Telemedicine Security Risk Evaluation Using Attack Tree |
Kim, Dong-won
(Graduate School of Information Security, Korea University)
Han, Keun-hee (Graduate School of Convergence Software, Korea University) Jeon, In-seok (Graduate School of Information Security, Korea University) Choi, Jin-yung (Graduate School of Convergence Software, Korea University) |
1 | S. -H Kim, "Trend of personal health-device standardization for u-health service," Journal of KIISE Vol.29-1, pp.31-37, 2011. |
2 | u-Health Forum Korea, 2009 u-Health Industry white paper, 2009. |
3 | D.on-sik Yoo, "Review & Scheme of u-Health Standardization," TTA 20th Anniversary Seminar, Sep. 2008. |
4 | Chan-young Park, "Technical trend of u-healthcare standardization," Electronics and Telecommunications Trends Vol. 25, pp. 48-59, Aug. 2010. |
5 | Am-suk Oh, "A Study on Home Healthcare Convergence for IEEE 11073 Standard," JKIICE Vol.19 no. 2, pp. 422-427, Feb. 2015. |
6 | N. Paul, "A Review of the Security of Insulin Pump Infusion Systems," Journal of Diabetes Science and Technology, 5(6), pp. 1557-62, Nov. 2011. DOI |
7 | ISO/DIS 27799:2014(E), "Health informatics - Information security management in health using ISO/IEC 27002," ISO, Feb. 2015. |
8 | ISO/IEC 27005:2011, "Information security risk management (second edition)," ISO, Dec. 2011. |
9 | Baek-Kyoung hee, "A Legal Study on the Relationship between In-Person and Remote Medical Treatments," Seoul Law Review, Vol. 21, pp. 449-482, Feb. 2014 DOI |
10 | Katherine Chretien, "For Medical Secrets, Try Facebook," Journal of the American Medical Association, vol 302, pp. 1309, Sep, 2009 DOI |
11 | Barnaby Jack, "Hacker Shows Off Lethal Attack By controlling Wireless Medical Device," RSA Conference, Feb. 2012 |
12 | http://fox6now.com/2013/02/14/froedtert-hospital-hacked-patients-alerted-of-illegal-access/, "Froedtert Hospital hacked, patients alerted of illegal access," fox6now.com, Feb. 2013 |
13 | http://www.esecurityplanet.com/network-security/healthsource-of-ohio-data-breach-exposes-8800-patients-personal-info.html, "HealthSource of Ohio data leak exposed 8,800 patients information," eSecurity Planet, Mar. 2014 |
14 | http://www.wired.com/2014/06/hospital-networks-leaking-data/, "Hospital database hacked, patient info vulnerable," WIRED, Mar. 2014. |
15 | http://www.idtheftcenter.org/ITRC-Surveys-Studies/2013-data-breaches.html, "Breach List Tops 600 in 2013," ITRC, Feb. 2015. |
16 | SANS, "Widespread Compromises Detected, Compliance Nightmare on Horizon," SANS Health Care Cyber Threat Report, Feb. 2014 |
17 | NIST, "Guide for Mapping Types of Information and Information Systems to Security Categories," NIST SP800-60 vol. 1, Ayg. 2008. |
18 | FMECA "Failure mode, effects and criticality analysis," FMECA MIL-P-1629, Jan. 2007. |
19 | B. Schneier, "Attack Trees," Dr. Dobb's Journal, 24(12), pp. 21-29, Oct. 1999. |
20 | Indrajit Ray and Nayot Poolsapassit, "Using Attack Trees to Identify Malicious Attacks from Authorized Insiders," 10th European Symposium on Research in Computer Security, LNCS 3679, pp. 231-246, Sep. 2005. |
21 | NIST, "Guide for Applying the Risk Management Framework to Federal Information Systems," NIST SP800-37 Rev. 1, Feb. 2010. |