assesses adding four new requirements to the iTrust medical records system: adding an emergency responder role, finding qualified healthcare professionals, updating diagnosis codes, and viewing access logs. Adding the emergency responder role carries the most risk as it provides access to sensitive patient data. Proper access controls, authentication, and encryption are recommended to secure data access and mitigate vulnerabilities like unauthorized access, wireless communication attacks, and credential misuse. A role-based access control model and two-factor authentication are suggested for emergency responders.
IT SECURITY PLAN FOR FLIGHT SIMULATION PROGRAMIJCSEA Journal
Information security is one of the most important aspects of technology, we cannot protect the best interests of our organizations' assets (be that personnel, data, or other resources), without ensuring that these assetsare protected to the best of their ability. Within the Defense Department, this is vital to the security of not just those assets but also the national security of the United States. Compromise insecurity could lead severe consequences. However, technology changes so rapidly that change has to be made to reflect these changes with security in mind. This article outlines a growing technological change (virtualization and cloud computing), and how to properly address IT security concerns within an operating environment. By leveraging a series of encrypted physical and virtual systems, andnetwork isolation measures, this paper delivered a secured high performance computing environment that efficiently utilized computing resources, reduced overall computer processing costs, and ensures confidentiality, integrity, and availability of systems within the operating environment
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
IT SECURITY PLAN FOR FLIGHT SIMULATION PROGRAMIJCSEA Journal
Information security is one of the most important aspects of technology, we cannot protect the best interests of our organizations' assets (be that personnel, data, or other resources), without ensuring that these assetsare protected to the best of their ability. Within the Defense Department, this is vital to the security of not just those assets but also the national security of the United States. Compromise insecurity could lead severe consequences. However, technology changes so rapidly that change has to be made to reflect these changes with security in mind. This article outlines a growing technological change (virtualization and cloud computing), and how to properly address IT security concerns within an operating environment. By leveraging a series of encrypted physical and virtual systems, andnetwork isolation measures, this paper delivered a secured high performance computing environment that efficiently utilized computing resources, reduced overall computer processing costs, and ensures confidentiality, integrity, and availability of systems within the operating environment
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
Database security is a growing concern as the amount of sensitive data collected and retained in databases
is fast growing and most of these data are being made accessible via the internet. Majority of the companies, organizations and teaching and learning institutions store sensitive data in databases .As most of these data are electronically accessed , It can therefore be assumed that , the integrity of these numerous and sensitive data is prone to different kind of threat such as{Unauthorized access, theft as well access denial}. Therefore, the need for securing databases has also increased The primary objectives of database security are to prevent unauthorized access to data, prevent unauthorized tampering or modification of
data, and to also ensure that, these data remains available whenever needed. In this paper, we developed
a database security framework by combining different security mechanism on a sensitive students information database application designed for Shehu Shagari College of Education Sokoto (SSCOE) with the aim of minimizing and preventing the data from Confidentiality, Integrity and Availability threats
A Secure Software Engineering Perspectiveidescitation
Software vulnerabilities are the prime cause for the
cyber attacks and potential misuse of software applications.
The vulnerabilities are mostly due to unsecure system
architecture, software development language and design
issues. Generally software development practice does not
address these issues due to time-budget constraints and
conflicting needs. This ultimately results in software
development, where security is a major concern, remains
mainly unnoticed. Secure software engineering by and large
refers to the process of software security. The software security
essentially focuses on developing the secure software, which
generally depends on system architecture and software
security assurance against the possible vulnerabilities. To
address these issues, in this paper, a survey is reported as a
state of art work in the areas of secure system architecture,
buffer overflow attacks and confinement.
For more course tutorials visit
www.newtonhelp.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CYB 610 Project 3 Assessing Information System Vulnerabilities and Risk
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTIJNSA Journal
An efficient key management system is required to support cryptography. Most key management systems use either pre-installed shared keys or install initial security parameters using out-of-band channels. These methods create an additional burden for engineers who manage the devices in industrial plants. Hence, device deployment in industrial plants becomes a challenging task in order to achieve security. In this work, we present a device deployment framework that can support key management using the existing trust towards employees in a plant. This approach reduces the access to initial security parameters by employees; rather it helps to bind the trust of the employee with device commissioning. Thus, this approach
presents a unique solution to the device deployment problem. Further, through a proof-of-concept implementation and security analysis using the AVISPA tool, we present that our framework is feasible to implement and satisfies our security objectives.
An efficient key management system is required to support cryptography. Most key management systems use either pre-installed shared keys or install initial security parameters using out-of-band channels. These methods create an additional burden for engineers who manage the devices in industrial plants. Hence, device deployment in industrial plants becomes a challenging task in order to achieve security. In this work, we present a device deployment framework that can support key management using the existing trust towards employees in a plant. This approach reduces the access to initial security parameters by employees; rather it helps to bind the trust of the employee with device commissioning. Thus, this approach presents a unique solution to the device deployment problem. Further, through a proof-of-concept implementation and security analysis using the AVISPA tool, we present that our framework is feasible to implement and satisfies our security objectives.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
This paper reports on the Information Systems (IS) securitymeasures implemented by small and medium size enterprises (SMEs) in Zimbabwe. A survey questionnaire was distributed to 32 randomly selected participants in order to investigate the security measures and practices in their respective organisations. The results indicated that over 50% of the respondents had installed firewalls, while more than 80% carried out regular software updates and none of the respondents had intrusion detection systems. The researchers recommended that SMEs work to enhance their knowledge on the different IS threats in order to enable the implementation of preventive measures.
The purpose of this paper two fold. First and foremost it presents a background narrative on the origins, innovations and applications of novel structural automation technologies and the rarity of experts involved in research, development and practice of this field. The second part of this paper presents a rudimentary framework for a solution addressing this paucity – the creation of an interdisciplinary academic program at PAAET that will be the first ever in the region to address applied information communication technologies ICT in the design, planning, engineering and management of structural automation projects. In doing so, we need also to define the level of implementation. This field, as all fields in ICT, have been loosely defined and most applications carry less weight in its implementation than what should be applied. This paper gives an attempt to define an indexing scheme by which we can easily classify such implementation and generate a ranking by which we can safely define its level of ―Intelligence‖.International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...Jerimi Soma
The sooner or the later, I guess the Japanese privacy mark certifications (Pマーク)would be replaced with ISO27701 extension to ISMS one for many entities not to compromise GDPR.
Conformity to ISMS extension would be relevant to ISMAP政府情報システムのためのクラウドセキュリティ評価制度 for cloud service providers process PII.
A credit card number would be Personally Identifiable Information(PII). ISO27701, ISO27017, and ISO27018 are partially relevant to PCI DSS.
Cloud assisted privacy preserving and data integrity for mobile health monito...eSAT Journals
Abstract
In cloud computing system ,data is stimulated to a distantly placed cloud server. Cloud provisions the information authentically and go back to the proprietor whenever wanted. But there is no assurance that information store in the cloud is protected and not changed by cloud . In order to defeat the danger of honesty of data, the user must be able to use the help of Third party Auditor(TPA).TPA has understanding in inspection honesty of the information, that clouds users does not have, and that is difficult for the owner to check .The data in the cloud should be exact ,reliable ,available and elevated excellence.[1]This paper is to address this important problem related to the data integrity and design a cloud assisted privacy preserving mobile-health monitoring system to protect the privacy of the involved parties and their data. for that purpose we have used the algorithms:1)Tate pairing 2)Token generation 3)AES(Advanced Encryption Standards)-SHA1 and MD5.
Keywords— Data integrity,TPA,Tate pairing, Cryptography
Database security is a growing concern as the amount of sensitive data collected and retained in databases
is fast growing and most of these data are being made accessible via the internet. Majority of the companies, organizations and teaching and learning institutions store sensitive data in databases .As most of these data are electronically accessed , It can therefore be assumed that , the integrity of these numerous and sensitive data is prone to different kind of threat such as{Unauthorized access, theft as well access denial}. Therefore, the need for securing databases has also increased The primary objectives of database security are to prevent unauthorized access to data, prevent unauthorized tampering or modification of
data, and to also ensure that, these data remains available whenever needed. In this paper, we developed
a database security framework by combining different security mechanism on a sensitive students information database application designed for Shehu Shagari College of Education Sokoto (SSCOE) with the aim of minimizing and preventing the data from Confidentiality, Integrity and Availability threats
A Secure Software Engineering Perspectiveidescitation
Software vulnerabilities are the prime cause for the
cyber attacks and potential misuse of software applications.
The vulnerabilities are mostly due to unsecure system
architecture, software development language and design
issues. Generally software development practice does not
address these issues due to time-budget constraints and
conflicting needs. This ultimately results in software
development, where security is a major concern, remains
mainly unnoticed. Secure software engineering by and large
refers to the process of software security. The software security
essentially focuses on developing the secure software, which
generally depends on system architecture and software
security assurance against the possible vulnerabilities. To
address these issues, in this paper, a survey is reported as a
state of art work in the areas of secure system architecture,
buffer overflow attacks and confinement.
For more course tutorials visit
www.newtonhelp.com
CYB 610 Project 1 Information Systems and Identity Management
CYB 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CYB 610 Project 3 Assessing Information System Vulnerabilities and Risk
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE DEPLOYMENT AND INITIAL KEY ESTABLISHMENTIJNSA Journal
An efficient key management system is required to support cryptography. Most key management systems use either pre-installed shared keys or install initial security parameters using out-of-band channels. These methods create an additional burden for engineers who manage the devices in industrial plants. Hence, device deployment in industrial plants becomes a challenging task in order to achieve security. In this work, we present a device deployment framework that can support key management using the existing trust towards employees in a plant. This approach reduces the access to initial security parameters by employees; rather it helps to bind the trust of the employee with device commissioning. Thus, this approach
presents a unique solution to the device deployment problem. Further, through a proof-of-concept implementation and security analysis using the AVISPA tool, we present that our framework is feasible to implement and satisfies our security objectives.
An efficient key management system is required to support cryptography. Most key management systems use either pre-installed shared keys or install initial security parameters using out-of-band channels. These methods create an additional burden for engineers who manage the devices in industrial plants. Hence, device deployment in industrial plants becomes a challenging task in order to achieve security. In this work, we present a device deployment framework that can support key management using the existing trust towards employees in a plant. This approach reduces the access to initial security parameters by employees; rather it helps to bind the trust of the employee with device commissioning. Thus, this approach presents a unique solution to the device deployment problem. Further, through a proof-of-concept implementation and security analysis using the AVISPA tool, we present that our framework is feasible to implement and satisfies our security objectives.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
This paper reports on the Information Systems (IS) securitymeasures implemented by small and medium size enterprises (SMEs) in Zimbabwe. A survey questionnaire was distributed to 32 randomly selected participants in order to investigate the security measures and practices in their respective organisations. The results indicated that over 50% of the respondents had installed firewalls, while more than 80% carried out regular software updates and none of the respondents had intrusion detection systems. The researchers recommended that SMEs work to enhance their knowledge on the different IS threats in order to enable the implementation of preventive measures.
The purpose of this paper two fold. First and foremost it presents a background narrative on the origins, innovations and applications of novel structural automation technologies and the rarity of experts involved in research, development and practice of this field. The second part of this paper presents a rudimentary framework for a solution addressing this paucity – the creation of an interdisciplinary academic program at PAAET that will be the first ever in the region to address applied information communication technologies ICT in the design, planning, engineering and management of structural automation projects. In doing so, we need also to define the level of implementation. This field, as all fields in ICT, have been loosely defined and most applications carry less weight in its implementation than what should be applied. This paper gives an attempt to define an indexing scheme by which we can easily classify such implementation and generate a ranking by which we can safely define its level of ―Intelligence‖.International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...Jerimi Soma
The sooner or the later, I guess the Japanese privacy mark certifications (Pマーク)would be replaced with ISO27701 extension to ISMS one for many entities not to compromise GDPR.
Conformity to ISMS extension would be relevant to ISMAP政府情報システムのためのクラウドセキュリティ評価制度 for cloud service providers process PII.
A credit card number would be Personally Identifiable Information(PII). ISO27701, ISO27017, and ISO27018 are partially relevant to PCI DSS.
Cloud assisted privacy preserving and data integrity for mobile health monito...eSAT Journals
Abstract
In cloud computing system ,data is stimulated to a distantly placed cloud server. Cloud provisions the information authentically and go back to the proprietor whenever wanted. But there is no assurance that information store in the cloud is protected and not changed by cloud . In order to defeat the danger of honesty of data, the user must be able to use the help of Third party Auditor(TPA).TPA has understanding in inspection honesty of the information, that clouds users does not have, and that is difficult for the owner to check .The data in the cloud should be exact ,reliable ,available and elevated excellence.[1]This paper is to address this important problem related to the data integrity and design a cloud assisted privacy preserving mobile-health monitoring system to protect the privacy of the involved parties and their data. for that purpose we have used the algorithms:1)Tate pairing 2)Token generation 3)AES(Advanced Encryption Standards)-SHA1 and MD5.
Keywords— Data integrity,TPA,Tate pairing, Cryptography
EHR meaningful use security risk assessment sample documentdata brackets
Under the HIPAA Privacy and Security Rule, business associates are required to perform active risk prevention and safeguarding of patient information that are very important to patient privacy. The HITECH act allows only minimum necessary to be disclosed when handling protected health information (PHI).
This security risk assessment exercise has been performed to support the requirements of the Department of Health and Human Services (HHS), Office for the Civil Rights (OCR) and other applicable state data privacy laws and regulations. Upon completion of this risk assessment, a detail risk management plan need to be developed based on the gaps identified from the risk analysis. The gaps identified and recommendations provided are based on the input provided by the staff, budget, scope and other practical considerations
NIST stands for National Institute of Standards and Technology and this federal agency develops and promotes measurements, standards, and technology to improve system productivity. NIST has a robust Cybersecurity Framework and is one of the most popular topics in the MedTech industry. It is the encapsulation and security of user data and their electronic documents against cyber-attacks. Being in the medical device industry, I wanted to know what cybersecurity framework or tools I should utilize to protect patients and their data. That is when I found the NIST-based Cybersecurity framework...
The Electronic Health Record (EHR) is a longitudinal electronic record of patient health
information generated by one or more encounters in any care delivery setting. Included in this
information are patient demographics, progress notes, problems, medications, vital signs, past
medical history, immunizations, laboratory data, and radiology reports. The EHR automates and
streamlines the clinician's workflow. The EHR has the ability to generate a complete record of a
clinical patient encounter, as well as supporting other care-related activities directly or indirectly
via interface including evidence-based decision support, quality management, and outcomes
reporting.
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
CSEC 610 Project 4 Threat Analysis and Exploitation
Secure Personal Health Records Using Encryption Editor IJCATR
In the dispersed world, health information is exchanged based on the patients Personal Health Records (PHRs). Due to this reason, the construction and maintenance are focused by data centers, which are used for persons to gain high cost. The cloud providers are used in most of the PHR services to outsource the PHRs, which are stored by third party. The privacy is main anxiety because the PHRs information is shared to third party servers and illegal parties. To avoid this problem and to provide the guarantee security for PHRs, the encryption is applied for all PHRs before it is outsourcing. After encryption is applied still few major issues are present such as, flexible access, scalability in key organizations and well organized user revocation. These are the residual important challenges. In this proposed system, a patient-centric model has been generated with appropriate mechanisms for accessing PHR which are stored in semi confidential servers. Here the Attribute Based Encryption technique is used to encrypt every patients PHR’s. To support on demand, user revocations are also enabled dynamically based on the variations of access policies or file attributes to improve the process.
Personal Health Record over Encrypted Data Using Cloud ServiceYogeshIJTSRD
CBPHR Cloud Based Personal Health Record systems are used for storage and management of patient records. Cloud computing provides real time health care data in a convenient and cost effective manner. Due to the lack of visibility in cloud platform, the users are always concerned with data privacy and security. This is the main obstacle in widely adopting CBPHR systems in health care sector. The paper is discussing a cloud based patient health record management scheme which is highly secured. In this approach, indexes are encrypted under different symmetric keys and also the encrypted data indexes from various data providers can be merge by cloud without knowing the index content. It also provides efficient and privacy preserving query processing using a single data query submitted by the data user. Encrypted data will be processed by cloud from all related data providers without knowing its query content. Dinesh Soni | Dr. Lakshmi JVN "Personal Health Record over Encrypted Data Using Cloud Service" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41230.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41230/personal-health-record-over-encrypted-data-using-cloud-service/dinesh-soni
FOR MORE CLASSES VISIT
www.cst610rank.com
CST 610 Project 1 Information Systems and Identity Management CST 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux) CST 610 Project 3 Assessing Information System Vulnerabilities and Risk CST 610 Project 4 Threat Analysis and Exploitation CST 610 Project 5 Cryptography CST 610 Project 6 Digital Forensics Analysis
For more classes visit
www.snaptutorial.com
CSEC 610 Project 1 Information Systems and Identity Management
CSEC 610 Project 2 Operating Systems Vulnerabilities (Windows and Linux)
CSEC 610 Project 3 Assessing Information System Vulnerabilities and Risk
CSEC 610 Project 4 Threat Analysis and Exploitation
CSEC 610 Project 5 Cryptography
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Security Strategies into Action" - Hitchhikers Guide to IT Security
"Case Studies from the Field: Putting Cyber Security Strategies into Action"
Learn from those in the trenches who have deployed effective cyber strategies in their organizations, foiled attacks and managed breach situations. Learn approaches for success and pitfalls to avoid by exploring the experience of others with deployment and management of cyber security strategies and plans.
Learning Objectives:
Identify successes, challenges and lessons learned with implementation of cyber strategies
Identify success strategies for gaining the C Suite support and ways cyber security can be integrated into the organization's culture and work processes.
Identify best practices with anticipating new and emerging threats and ways to maintain a proactive position instead of reactive
Identify approaches for breach preparation and breach management
Similar to CSEC630_TeamAssignment_TeamBlazer_FINAL (20)
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CSEC630_TeamAssignment_TeamBlazer_FINAL
1. Running head: SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
1
Security Assessment of Adding Four Requirement to the iTrust Medical Record System
Team Blazers: Geoff Akey, Sarah Hall, Matt Jenkins, Dauryl Belle, Ronald Jackson,
James Shircliffe
University of Maryland, University College
October 25, 2015
Dr. Johnson Kinyua
3. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
3
Section 1.0: Introduction
The Health Insurance Portability and Accountability Act (HIPAA) has set out the
creation and maintenance of electronic health records (EHR) as the means by which
patient care can be improved while the overall costs of healthcare to society can be driven
down. However, the ability to consolidate patient records and increase their portability
has increased their vulnerability to theft and exposure. Along with the requirement to
create EHRs, HIPAA has mandated security requirements for a class of information
identified as electronic protected health information (ePHI) in an effort to protect the
confidentiality of Personally Identifiable Information (PII) from criminal misuse and
general exposure.
The iTrust Medical Care Requirements System (iTrust) has been identified as a
Major System under the jurisdiction of HIPAA and is subject to the requirement to
implement “reasonable and appropriate” computer security safeguards. iTrust is an open
source software application designed to allow patients to review their medical history as
well as make decisions regarding their future medical treatment. Also, iTrust allows
medical professionals to access and track patient records from diverse location, and
perform various task functions like scheduling, prescription management, messaging, and
so on.
HIPPA is comprised of two rules, the Privacy Rule and the Security Rule. The
Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information,
establishes national standards for the protection of certain health information. The
Security Standards for the Protection of Electronic Protected Health Information (the
Security Rule) establishes a national set of security standards for protecting certain health
4. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
4
information that is held or transferred in electronic form”. (“Understanding HIPPA”,
n.d.). The exposure of patients’ information does not include specific health information,
but it does include information that can identify an individual, thus putting them at risk
for social engineering attacks, such as phishing attacks. HIPAA denotes PII as referring
“to information that can be used to distinguish or trace an individual’s identity, either
alone or when combined with other personal or identifying information that is linked or
linkable to a specific individual” (“Rules and Policies”, 2014). This is the type of
information that iTrust currently contains.
Section 1.1: Scope Note
Team Blazer has conducted a security assessment on the addition of four new
requirements to iTrust: add the role of emergency responder, find a qualified healthcare
professional, update diagnosis code table, and view access log. The assessment was not
meant to look at the existing implementation and architecture, except where it was
pertinent to the addition of the four new requirements, as the security posture of the new
requirements will be shaped by the existing implementation. Conversely, the new
requirements will necessitate capabilities that will alter the existing implementation.
While Team Blazer’s recommendations for adding and implementing the new security
features necessitated by the new requirements are meant to be integrated into existing
iTrust security policies, it is believed they will enhance the overall security posture.
Section 1.2: Methodology
To conduct this security assessment Team Blazer identified each database and the
amount of ePHI it contained, then Team Blazer employed the Delphi method to
determine the value of each database. Then it was determined which of these databases
5. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
5
each new requirement would have to access and what vulnerabilities each requirement
contained to identify an increased attack surfaces that might expose ePHI.
Recommendations and an implementation strategy was then documented to offer courses
of action to decrease the new attack surface.
Section 1.3: System Description
The iTrust system relies on open source software. It uses an Apache Tomcat
Server to run a MySQL Database in a Windows environment. The web application side
of iTrust relies on an Eclipse framework running Java Developer Kit libraries.
Section 2.0: Assessment of New Requirements
Section 2.1: Add Role Emergency Responder
Description of Requirement.
Of the four new requirements being added to iTrust the addition of a new system
role, that of Emergency Responder, carries with it the most risk. This role could relate to
varying fields of service ranging from police officers to emergency medical
technicians. Having a database requirement of this scale can potentially provide access to
highly sensitive data. Users with this access control will become attributed toward
specific controls of medical records that are seamless with job associations of licensed
and unlicensed health care professionals, patients and iTrust administrators.
Creating this defined role will provide emergency responders the access to
information essential toward job efficiency and the enhancement of the number of lives
saved. Given the time sensitive nature of the work and the immediacy of the function to
the saving of human life the role of emergency responder is highly privileged in the
iTrust system. Team Blazer see this role being secured through a mobile cellular
6. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
6
connection via a terminal traveling with the emergency responder communicating
through a Virtual Private Network (VPN).
Vulnerabilities/security issues.
If data that is relative toward the Emergency Responder role is compromised or
accessed outside of the privilege assigned right user; iTrust would assume responsibility
of non-adherence with HIPAA law and rights. The U.S. Department of Health & Human
Services (HHS) states that the HIPPA Privacy Rule, as well as all the Administrative
Simplification rules, apply to all health plans, health care clearinghouses, and to any
health care provider who transmits health information in electronic form in connection
with transactions for which the Secretary of HHS has adopted standards under HIPAA.
(U.S. Department of Health & Human Services, n.d.) Integrated into this database
deployment a HIPAA violation would happen if internal access is not moderated or an
outside intrusion ensues. To effectively defend against these two threat vectors there is
need for developed policy that itemizes access along with perimeter and internal defense
mechanisms. Implementing access controls on a built in VPN, or through authentication
and firewalls, can assist in partitioning unauthorized access to the role of emergency
responder. Team Blazer suggests iTrust deploy a Role Based Access Control (RBAC)
solution using the Biba model association. (Biba Model, 2007)
The wireless communication pathway represents a second vulnerability. With
their scope of duties and responsibilities they are mobile and most if not all
communication will be done off site. This communication will be conducted utilizing the
emergency communication bands and/or the cellular network depending on the required
bandwidth. This vulnerability provides access to outside threats and the potential for
7. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
7
malicious penetration can occur, attack vectors ranging from man-in-the middle to
masquerading can potentially occur. Most suppliers and end users have settled on either
ISA100.11a (IEC 62734) or WirelessHART (IEC62591) as methods of protection
(Control Engineering, 2015). They both comprise of highly multifarious encryption
methods and utilize block cipher encryption standard of 128-bit AES. Stabilizing and
having firm control of the transport layer is only the start, there can also be threats toward
the actual disruption of communication of all radio devices and this level of security is
more intense in control.
Team Blazers recommends implementing a two factor authentication scheme for
emergency responders to access iTrust. While patients may access iTrust remotely over
architecture with as much vulnerability as the emergency responders, their enhanced
privliges at login means extra carry needs to be given to verifying their access. The use of
passwords and tokens is recommended as this will be far easier to deploy and manage.
Credential also brings another level on vulnerabilities in that the effectiveness is
determinant of how effective those in possession of credentials are with confidentiality
and security. Some users will have lazy habits and leave credentials in open areas, share
them with other users and bring them outside of the work environment. To mitigate
instances of credential fraud effective training of users and security polices can be
adopted. (Hodgson, 2014)
Section 2.2: Find qualified licensed health care professional
Description of Requirement
This requirement allows a patient who has just been diagnosis to find licensed
health care professionals (LHCPs) in the area who have experience handling that
8. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
8
condition. The patient chooses 'My Diagnoses” and is presented with a listing of all their
own diagnoses sorted by diagnosis date, with the most recent first. The patient can select
a diagnosis and will be presented with the LHCPs in the patient's living area, based upon
the first three numbers of their zip code, who have handled this diagnosis in the last three
years. The list is ranked by the quantity of patients the LHCP has treated for that
diagnosis, and each patient treated is only counted once regardless of the number of
office visits. For each LHCP, the following information is displayed:
Name of LHCP linked to contact information for that LHCP
The quantity of unique patients treated by that LHCP for that diagnosis.
List of all prescriptions given by that LHCP for that diagnosis.
List of all laboratory procedures ordered by that LHCP for that diagnosis
The LCHP's average visit satisfaction.
The LHCP's average treatment satisfaction
Vulnerabilities/security issues:
As the patient will be accessing this feature remotely the attack surface to iTrust is
expanded with vulnerabilities inherent in web applications and web browsers: Cross-Site
Scripting (XSS), Standard Query Language Attack Injection (SQL Injection), and Cross-
Site Request Forgery (CSRF)
Threat 1: Cross-Site Scripting (XSS)
In Cross-Site Scripting (XSS) attacks, an attacker injects scripts into trusted web
sites from the web session of an unsuspecting user. The XSS attacker manipulates the
unsuspecting user to send his, the attackers, malicious script to a target website via the
9. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
9
victim’s web browser. The target web site sees the request as coming from the victim’s
browser, a known and trusted account, and will execute the request (VeraCode, 2015).
The vulnerabilities are normally based in the web browser and are quite
common. They enable attacks to occur where ever web applications use input from a
user within the output it generates without encoding or validating it.
Because the script is coming from a trusted source, the targeted web application
has no way to validate that the script is suspect, and will execute the script. Due to the
trust relationship, the malicious script can access session tokens, cookies, or other
sensitive information retained by the browser for use with that site (OWASP, 2013).
In a Server XSS, the vulnerability is in server-side code where the browser
accepts the response and executes any valid-looking script embedded in it. It is termed a
“Reflected Server XSS” if the source of the data, the combined legitimate and malicious
code, comes from a user or object request. It is termed a “Stored Server XSS” if the
source of the data comes from a stored location.
Client XSS occurs when untrusted and invalidated user supplied data updates to a
Document Object Model (DOM is an application programming interface, or API, for
HTML and XML documents) with an unsafe JavaScript call. The source of the data could
be from the DOM, or it could have been sent by the server via a page load. The term
“Reflected Client XSS” refers to the source of the data coming from a request from a user
or object, and the term “Stored Client XSS” is coming from a stored location. The
importance here is that a DOM based XSS has its origins from the DOM and is a Client
XSS (OWASP, 2013).
10. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
10
When a XSS attack is successfully in exploiting these vulnerabilities, the attacker
can: (1) gain access to account credentials, (2) spread web worms, (3) access the user’s
computer and view the user’s browser history, (4) or control the browser remotely, and
(5) gain control of other applications, in addition to the browser (VeraCode, 2015).
To mitigate XSS Threat Team Blazer recommends all input submitted to any
application in the system must be treated as untrusted until validated. This would ideally
be written in to the application during the development stage. If not, then a web
application firewall can be installed to perform this filtering function. Addressing this
vulnerability is more costly, in the long term, by a post-production WAF or intrusion
detection product. It is cheaper and more effective when the security aspects of the
product are addressed during its development.
Threat 2: Standard Query Language Attack Injection
Any database that seeks user input and stores data in a back-end database is
potentially vulnerable to SQL injection. Most databases have some variant of SQL to
interoperate with web servers and application servers when they need to change, retrieve,
delete, and/or store data. An attacker can therefore add user accounts to the database, as
well as adding or removing transactions.
An attack would “inject” malicious code to get the database to provide data where
it should not. User input is required to execute the input below, a login. The interpreter
will execute the command based on the inputs received for the username and password
fields, such as:
String SQLQuery =”SELECT Username, Password FROM users WHERE Username=’ ”
+ Username + “ ‘ AND Password=’ “ + Password +” ‘;
11. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
11
To exploit this code an attacker provides a ‘or 0=0’ as the username and
password, as below:
String SQLQuery =”SELECT Username, Password FROM users WHERE Username=”
or 0=0” “ ‘ AND Passwords=” or 0=0” “ ‘ “;
This is a truthful statement, as 0 does equal 0, and the site will return without
error, indicating that the site is open to further malicious code that can further exploit the
database.
Team Blazer recommends building security in to development lifecycle to ensure
new applications and databases being designed today with protections against these
threats can be considered in future infrastructure (O’Boyle, 2012). Also, iTrust needs
strongly typed parameterized query Application Program Interfaces (API) with
placeholder substitution markers, even when calling stored procedures. Parameterized
queries limit the level of influence an attacker can have in exploiting the database
(VeraCode, 2015).
Threat 3: Cross-site Request Forgery (CSRF)
A Cross-Site Request Forgery (CSRF) attack manipulates a user to click on a link
taking them to a malicious Web site. The site then establishes a trusted link that enables
the attacker, from the website, to perform a function in the user’s name/credentials. XSS
exploits client’s validation of the application or website. CSRF exploits the opposite, the
trust the site has in the user. (Auguer, 2010) If the victim clicks on an embedded HTML
or JavaScript code from an e-mail or website, the code will request a specific URL that
will task the victim system. This exploit can go around HTTPS security, and operate
12. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
12
without the user’s knowledge. CSRF can also utilize an XSS flaw to indirectly get to the
targeted websites or applications (OWASP, 2015).
Team Blazer notes that the Synchronizer Token Pattern is recommended by
OWASP to process that generates random "challenge" tokens to be checked against a
current session. This tool enables the development of applications with strong verification
of the user’s submission of the requests. This helps limit, or eliminate, CSRF attacks in
sensitive data operations. The Encrypted Token Pattern utilizes encryption for Token
validation. Once properly authenticated, a unique Token is created at the server using a
unique key. The Token is then embedded in a secret field by the user’s system. Requests
are received by the server reads, which then reads the users Token value utilizing the key
used by the server to create the Token.
Team Blazer notes that the most effective counter to this attack is the
development of a security conscious culture. These include the familiar actions of
logging off immediately after using a Web application, do remember sites, do not save
passwords, use different browsers for sensitive or higher-risk activities (banking) and for
general surfing or research, and utilize plug-ins that make CSRF difficult (e.g. No-Script)
(OWASP, 2013).
Section 2.3: Update Diagnoses Code Table
Description of Requirement
Within this requirement, the American Medical Association has decided to
convert all diagnoses from the current code ICD-9CM to ICD-10CM. This code change is
to only affect the ovdiagnosis and icdcodes databases. According to the Medicaid.gov
(2014), there have been many changes in the current code reporting. The changes include
13. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
13
code set changes from five to seven positions, 68,000 diagnosis codes in ICD-10CM
compared to the 13,000 in ICD-9CM, and modernized terminology.
There are a few challenges faced when converting to the new codes set as
described by Medicaid (2014). These changes do not allow a one-to-one mapping from
the old code version to the new. By the code not being able to map from new to old poses
a scenario where any related databases must be altered to reflect the new code set. In our
Addendum, the only databases that have a direct correlation to the change in the codes
are icdcodes and ovdiagnosis. These databases have the standard codes for diagnosis,
which will be changing. The indirect relationship to other databases would be the link the
diagnosis and the VisitID. This correlation maps the Diagnosis to the VisitID, which
entails links to a lab procedure. Hazlewood (2003), talks about how ICD-9CM is
ineffective for monitoring, measuring and analyzing health care cost. The new methods
allows for further visibility on diagnosis codes as well as proper procedures. Hazlewood
(2003) also states, “These changes should result in major improvements in both the
quality and uses of data for various healthcare settings.”
Vulnerabilities/security issues:
When converting from ICD-9CM to ICD-10CM the many security risks
associated with the previous code version are mitigated through the upgrade process. But
like many versions of code, software updates and patches are still vulnerabilities that
allow for most security threats. Medical research as well as medical coding plays a big
part in healthcare as well as protecting our homeland. Many biological threats as well as
man made diseases can be released in which can cause life threatening damage. Gaudio
(2015) outlines how with the new ICD-10CM code can help health officials track and
14. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
14
monitor patients and diseases better than the old coding version ICD-9CM. ICD-9CM
does not give a full in depth look at tracking parameters which might get overlooked due
to the method being non specific. ICD-10CM allows for better tracking as well as a closer
look of patient care by utilizing a 68,000 code database compared to ICD-9CM’s 13,000
code stream.
When transitioning to this new code version, the room for a potential hacker to
intercept certain databases and change information widens. The integrity of the codes
used in ICD-10CM is extremely important as it relates to the diagnosis of specific
illnesses. Keeping information contained in this database must have a multi-form
authentication method and only allowed access to a set group of individuals. Information
contained in these databases must stay compliant with the American Health Information
Management Association (AHIMA). This organization governs the management of
computer, personnel, and patient information and makes sure the integrity and security of
the data stays up-to-date. Overall, there are more added security and fixed vulnerability
features in the new version of code. The biggest problem comes down to keeping the
database secured and accessible to only privileged individuals.
Team Blazer notes that when conducting any type of upgrades, as well as going
from a new platform to an old, can be a bit complex from the standpoint of big data as
well as security and integrity. In the case of the ICD-9CM database upgrade to ICD-
10CM, these databases contain medical diagnoses that are very vital to the medical
procedures and medical treatment that occurs. Team Blazer recommends that when going
between databases, there needs to be a clear and precise plan of action. One must know
the differences and functionalities that the new platform has that the old one does not
15. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
15
support. In the case of ICD-10CM, this platform has 68,000 codes compared to the
13,000 with ICD-9CM. When moving data between codes, there should be an integrity
audit done before and after to validate that information did not change. Depending how
data is migrated, the network the migration takes place on should be secured and if
possible done locally. There should not be a shared user on the server that has access to
alter the databases during the move.
Once the migration has been completed, a system administrator (SysAdmin) must
take further precautions to make sure the proper users have the right permissions to the
database. Because some codes may have changed as well as have been linked and altered
to other databases, there needs to be a consistency check that is performed to evaluate any
changes that need to be made. Database security is a high priority especially in the
medical field. One simple change can mean life or death for a patient. Do to certain
medical laws, data must only be accessed by privileged personnel. Although databases
live on servers that also add another layer of protection from unauthorized data, knowing
the vulnerabilities of the running platform and understanding the various ways that a
potential hacker can gain control and access highly privileged data
Section 2.4: View Access Log
Description of Requirement
The requirement to view the access log states “A patient can view a listing of the
names of licensed health care professionals that viewed or edited their medical records
and the date the viewing/editing occurred is displayed”. In order to satisfy this
requirement, patients must have access to the following tables in the database: patients,
users, transaction log and personnel. The figure below outlines what data is available in
16. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
16
each database table, and viewable by the patients who will have the ability to view the
access log.
Figure 1. Data type in data base tables utilized by “View Access Log” requirement.
Information
Patients MID, lastName, firstName, email, address1, address2, city, state, zip1,
zip2, phone1, phone2, phone3, eName, ePhone
Users MID, Password, Role, sQuestion, sAnswer
transactionlog transactionID, loggedInMID, secondaryMID, transactionCode,
timeLogged, addedInfo
personnel MID, role, enabled, lastName, firstName, address1, address2, city,
state, zip, zip1, zip2, phone, phone1, phone2, phone3, specialty
Vulnerabilities/security issues:
Access to patient information via the patient table creates several potential
security issues to include: increased risk of access to PII violations, increased risk of
patients being targeted for attacks (i.e. phishing, social engineering), and inference
attacks. Although the data contained in the patient table is not susceptible to HIPPA
violations, it is considered PII. Access to the patient table should be tightly controlled,
allowing only those with a need to know have access to modify the data. Additionally,
patients should only have access to their own information, and healthcare providers
should only have access to the data of patients they are assigned to. The protection of
patient information in the database should be outlined in an Access Control Plan created
and maintained by iTrust and all access should be managed by SysAdmins.
If compromised, the data in the users table would allow an attacker to gain access
to all data contained on the iTrust website because the table contains every user’s
password and security questions and answers. No one should have access to this table,
17. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
17
and even SysAdmins should have limited access to it. Encryption should be implemented
either on the entire table itself or per field. Another option is for iTrust to implement the
use of two factor authentication as described in Section 2.1 as opposed to the current
username/password. This would be a much more secure method of having users access
the system and would significantly reduce the likelihood of either a user with malicious
intent or an attacker from gaining access to the entire system and all data contained in it.
Although the transactionlog table does not contain PII, a user with malicious
intent could infer certain information from the data contained in the table. The user could
parse out all transactions performed by a specific MID and determine various information
based on that person’s transactions. For example, if MID 1 was performing actions that
would be indicative of a SysAdmin, the malicious user could target the user with that
MID in order to gain access to the entire system.
The personnel table also contains very sensitive information about the medical
personnel and SysAdmins using the system. If compromised, an attacker could use the
data to either gain access to patient’s information or target them in a social engineering
campaign. As with the patient table, the personnel table also contains PII about the
medical providers. The data contained in this table should be treated the same as the data
in the patients table to include encryption of data and strict access control rules.
Team Blazer recommends that in order to protect the data contained in each of
these tables, especially the patients and users’ tables, iTrust should encrypt their data in
the database. There should also be privacy and security disclaimers on the website to
ensure anyone using the site is aware of the privacy and security regulations specific to
the data on the website.
18. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
18
An Access Control Plan should be created and managed by iTrust, outlining
specifics about how access control is implemented and what the permissions are for each
table and the specific fields contained within them. The Access Control Plan can be
included as part of the security documentation created by iTrust and should be modified
every time an access control is changed (i.e. new roles or permissions are created).
iTrust should reevaluate their user authentication method in order to ensure access
is more securely controlled and auditable. The use of Public Key Infrastructure (PKI)
can greatly improve the iTrust website’s security. “By managing keys and certificates
through a PKI, an organization establishes and maintains a trustworthy networking
environment” (“Securing Digital”, 2015).
Section 3.0: Recommendations
Team Blazers has developed five recommendations to enhance the security
posture of iTrust.
Section 3.1: Authentication
The first measure iTrust should implement is a strong password management
process. This can be done through various methods. General users of the system (i.e.
patients and medical providers) should be required to create strong passwords and it
should be enforced by the system. SysAdmins should be required to take training
regarding the enforcement and management of passwords. Additionally, no admin
passwords should be shared. iTrust should also consider using a two factor
authentication system, possibly using PKI certs, for user authentication instead of a
username/password model. While this may prove an extra burden to patients, Team
Blazer believes that it is absolutely critical for use amongst emergency responders,
19. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
19
system administers, and medical staff with access to numerous patient records as their
privileged positions make the loss of their accounts more damaging to ePHI.
Section 3.2: Training
iTrust should also provide training to all employees who access, or administer, the
website, specifically training on the handling of PII, patient health, and medical
information; and, what actions should taken in the event of a breach. Training should
also include any penalties for failure to comply with rules and regulations related to PII
and patient medical information. Training for the administrators of the system can be
implemented at a corporate level to include specific training on how PII and patient
health information should be handled and stored. Training can include quarterly and
annual training that is documented and maintained in order to ensure all employees with
access to this type of data is aware of all rules and regulations applied to the various types
of data stored in the iTrust databases.
Section 3.3: Access Control Policy
An Access control policy should be designed and documented to specifically
identify the roles and permissions of every user of the system. iTrust can implement Role
Based Access Control (RBAC) along with Attribute Access Control (ABAC), which
allows for certain discretionary controls outlining specific permissions for each
user. Administrators of the system should be the only users who have access to all data
while other users have access to only data they have been approved for. Tracking of the
roles and permissions should also be included in any security documentation created by
iTrust and reviewed periodically for accuracy. The implementation of access control
should be carefully designed and tested by iTrust before implementing in their production
20. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
20
environment. iTrust should consider using a RBAC/ABAC model in order to ensure
access is strictly controlled. (Edward, 2012). “When combined judiciously, the
combination can provide access control that’s scalable, flexible, auditable, and
understandable” (Coyne & Weil, 2013). The graphic below depicts how the two can be
combined, ensuring each user has access to only the data they are allowed to.
Section 3.4: Encryption
The encryption a of ePHI while in motion and at rest is essential to the security of
iTrust. Given the sensitivity of the nature of the information being handled a symmetric
key system would be recommended, but given the large and distributed nature of the
users Team Blazers recommends an asymmetric encryption scheme. Implementing
encryption could take significant time due to the acquisition of hardware and software as
well as determining what should be encrypted, the level of encryption and training for
those administering the encryption hardware and software. iTrust will need to determine
if the data in all tables should be encrypted or only those with very sensitive data such as
the patients, users and personnel tables.
Section 3.5: Code Review
Team Blazers recommends that a code review of iTrust be implemented to detect
poor scritping language. As iTrust relies on a web application for patients to access an
SQL database the largest number of attacks will most likely come through this low cost
attack vector. As many coders are pressed to complete a production, and are often not
trained in security, it is likely that flawed code writing can be found.
21. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
21
Section 4.0: Implementation
Team Blazers recommends that a phased approach be taken when rolling out each
new requirement should be added one at a time to the iTrust production environment,
with vulnerability testing conducted after each phase to identify security vulnerabilities in
new environment. Security vulnerabilities include software conflicts, new flaws,
invalidated patches, all of which could open new attack vectors.
Ideally, before the first requirement is rolled out the recommendations made in
the previous section would be applied to the existing system, especially the encryption
and ACP as these would prove difficult to modify after the fact when the emergency
responder role is added and the associated mobile architecture is implemented. Only after
the first review for existing vulnerabilities, and noting potential future vulnerabilities
from the next modifications, proceed to the installing the next requirement. Each new roll
out should be accompanied by fresh training iterations, if not for patients, definitely by
medical staff and highly privileged system users.
Team Blazers recommends that the role of Emergency Responder be the last
requirement added. This requirement institutes a fundamental shift in access and has the
greatest potential for creating vulnerabilities from inappropriate implementation. The first
three security reviews will address the learning curve, after the IT staff implements each
new requirement.
Section 5.0: Findings
Team Blazers has determined that the addition of the four new requirements to the
iTrust medical Record System is a classic case study in an inadvertent shifting in security
posture based on what most lay people would consider a simple adaptation of an existing
22. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
22
system. However, each additional user role, medical management capability, and
software update comes with it a shift in the vary nature of how the system works by
altering the means by which entry is gained and by which software objects relate and
communicate with each other. This transformation alters the attack surface of the system
requiring a complete rethinking of the organization’s existing security policies and
postures. While systems should undergo security reviews periodically, at least annually,
these can normally be seen as evaluating the risks collected from software and
application changes/upgrades, patching, failing to patch, or the advancement of the
exploitation tools. The addition of new requirements to the system move the security
review process from looking at the evolutionary shift in a systems resource to a
fundamental change in system architecture, which requires a whole new evaluation.
23. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
23
References
Auger, R. (2010, April). The Cross-Site Request Forgery (CSRF/XSRF) FAQ. CGI
Security. Retrieved from http://www.cgisecurity.com/csrf-faq.html
Biba Model. (2007). Network Dictionary, 64-65.
Coyne, E., & Weil, T. (2013). ABAC and RBAC: Scalable, Flexible, and Auditable
Access Management. IT Professional IT Prof., 14-16. Retrieved November 8,
2015, from http://csrc.nist.gov/groups/SNS/rbac/documents/coyne-weil-13.pdf
Edward, K. (2012, July 2). Attribute based access control (ABAC) for fine grained
access. Retrieved November 8, 2015, from http://blog.empowerid.com/blog-
1/bid/180021/Attribute-based-access-control-ABAC-for-fine-grained-access
Gaudio, N. (2015, January 21). Could an ICD-10 delay threaten national security?
Retrieved November 10, 2015, from http://www.beckershospitalreview.com/icd-
10/could-an-icd-10-delay-threaten-national-security.html
Hazlewood, A. (2003). ICD-9 CM to ICD-10 CM: Implementation Issues and
Challenges. Retrieved November 10, 2015, from
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok3_005426.hcs
p?dDocName=bok3_005426
Helme, S. (2015, March). Hardening your HTTP response headers. Information Security
Consultant. Retrieved from https://scotthelme.co.uk/hardening-your-http-
response-headers/
Hodgson, K. (2014). The 'new' access credential: cost, convenience and security are keys
to credentialing decisions--today and tomorrow. Security Distributing &
Marketing, (10). 79.
ICD-10 Changes from ICD-9. (n.d.). Retrieved from
http://www.medicaid.gov/Medicaid-CHIP-Program-Information/By-Topics/Data-
and-Sysstems/ICD-Coding/ICD-10-Changes-from-CD-9.html
ICD-10/CAC Coding Summit (n.d.). Archieving ICD-10-CM/PCS Compliance in 2015:
Staying the Course for Better Healthcare-A Report from the AHIMA 2014.
Retrieved
ICD-10/CAC Coding Summit. (n.d.). Achieving ICD-10-CM/PCS Compliance in 2015:
Staying the Course for Better Healthcare-A Report from the AHIMA 2014.
Retrieved from http://perspectives.ahima.org/achieving-icd-10-cmpcs-
compliance-in-2015-staying-the-course-for-better-healthcare-a-report-from-the-
ahima-2014-icd-10cac-coding-summit/
24. SECURITY ASSESSMENT OF ADDING REQUIREMENTS TO ITRUST
24
O’Boyle, R. (2012, August). SQL Injection Explained. YouTube.com. Retrieved from
https://www.youtube.com/watch?v=2_XkXgeJxHI
OWASP. (2013, October 29). Types of Cross-site Scripting. Open Web Application
Security Project. Retrieved from
https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting
OWASP, (2015, November). Cross-Site Requesty Forgery (CSRF) Prevention Cheat
Sheet. Open Web Application Security Project. Retrieved from
https://www.owasp.org/index.php/Cross-
Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
Rules and Policies - Protecting PII - Privacy Act. (2014, December 19). Retrieved
November 8, 2015, from http://www.gsa.gov/portal/content/104256
Securing Digital Identities & Information. (2015). Retrieved November 8, 2015, from
https://www.entrust.com/what-is-pki/
Security for wireless instrumentation: keeping wireless field device communications
secure: Protocols for wireless instrumentation and other field devices use
encryption as a key security element. Is it enough?. (2015). Control Engineering,
(8), 22.
Understanding Health Information Privacy. (n.d.). Retrieved November 7, 2015, from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
U.S. Department of Health & Human Services. (n.d.). Summary of the HIPAA Privacy
Rule. Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary
VeraCode. (2015). Cross-Site Scripting (XSS) Tutorial: Learn About XSS
Vulnerabilities, Injections and How to Prevent Attacks. VeraCode. Retrieved
from http://www.veracode.com/security/xss
VeraCode. (2015). SQL Injection Cheat Sheet & Tutorial: Vulnerabilities & How to
Prevent SQL Injection Attacks. VeraCode. Retrieved from
http://www.veracode.com/security/sql-injection