E-Book, Englisch, 271 Seiten, eBook
Sunyaev Health-Care Telematics in Germany
2011
ISBN: 978-3-8349-6519-6
Verlag: Betriebswirtschaftlicher Verlag Gabler
Format: PDF
Kopierschutz: 1 - PDF Watermark
Design and Application of a Security Analysis Method
E-Book, Englisch, 271 Seiten, eBook
Reihe: Informationsmanagement und Computer Aided Team
ISBN: 978-3-8349-6519-6
Verlag: Betriebswirtschaftlicher Verlag Gabler
Format: PDF
Kopierschutz: 1 - PDF Watermark
Ali Sunyaev develops a method for the organizational and technical analysis of security issues in health care. He identifies security problems in the current concept of German health-care telematics and derives recommendations for future developments in the health-care sector.
Dr. Ali Sunyaev completed his doctoral thesis under the supervision of Prof. Dr. Helmut Krcmar at the Chair of Information Systems at Technische Universität München (TUM). He is an Assistant Professor of Information Systems and Information Systems Quality at the Faculty of Management, Economics and Social Sciences, University of Cologne.
Zielgruppe
Research
Autoren/Hrsg.
Weitere Infos & Material
1;Foreword;6
2;Abstract;8
3;Contents;9
4;List of Figures;16
5;List of Tables;18
6;1 Introduction;20
6.1;1.1 Motivation;22
6.2;1.2 Objectives of the Thesis;25
6.3;1.3 Research Methodology;28
6.3.1;1.3.1 Design Science;29
6.3.2;1.3.2 Research Design;30
6.3.3;1.3.3 Design Theory;32
6.3.4;1.3.4 Theoretical Contribution and Research Outcome;33
6.4;1.4 Practical Implications, Users, and Beneficiaries;34
7;2 Healthcare Telematics in Germany with Respect to Security Issues;36
7.1;2.1 German Healthcare;36
7.1.1;2.1.1 Structure of German Healthcare;37
7.1.2;2.1.2 Characteristics of the German Healthcare Sector;38
7.1.2.1;2.1.2.1 Information Exchange and Distributed Information Flows in German HealthcareSystem;38
7.1.2.2;2.1.2.2 Current Problems;39
7.1.2.3;2.1.2.3 Specifics of the German Healthcare Domain;40
7.2;2.2 Information Systems in Healthcare;41
7.2.1;2.2.1 Seamless Healthcare;43
7.2.2;2.2.2 Interoperability, Standards and Standardization Approaches in Healthcare;43
7.2.2.1;2.2.2.1 Communication Standards;46
7.2.2.2;2.2.2.2 Documentations Standards and Standardization Approaches;50
7.2.3;2.2.3 Healthcare IS Architecture Types;52
7.2.3.1;2.2.3.1 Monolithic System;53
7.2.3.2;2.2.3.2 Heterogeneous System;54
7.2.3.3;2.2.3.3 Service-Oriented IS Architecture;54
7.2.4;2.2.4 Implications for Security Issues of Healthcare Information Systems;55
7.3;2.3 Healthcare Telematics;58
7.3.1;2.3.1 Definitions and Objectives of Healthcare Telematics;58
7.3.2;2.3.2 German Healthcare Telematics;61
7.3.2.1;2.3.2.1 Healthcare Telematics Infrastructure;61
7.3.2.2;2.3.2.2 Electronic Health Card;63
7.3.3;2.3.3 Risk and Security Issues of Healthcare Telematics;65
7.4;2.4 Summary;71
8;3 Catalogue of IS Healthcare Security Characteristics;72
8.1;3.1 Legal Framework;73
8.1.1;3.1.1 Privacy;73
8.1.2;3.1.2 Legal Requirements;74
8.2;3.2 Protection Goals;75
8.2.1;3.2.1 Dependable Healthcare Information Systems;76
8.2.2;3.2.2 Controllability of Healthcare Information Systems;78
8.3;3.3 Characteristics of IS Security Approaches with Respect to Healthcare;81
8.3.1;3.3.1 Literature Review;83
8.3.2;3.3.2 Overview of Healthcare IS Security Approach Characteristics;85
8.3.2.1;3.3.2.1 General IS Security Approach Characteristics;85
8.3.2.2;3.3.2.2 General IS Security Approach Characteristics with Reference to Healthcare;86
8.4;3.4 Summary;100
9;4 Analysis of IS Security Analysis Approaches;102
9.1;4.1 Overview;102
9.2;4.2 Review of Literature;103
9.3;4.3 Existing Literature Reviews;106
9.4;4.4 Theoretical Background;110
9.5;4.5 Systematization of IS Security Analysis Approaches;112
9.5.1;4.5.1 Checklists;114
9.5.2;4.5.2 Assessment Approaches;115
9.5.2.1;4.5.2.1 Risk Assessment Approaches;115
9.5.2.2;4.5.2.2 Security Control Assessment Approaches;117
9.5.3;4.5.3 Risk Analysis Approaches;120
9.5.4;4.5.4 IT Security Management Approaches;121
9.5.4.1;4.5.4.1 The Plan-Do-Check-Act Approach of ISO 27001;123
9.5.4.2;4.5.4.2 Best Practice Models;124
9.5.5;4.5.5 Legislation Accommodations;125
9.6;4.6 Analysis of IS Security Analysis Approaches with Respect to Healthcare;127
9.6.1;4.6.1 Examination of IS Security Approaches with Respect to General IS Security Approach Characteristics;129
9.6.2;4.6.2 Examination of IS Security Approaches with Respect to General IS Security Approach Characteristics with Reference to Healthcare;130
9.6.3;4.6.3 Examination of IS Security Approaches with Respect to Healthcare Specific IS Security Approach Characteristics;132
9.7;4.7 Summary;133
10;5 Designing a Security Analysis Method for Healthcare Telematics in Germany;135
10.1;5.1 Introduction;135
10.2;5.2 Research Approach;136
10.3;5.3 Method Engineering;138
10.4;5.4 Description of Method Elements;139
10.4.1;5.4.1 Method Chains and Alliances;139
10.4.2;5.4.2 Method Fragments;140
10.4.3;5.4.3 Method Chunks;144
10.4.4;5.4.4 Method Components;144
10.4.5;5.4.5 Theoretical Background;145
10.5;5.5 Formal Description of the Concept of Method Engineering;146
10.6;5.6 HatSec Security Analysis Method;150
10.6.1;5.6.1 From Plan-Do-Check-Act Approach to a IS Security Analysis Method for Healthcare Telematics;151
10.6.2;5.6.2 Design of the HatSec Security Analysis Method;152
10.6.2.1;5.6.2.1 Method Blocks and Method Fragments;154
10.6.2.2;5.6.2.2 Overview of the Building Blocks of the HatSec Method;155
10.6.2.3;5.6.2.3 Perspectives of the HatSec Method;156
10.6.2.4;5.6.2.4 Context and Preparation of the Security Analysis;157
10.6.2.5;5.6.2.5 Security Analysis Process;161
10.6.2.6;5.6.2.6 Security Analysis Product;166
10.6.2.7;5.6.2.7 Two Sides of the HatSec Method;170
10.6.2.8;5.6.2.8 HatSec Structure;172
10.7;5.7 Review of the HatSec Security Analysis Method;179
10.8;5.8 Summary;183
11;6 Practical Application of the HatSec Method;185
11.1;6.1 Selected Case Studies;186
11.1.1;6.2.1 Overview;188
11.1.2;6.2.2 Identification and Classification of the Attackers;189
11.1.3;6.2.3 Identification and Classification of the Attack Types;191
11.1.4;6.2.4 Summary;193
11.2;6.2 Assessment and Classification of Threats around the Electronic Health Card;187
11.2.1;6.2.1 Overview;188
11.2.2;6.2.4 Summary;193
11.3;6.3 Analysis of the Applications of the Electronic Health Card;194
11.4;6.4 Analysis of a Proposed Solution for Managing Health Professional Cards in Hospitals Using a Single Sign-On Central Architecture;205
11.4.1;6.4.1 Overview;206
11.4.2;6.4.2 Induced Process Changes;207
11.4.2.1;6.4.2.1 General Changes;207
11.4.2.2;6.4.2.2 Discharge Letter Process;208
11.4.3;6.4.3 Existing Approaches for Managing Smart Cards in Hospitals;209
11.4.3.1;6.4.3.1 The Decentralized Approach;209
11.4.3.2;6.4.3.2 The VerSA Approach;209
11.4.3.3;6.4.3.3 Disadvantages;210
11.4.4;6.4.4 The Clinic Card Approach;210
11.4.4.1;6.4.4.1 Technical Architecture;211
11.4.4.2;6.4.4.2 Smart Card Management Unit;212
11.4.4.3;6.4.4.3 The Clinic Card and Card Middleware;212
11.4.4.4;6.4.4.4 Connector;213
11.4.4.5;6.4.4.5 Remote Access;213
11.4.4.6;6.4.4.6 Unique Characteristics of the Central Approach;214
11.4.4.7;6.4.4.7 Discharge Letter Process;215
11.4.5;6.4.5 Comparison of the Presented Approaches;216
11.4.5.1;6.4.5.1 Evaluation Framework;216
11.4.5.2;6.4.5.2 Hardware Requirements and Integration;216
11.4.5.3;6.4.5.3 Session Management;217
11.4.5.4;6.4.5.4 Usability;217
11.4.5.5;6.4.5.5 Further Value-Adding Aspects;218
11.4.6;6.4.6 Summary;218
11.5;6.5 Security Analysis of the German Electronic Health Card’s Components on a Theoretical Level;219
11.5.1;6.5.1 Overview;219
11.5.2;6.5.2 Components and Documents Considered in this Security Analysis;220
11.5.2.1;6.5.2.1 Security Analysis of the Electronic Health Card’s Components;221
11.5.2.2;6.5.2.2 Analysis of the Connector;223
11.5.2.3;6.5.2.3 Analysis of the Primary System;226
11.5.2.4;6.5.2.4 Additional Deficiencies Found During this Security Analysis;227
11.5.3;6.5.3 Attack-Tree Analysis;230
11.5.4;6.5.4 Summary;230
11.6;6.6 Security Analysis of the German Electronic Health Card’s Peripheral Parts in Practice;231
11.6.1;6.6.1 Overview;233
11.6.2;6.6.2 Laboratory’s / Physician’s Practice Configuration;233
11.6.3;6.6.3 Network Traffic Analyzes and its Consequences;235
11.6.4;6.6.4 Attacking the German Electronic Health Card;236
11.6.4.1;6.6.4.1 Permanent-Card-Ejection;238
11.6.4.2;6.6.4.2 Fill or Delete Prescriptions;238
11.6.4.3;6.6.4.3 Block a Card’s PIN;239
11.6.4.4;6.6.4.4 Destroy a Card;240
11.6.4.5;6.6.4.5 Spy Personal Information;240
11.6.5;6.6.5 Summary;242
11.7;6.7 Case Studies: Lessons Learned;243
12;7 Appraisal of Results;245
12.1;7.1 Overview;245
12.2;7.2 Progress of Cognition;247
12.3;7.3 Design Proposals for Healthcare Telematics;248
13;Bibliography;251
14;Appendix;287
