299-Article Text-492-1-10-20160203.pdf

Conclusions and aspects for future work are presented

Info icon This preview shows pages 2–4. Sign up to view the full content.

threat modeling process. Conclusions and aspects for future work are presented in section 4. 2 Background In this section, relevant work underlying the current study is discussed. First, telehealth systems are briefly introduced, followed by an overview of threat modeling and threat modeling methodologies. Telehealth Systems Telehealth comprises the use of information and communication technologies (ICT) to offer different, user-group specific healthcare services to participants (patients, doctors and nurses, etc.) who are in different locations [2]. The remote health service provision serves a variety of purposes, such as remote patient monitoring (e.g. home telehealth), specialist referral services and medical education [2, 3]. However, telehealth raises security and privacy concerns. The number of potential threats in the field of health information systems has increased dramatically, and the lack of adequate security measures allows for numerous data breaches [9], leaving patients and healthcare providers vulnerable to security threats [14]. In order to exploit the full potential of telehealth services, protection against threats and vulnerabilities is required. Threat Modeling Overview Threat modeling helps to understand system security threats and vulnerabilities, and how those threats potentially impact users and organizations, and to determine the most cost-effective security solutions to mitigate attacks [12]. Due to the extensive cost, time and resources needed for the development on the one side, and due to the fast emergence of new kinds of threats on the other side, it is almost impossible to develop a completely secure system. Thus, it is important to decide on the priority of each asset, and balance between security and cost throughout the system development. The priority of an asset is determined according to its value and risk potential to it. Therefore, threat modeling is used to analyze system threats and vulnerability scenarios in order to evaluate the risk. Threat modeling methodologies Academia and industries have undertaken extensive research on the process of threat modeling. This includes, among many others, Microsoft’s development of the security life cycle (SDL) [13], the Open Web Application Security Project (OWASP) [15], the Process for Attack Simulation and Threat Modeling (PASTA) [16], Trike
Image of page 2

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

methodology [17] and the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) [18]. The mostly used tool of modeling is that of Microsoft, which encompasses all aspects of security to offer documentation as a guide through the remaining process. SDL is geared more towards the identification of potential threats through identifying assets and understanding the target application by creating use cases, and identifying threats based on the Microsoft STRIDE model [12, 19]. Subsequently, the identified threats are ranked based on the security risk posed using a DREAD threat-risk ranking model [11].
Image of page 3
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern