Browse > Article
http://dx.doi.org/10.33778/kcsa.2019.19.4.151

Curriculum study of information security awareness for medical institution  

Kim, Dong-Won (건양대학교/사이버보안공학과)
Han, Keun-Hee (고려대학교/정보보호대학원)
Publication Information
Convergence Security Journal / v.19, no.4, 2019 , pp. 151-163 More about this Journal
Abstract
As smart devices and communication technologies have developed rapidly, the healthcare industry in the globe is seeing remarkable issues on medical security. At the same time, personal medical records are being shared in the network, which would raise the risk of information security. This thesis aims to develop the curriculum to raise the awareness of information security among workers in medical institutions by referring to NCS(National Competency Standards) International standards, medical institutions' requirements and educational institutions' curriculums on information security based on proven results from medical devices and systems introduced in the public health centers, territorial branches, community health posts and primary, secondary, tertiary hospitals. Thus, this thesis offers the method to improve information security in healthcare institutions through validation testing conducted by medical practitioners and ICT experts.
Keywords
Healthcare industry; Information security awareness; Security awareness training;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 http://fox6now.com/2013/02/14/froedte rt-hospital-hacked-patients-alerted-of- illegal-access/, "Froedtert Hospital hacked, patients alerted of illegal access," fox6now.com, Feb. 2013
2 http://www.esecurityplanet.com/network-security/healthsource-of-ohio-data-breach-exposes-8800-patients-personal-info.html, "HealthSource of Ohio data leak exposed 8,800 patients information," eSecurity Planet, Mar. 2014
3 http://www.wired.com/2014/06/hospital-networks-leaking-data/, "Hospital database hacked, patient info vulnerable," WIRED, Mar. 2014.
4 Dong-won Kim, Keun-hee Han, In-seok Jeon and Jin-young Choi, "Telemedicine Security Risk Evaluation Using Attack Tree," Journal of The Korea Institute of Information Security & Cryptology Vol.25, No.4, pp.951-960, Aug. 2015.   DOI
5 C. H. Lawshe, "A Quantitative approach to content validity," Personnel Psychology, Volume 28, Issue 4, pp. 563-575, Dec, 1975   DOI
6 KOSF, The Foundation for the spread of the smart plant study on spontaneous composition, 2016
7 NIST, "Guide for Mapping Types of Information and Information Systems to Security Categories," NIST SP800-60 vol. 1, Ayg. 2008.
8 In-seok Jeon, Dong-won Kim, Keun-hee Han and Jin-young Choi, "Curriculum Development for Smart Factory Information Security Awareness Training," Journal of The Korea Institute of Information Security & Cryptology Vol.26, No.5, pp.1335-1348, Oct. 2016.   DOI
9 Young-seok Park, Yun-mok Son, Ho-cheol Shin, Doh-yun Kim and Yong-dae Kim, "This ain't your dose: Sensor Spoofing Attack on Medical Infusion Pump," usenix, WOOT'16 Proceedings of the 10th USENIX Conference on Offensive Technologies, Pages 189-199, Aug. 2016.
10 NIST, "Building an Information Technology Security Awareness and Training Program," NIST SP800-50, Oct. 2003.
11 NIST, "Information Technology Security Training Requirements:A Role- and Performance-Based Model," NIST SP800-16, Apr. 1998.
12 한국융합보안학회.융합보안논문지 제16권 제7호 (2016) pp.21-29 "의료클러스터 기반의 빅데이터환경에대한IP Spoofing 공격발생시상호협력보안 모델 설계" https://www.earticle.net/Article/A301561
13 한국융합보안학회.융합보안논문지 제14권 제3호 (2014) pp.11-19 "체내 이식형 의료기기의보안성 향상을 위한 3-Tier 보안 메커니즘 설계" https://www.earticle.net/Article/A224196
14 Am-suk Oh, "A Study on Home Healthcare Convergence for IEEE 11073 Standard," JKIICE Vol.19 no. 2, pp. 422-427, Feb. 2015.
15 한국융합보안학회.융합보안논문지 제18권 제5호 (2018) pp.75-81 "의료융합 환경에서 수용성을 고려한 비용 효율적 보안체계구축 방안 연구 : 중소의료기관을 중심으로" https://www.earticle.net/Article/A346536
16 Seung-hwan Kim, "Trend of personal healthdevice standardization for u-health service," Journal of KIISE Vol.29-1, pp.31-37, 2011.
17 u-Health Forum Korea, "2009 u-Health Industry white paper," 2009.
18 Don-sik Yoo, "Review & Scheme of u-Health Standardization," TTA 20th Anniversary Seminar, Sep. 2008.
19 Chan-young Park, jun-ho Lim, Soo-jun Park and Seung-hwan Kim, "Technical trend of u-healthcare standardization," Electronics and Telecommunications Trends Vol. 25, pp. 48-59, Aug. 2010.   DOI
20 Nathanael Paul, Tadayoshi Kohno and David C Klonfoo, "AReviewof the Security of Insulin Pump Infusion Systems," Journal of Diabetes Science and Technology, 5(6), pp. 1557-62, Nov. 2011.   DOI
21 ISO/DIS 27799:2014(E), "Health informatics - Information security management in health using ISO/IEC 27002," ISO, Feb. 2015.
22 Barnaby Jack, "Hacker Shows Off Lethal Attack By controlling Wireless Medical Device," RSA Conference, Feb. 2012
23 ISO/IEC 27005:2011, "Information security risk management (second edition)," ISO, Dec. 2011.
24 Kyoung-hee Baek and yun-hwa Jang, "A Legal Study on the Relationship between In-Person and Remote Medical Treatments," Seoul Law Review, Vol. 21, pp. 449-482, Feb. 2014   DOI
25 Katherine Chretien, "For Medical Secrets, Try Facebook," Journal of the American Medical Association, vol 302, pp. 1309, Sep, 2009   DOI