Privacy-Preserving Storage and Access of Medical Data Through Pseudonymization and Encryption
[:en] Privacy-Preserving Storage and Access of Medical Data Through Pseudonymization and Encryption: E-health allows better communication between health care providers and higher availability of medical data. However, the downside of interconnected systems is the increased probability of unauthorized access to highly sensitive records what could…
Information Security Automation: How Far Can We Go?
ieeexplore.ieee.org/xpl/articleDetails.jsp Information security management is a very complex task which involves the implementation and monitoring of more than 130 security controls. To achieve greater efficiency in this process it is necessary to automate as many controls as possible. This paper provides an analysis of how…
A Community Knowledge Base for IT Security
dx.doi.org/10.1109/MITP.2011.35 Corporate IT security managers have a difficult time staying on top of the endless tide of new technologies and security threats sweeping into their organizations and information systems. The effectiveness of security controls must be balanced with a variety of operational issues, including the…
Information Security Risk Management: In which Security Solutions is it worth Investing?
[:en] Information Security Risk Management: In which Security Solutions is it worth Investing?: As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues.Information security risk management provides an approach for measuring the security through risk…
An Ontology- and Bayesian-Based Approach for Determining Threat Probabilities
[:en] Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy…
A Hybrid Approach Integrating Encryption and Pseudonymization for Protecting Electronic Health Records
Federated Health Information Systems (FHIS) integrate autonomous information systems of participating health care providers to facilitate the exchange of Electronic Health Records (EHR), which improve the quality and efficiency of patients‘ care. However, the main problem with collecting and maintaining the sensitive data in electronic…
Data Models for the Pseudonymization of DICOM Data
DICOM has become the most widely implemented and supported communications standard for medical imaging. The security of DICOM relies on the encryption of the communication channels. However, for highly sensitive medical data this is often not sufficient. This paper presents a data model for systems…
Ontology-Based Decision Support for Information Security Risk Management
[:en]As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major…
On the Security of Outsourced and Untrusted Databases
ieeexplore.ieee.org/xpl/articleDetails.jsp The outsourcing of databases to third parties has become a viable alternative to traditional in-house data management. Database management by third parties including the storage and maintenance allows companies to reduce their expenses and profit from the expertise of data storage specialists. However, the…
Verification, Validation, and Evaluation in Information Security Risk Management
[:en] Over the last four decades, various information security risk management (ISRM) approaches have emerged. However, there is a lack of sound verification, validation, and evaluation methods for these approaches. While restrictions, such as the impossibility of measuring exact values for probabilities and follow-up costs,…