Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.4.951

Telemedicine Security Risk Evaluation Using Attack Tree  

Kim, Dong-won (Graduate School of Information Security, Korea University)
Han, Keun-hee (Graduate School of Convergence Software, Korea University)
Jeon, In-seok (Graduate School of Information Security, Korea University)
Choi, Jin-yung (Graduate School of Convergence Software, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.4, 2015 , pp. 951-960 More about this Journal
Abstract
The smart screening in the medical field as diffusion of smart devices and development of communication technologies is emerging some medical security concerns. Among of them its necessary to taking risk management measures to identify, evaluate and control of the security risks that can occur in Telemedicine because of the Medical information interchanges as Doctor to Doctor (D2D), Doctor to Patient (D2P). This research paper studies and suggests the risk analysis and evaluation methods of risk security that can occur in Telemedicine based on the verified results of Telemedicine system and equipment from the direct site which operating in primary clinics, public health centers and it's branches, etc.
Keywords
Telemedicine Security; Telemedicine Risk Management;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S. -H Kim, "Trend of personal health-device standardization for u-health service," Journal of KIISE Vol.29-1, pp.31-37, 2011.
2 u-Health Forum Korea, 2009 u-Health Industry white paper, 2009.
3 D.on-sik Yoo, "Review & Scheme of u-Health Standardization," TTA 20th Anniversary Seminar, Sep. 2008.
4 Chan-young Park, "Technical trend of u-healthcare standardization," Electronics and Telecommunications Trends Vol. 25, pp. 48-59, Aug. 2010.
5 Am-suk Oh, "A Study on Home Healthcare Convergence for IEEE 11073 Standard," JKIICE Vol.19 no. 2, pp. 422-427, Feb. 2015.
6 N. Paul, "A Review of the Security of Insulin Pump Infusion Systems," Journal of Diabetes Science and Technology, 5(6), pp. 1557-62, Nov. 2011.   DOI
7 ISO/DIS 27799:2014(E), "Health informatics - Information security management in health using ISO/IEC 27002," ISO, Feb. 2015.
8 ISO/IEC 27005:2011, "Information security risk management (second edition)," ISO, Dec. 2011.
9 Baek-Kyoung hee, "A Legal Study on the Relationship between In-Person and Remote Medical Treatments," Seoul Law Review, Vol. 21, pp. 449-482, Feb. 2014   DOI
10 Katherine Chretien, "For Medical Secrets, Try Facebook," Journal of the American Medical Association, vol 302, pp. 1309, Sep, 2009   DOI
11 Barnaby Jack, "Hacker Shows Off Lethal Attack By controlling Wireless Medical Device," RSA Conference, Feb. 2012
12 http://fox6now.com/2013/02/14/froedtert-hospital-hacked-patients-alerted-of-illegal-access/, "Froedtert Hospital hacked, patients alerted of illegal access," fox6now.com, Feb. 2013
13 http://www.esecurityplanet.com/network-security/healthsource-of-ohio-data-breach-exposes-8800-patients-personal-info.html, "HealthSource of Ohio data leak exposed 8,800 patients information," eSecurity Planet, Mar. 2014
14 http://www.wired.com/2014/06/hospital-networks-leaking-data/, "Hospital database hacked, patient info vulnerable," WIRED, Mar. 2014.
15 http://www.idtheftcenter.org/ITRC-Surveys-Studies/2013-data-breaches.html, "Breach List Tops 600 in 2013," ITRC, Feb. 2015.
16 SANS, "Widespread Compromises Detected, Compliance Nightmare on Horizon," SANS Health Care Cyber Threat Report, Feb. 2014
17 NIST, "Guide for Mapping Types of Information and Information Systems to Security Categories," NIST SP800-60 vol. 1, Ayg. 2008.
18 FMECA "Failure mode, effects and criticality analysis," FMECA MIL-P-1629, Jan. 2007.
19 B. Schneier, "Attack Trees," Dr. Dobb's Journal, 24(12), pp. 21-29, Oct. 1999.
20 Indrajit Ray and Nayot Poolsapassit, "Using Attack Trees to Identify Malicious Attacks from Authorized Insiders," 10th European Symposium on Research in Computer Security, LNCS 3679, pp. 231-246, Sep. 2005.
21 NIST, "Guide for Applying the Risk Management Framework to Federal Information Systems," NIST SP800-37 Rev. 1, Feb. 2010.