Skip to main content

Research Repository

Advanced Search

HI-risk: A method to analyse health information risk intelligence

Buchanan, William J; van Deursen, Nicole

Authors

Nicole van Deursen



Abstract

Information security threat intelligence is a prevalent topic amongst researchers, long-established IT-vendors and start-ups. The possibilities of Big Data analytics to security threat and vulnerability scanning offer a significant development in the protection of infrastructures. At the same time, industry research reports continue to state that the main contributing factor in the events leading to a data breach is human error. The common response of information security professionals is to resort to technological solutions to prevent these human errors. However, some very important information security intelligence is not hidden within the network traffic: it's available from the people that work with sensitive information. This article describes the Health Information risk (HI-risk) method to identify non-technical information security risks in healthcare. The method includes risks related to skills, behaviour, processes, organisational culture, physical security, and external influences. HI-risk offers a solution to collect intelligence about non-technical information security incidents from across the healthcare sector to demonstrate past trends and to be ahead of future incidents. A test of a HI-risk forecast proved the feasibility of this approach in healthcare and beyond. It is suggested that HI-risk could become a valuable addition to existing technical threat and vulnerability monitoring tools.

Citation

Buchanan, W. J., & van Deursen, N. (2016). HI-risk: A method to analyse health information risk intelligence. In 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom). https://doi.org/10.1109/healthcom.2016.7749536

Conference Name 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom)
Start Date Sep 14, 2016
End Date Sep 16, 2016
Acceptance Date Oct 31, 2016
Online Publication Date Oct 31, 2016
Publication Date Nov 21, 2016
Deposit Date Apr 29, 2017
Publicly Available Date Mar 29, 2024
Print ISSN 2325-6095
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Book Title 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom)
ISBN 9781509033706
DOI https://doi.org/10.1109/healthcom.2016.7749536
Keywords risk model; security intelligence; socio-technical information security
Public URL http://researchrepository.napier.ac.uk/Output/835559

Files

Hi-risk: a method to analyse health information risk intelligence (333 Kb)
PDF







You might also like



Downloadable Citations