Show simple item record

dc.contributor.advisorPitsillides, Andreasen
dc.contributor.advisorΠιτσιλλίδης, Ανδρέαςel_GR
dc.contributor.authorΣταύρου, Ιλιάναel_GR
dc.contributor.authorStavrou, Elianaen
dc.coverage.spatialCyprusen
dc.coverage.spatialΚύπροςel_GR
dc.date2006
dc.date.accessioned2013-09-12T08:18:14Z
dc.date.available2013-09-12T08:18:14Z
dc.date.issued2006-06
dc.identifier.urihttp://hdl.handle.net/10797/13121en
dc.descriptionThesis (Master) -- University of Cyprus, Faculty of Pure and Applied Sciences, Department of Computer Science, 2006.en
dc.description.abstractThis research work addresses security-related issues in the electronic and mobile healthcare environments and proposes an appropriate security framework. The proposed framework will identify the necessary security technologies and measures needed to achieve and maintain the security of people, data and infrastructure of the healthcare environment. The study is made in the context of DITIS, a homecare telemedicine application. The framework uses the OCTAVE risk evaluation methodology to identify the risks and areas of concern that address security challenges that should be taken into consideration when implementing security. The security technologies and procedures proposed in the framework are categorized based on the security objective they serve i.e. confidentiality, integrity, availability, legal conformance. By categorizing technologies based on security objectives we aim in helping people identify the technology they need to implement, based on what they want to protect. The framework is extended to define a security-level information classification scheme that categorizes information based on its sensitivity (public, internal-use only, confidential, highly confidential). The classification is then associated with the appropriate security technologies that should be considered under each classification level. By associating security technologies with the information classification, the framework aims in balancing the trade-off between security complexity and performance of the system; it will provide guidelines for implementing the necessary measures and technologies, without complicating the operation of the system or saturating its performance with unnecessary functionality. Finally, an appropriate evaluation is applied on the proposed framework, as well as on DITIS which currently implements some aspects of the framework. Evaluation is essential to assess if the system’s security capabilities and procedures represent the security needs and requirements of the users that rely on the system to perform their job well. However, since it is not feasible to conduct a complete system-technical evaluation as DITIS has not reached its final operational state and security is still an ongoing activity, ISO/ IEC 17799 standard entitled Information technology - Security techniques - Code of practice for information security management has been selected to evaluate the proposed security framework. The standard provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining information security management systems; in general, it deals with the examination of non-technical issues related to personnel, procedural, physical security and security management. Therefore, it could be useful as a high-level evaluation of the proposed security framework, assessing the completeness of the framework against well-known practices. The result of the evaluation is expected to show if the proposed security framework implements adequate techniques and procedures providing the needed protection in the healthcare environment and identify the areas that need to address additional security measures.en
dc.format.extent90 p. : ill. ; 30 cm.en
dc.language.isoengen
dc.publisherUniversity of Cyprus, Faculty of Pure and Applied Sciencesen
dc.publisherΠανεπιστήμιο Κύπρου, Σχολή Θετικών και Εφαρμοσμένων Επιστημώνel_GR
dc.rightsinfo:eu-repo/semantics/openAccessen
dc.source.urihttps://ktree.cs.ucy.ac.cy/action.php?kt_path_info=ktcore.actions.document.view&fDocumentId=5431en
dc.titleSecurity in e-Health: Information classification mapping into security technologiesen
dc.typeinfo:eu-repo/semantics/masterThesisen
dc.contributor.departmentUniversity of Cyprus, Faculty of Pure and Applied Sciences, Department of Computer Scienceen
dc.contributor.departmentΠανεπιστήμιο Κύπρου, Σχολή Θετικών και Εφαρμοσμένων Επιστημών, Τμήμα Πληροφορικήςel_GR


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record