A Note on the Security in the Card Management System of the German E-Health Card
|
|
- Hilary Rich
- 8 years ago
- Views:
Transcription
1 A Note on the Security in the Card Management System of the German E-Health Card Marcel Winandy (Ruhr-University Bochum) 3rd International ICST Conference on Electronic Healthcare for the 21st Century (ehealth 2010) Casablanca, Morocco, December 2010 Mittwoch, 15. Dezember 2010
2 Introduction The German electronic Health Card (ehc) Core component of the Healthcare Telematics Each insured person will have such a card Supposed to enable new applications Smartcard with small storage + cryptographic functions German Healthcare Telematics Under development, going to be rolled out "soon" (originally 2006) Specifications by Gematik (company organization of health institutions) Health Professional Card (HPC) Similar card for all health professionals For identification, authentication, digital signatures Mittwoch, 15. Dezember 2010
3 Introduction: Use Cases of ehc Obligatory: Identification, Authentication - personalized cards - individual cryptographic keys European Health Insurance Card (EHIC) - printed on the backside Electronic Prescription - issuing and filling - directly stored on ehc Optional: Medical Emergency Data - directly stored on ehc Medication History Electronic Health Records - centrally stored on servers (in encrypted format) - ehc used to encrypt/decrypt and authorize access (via PIN) Other applications Mittwoch, 15. Dezember 2010
4 Introduction: Security & Privacy German law requires strong privacy: "Data Sovereignty" ( 291a.5 SGB V) Only the patient can define who may access the data associated with the ehc. German Ministry of Health*: ehc basic security requirements Authentication, authorization, and audit mechanisms have to be chosen so that the data sovereignty of the insured party can be taken for granted. * German Federal Ministry of Health: Entscheidungsvorlage - Festlegung der Authentisierungs-, Autorisierungs- und Auditmechanismen der Telematikinfrastruktur für die Fachanwendungen, Version 0.9.0, March Mittwoch, 15. Dezember 2010
5 German Healthcare Telematics
6 German Healthcare Telematics
7 German Healthcare Telematics
8 German Healthcare Telematics
9 German Healthcare Telematics
10 German Healthcare Telematics
11 German Healthcare Telematics
12 German Healthcare Telematics
13 German Healthcare Telematics Healthcare Telematics Boundary Mittwoch, 15. Dezember 2010
14 German Healthcare Telematics Healthcare Telematics Boundary Mittwoch, 15. Dezember 2010
15 German Healthcare Telematics Healthcare Telematics Boundary Mittwoch, 15. Dezember 2010
16 German Healthcare Telematics Healthcare Telematics Boundary ehc Mittwoch, 15. Dezember 2010
17 German Healthcare Telematics Healthcare Telematics Boundary HPC ehc Mittwoch, 15. Dezember 2010
18 German Healthcare Telematics Healthcare Telematics Boundary HPC ehc Mittwoch, 15. Dezember 2010
19 German Healthcare Telematics Healthcare Telematics Boundary HPC ehc Mittwoch, 15. Dezember 2010
20 Existing Security Analyses
21 Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS INFRASTRUCTURE IN GERMANY Network security Access control policies Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universität München, Germany {hubermic, sunyaev, Keywords: Abstract: Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Systems. Based on ISO for Information Security Management Systems, this paper introduces a newly developed security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activities is given. 1 INTRODUCTION In Germany, the Electronic Health Card (ehc) will replace the present health card as requested by law. By establishing the ehc, several improvements, such as cost savings, better ways of communication in the health care sector or the self-determination of the insured person concerning medical data, are supposed to be achieved (Schabetsberger et al., 2006). The use of IT to administrate medical data of the insured, implicates the question, whether these systems are safe enough to satisfy requirements like privacy, safety, security and availability (Heeks, 2006). The data administrated by the ehc and its infrastructure is mosltly strictly confidential as it contains personal information about peoples state of health, course of disease and hereditary diseases (Lorence and Churchill, 2005). As for example insurance companies Dezember or employers 2010would be highly interested Mittwoch, 15. in outlook. The current security status of health care in Germany was evaluated and valuable hints for future developments in the health care sector could be derived. The paper is based on a literature review (e.g. Computers & Security, Information Management & Computer Security, Information Systems Security, International Journal of Medical Informatics, Information Systems Journal, European Journal of Information Systems, International Journal of Information Security, security & privacy, Journal of computer security, ACM Transaction on Information and Systems Security und ACM Computing Surveys). The security analysis approach presented in this paper differs from other approaches due to the following aspects: Focus (health care sector; technical evaluation of security measures), being up-to-date (appliance of upto-date techniques and standards) and regional distinctions (located in germany, regional and political
22 Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS INFRASTRUCTURE IN GERMANY Network security Access control policies Keywords: Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universität München, Germany {hubermic, sunyaev, SECURITY ANALYSIS OF THE GERMAN ELECTRONIC HEALTH CARD S PERIPHERAL PARTS Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Systems. Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Chair for Information Systems, Technische Universität München, Boltzmannstraße 3, Garching, Germany Abstract: Based on ISO for Information Security Management Systems, this paper introduces a newly developed {sunyaev, kaletsch, mauro, krcmar}@in.tum.de security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activities is given. Peripheral parts (end-user systems) Keywords: Security Analysis, Electronic Health Card, Health Care Telematics. 1 INTRODUCTION outlook. The current security status of health care in Abstract: This paper describes a technical security analysis which Germany is based was on evaluated experiments and valuable done in a hints laboratory for future and verified in a physician s practice. The health care In Germany, the Electronic Health Card (ehc) will developments telematics infrastructure in the health in Germany care sector stipulates could be every derived. physician and every patient to automatically be given an electronic health smart card (for patients) and a replace the present health card as requested by law. corresponding health professional card (for health care providers). We analyzed these cards and the By establishing the ehc, several improvements, such The paper is based on a literature review (e.g. peripheral parts of the telematics infrastructure according to the ISO security standard. The as cost savings, better ways of communication in the Computers & Security, Information Management & introduced attack scenarios show that there are several security issues in the peripheral parts of the German health care sector or the self-determination of the insured person concerning medical data, are supposed ternational Journal of Medical Informatics, Informa- Computer Security, Information Systems Security, In- health care telematics. Based on discovered vulnerabilities we provide corresponding security measures to overcome these open issues and derive conceivable consequences for the nation-wide introduction of to be achieved (Schabetsberger et al., 2006). tion Systems Journal, European Journal of Information Systems, International Journal of Information Se- electronic health card in Germany. The use of IT to administrate medical data of the insured, implicates the question, whether these systems are safe enough to satisfy requirements like pririty, ACM Transaction on Information and Systems curity, security & privacy, Journal of computer secu- 1 vacy, INTRODUCTION safety, security and availability (Heeks, 2006). taking Security out unda ACM loan Computing or trying Surveys). to find insurance The security analysis2001). approach Furthermore, presented inone s this paper reputation differs The data administrated by the ehc and its infrastructure is mosltly strictly confidential as it contains from other approaches due to the following aspects: (Anderson, During the next years in Germany the present health could get tarnished when the wrong pieces of own personal information about peoples state of health, Focus (health care sector; technical evaluation of security measures), being up-to-date (appliance of up- insurance card will be replaced by the new sensitive medical information becomes publicly course of disease and hereditary diseases (Lorence electronic health card (ehc) (Sunyaev et al., 2009). accessible (Schneider, 2004). and Churchill, 2005). As for example insurance companies Dezember or employers 2010would be highly interested in tinctions (located in germany, regional and political to-date techniques and standards) and regional dis- The introduction tends to improve the efficiency of This paper is based on extensive laboratory Mittwoch, 15. the health system and the patients rights (Bales, experiments and on a detailed review of gematik s
23 Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS INFRASTRUCTURE IN GERMANY Network security Access control policies Keywords: Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universität München, Germany {hubermic, sunyaev, SECURITY ANALYSIS OF THE GERMAN ELECTRONIC HEALTH CARD S PERIPHERAL PARTS Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Systems. Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Securing the E-Health Cloud Chair for Information Systems, Technische Universität München, Boltzmannstraße 3, Garching, Germany Abstract: Based on ISO for Information Security Management Systems, this paper introduces a newly developed {sunyaev, kaletsch, mauro, krcmar}@in.tum.de security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activities is given. Hans Löhr Ahmad-Reza Sadeghi Marcel Winandy Horst Görtz Institute for IT Security Horst Görtz Institute Horst Görtz Institute Keywords: Security for IT Security Analysis, Electronic Health Card, for IT Health Security Care Telematics. 1 INTRODUCTION Ruhr-University Bochum Ruhr-Universityoutlook. BochumThe current Ruhr-University security status of Bochum health care in Abstract: This Germany paper describes a technical security Germany analysis which Germany is based was on evaluated experiments and Germany valuable done in a hints laboratory for future and hans.loehr@trust.rub.de verified in a physician s practice. ahmad.sadeghi@trust.rub.de The health care In Germany, the Electronic Health Card (ehc) will developments telematics infrastructure marcel.winandy@trust.rub.de in the health Germany care sector stipulates could be every derived. physician and every patient to automatically be given an electronic health smart card (for patients) and a replace the present health card as requested by law. corresponding health professional card (for health care providers). We analyzed these cards and the By establishing the ehc, several improvements, such The paper is based on a literature review (e.g. ABSTRACT peripheral parts of the telematics infrastructure countries according as cost savings, better ways of communication in the Computers in to the the & Security, recent ISO years Information There security are Management continuing standard. The efforts & on introduced attack scenarios show that there are several security issues the peripheral parts of the German Modernhealth information care sector technology or theis self-determination increasingly used in ofhealth- care with sured theperson goal national and international standardization for interoperability and data we provide exchange. corresponding Many different security application measures scenarios to the in- Computer Security, Information Systems Security, International Journal of Medical Informatics, Informa- health toconcerning improve care telematics. andmedical enhance Based data, medical on discovered are supposed services vulnerabilities and to reduce costs. overcome In this these context, open issues the outsourcing and derive of conceivable are envisaged consequences in electronic for the nation-wide healthcare (e-health), introduction e.g., of electronic health records [12, 23, 22], accounting and billing [17, to be achieved (Schabetsberger et al., 2006). tion Systems Journal, European Journal of Information Systems, International Journal of Information Se- computation and storage electronic resources health card to in general Germany. IT providers The use of IT to administrate medical data of the (cloud computing) has become very appealing. E-health 24], medical research, and trading intellectual property [15]. insured, implicates the question, whether these systems medical are safe data, enough and opportunities to satisfy requirements for new business like pri- (EHRs) rity, ACM aretransaction believed to on decrease Information costs inand healthcare Systems (e.g., curity, security & privacy, Journal of computer secu- clouds offer new possibilities, such as easy and ubiquitous In particular e-health systems like electronic health records access to models. 1 vacy, INTRODUCTION However, safety, they security also bear and availability new risks and (Heeks, raise2006). challenges with The respect data administrated to security and by privacy the ehcaspects. and its infras- (Anderson, ministration) rity analysis2001). approach and tofurthermore, improve presented personal inone s thishealth paper reputation management differs taking avoiding Security out expensive unda ACM loan double Computing or trying diagnoses, Surveys). to find or repetitive insurance The secu- drug ad- In this tructure paper, iswe mosltly point strictly out several confidential shortcomings as it contains of current e-health personal solutions information and standards, about peoples particularly state of they health, do infrom general. other approaches due to the following aspects: During the next years in Germany the present health could get tarnished when the wrong pieces of own Examples of national activities are the e-health approach Focus (health care sector; technical evaluation of security measures), being up-to-date (appliance of up- insurance card will be replaced by the new sensitive medical information becomes publicly not address coursetheofclient disease platform and hereditary security, which diseases a(lorence crucial in Austria [23], the German electronic Health Card (ehc) electronic health card (ehc) (Sunyaev et al., 2009). accessible (Schneider, 2004). aspect for the overall security of e-health systems. To fill system [12] under development, or the Taiwan Electronic and Churchill, 2005). As for example insurance companies Dezember or employers 2010would be highly interested in tinctions (located in germany, regional and political to-date techniques and standards) and regional dis- The introduction tends to improve the efficiency of This paper is based on extensive laboratory this gap, we present a security architecture for establishing Medical Record Template (TMT) [22]. In Germany each insured personand will on get a smartcard detailed review that not of only gematik s contains Mittwoch, 15. privacy the domains health system in e-health and the infrastructures. patients rights Our (Bales, solution experiments ad- Peripheral parts (end-user systems) Platform security
24 Existing Security Analyses SECURITY ANALYSIS OF THE HEALTH CARE TELEMATICS INFRASTRUCTURE IN GERMANY Network security Access control policies Keywords: Michael Huber, Ali Sunyaev and Helmut Krcmar Chair for Information Systems, Technische Universität München, Germany {hubermic, sunyaev, SECURITY ANALYSIS OF THE GERMAN ELECTRONIC HEALTH CARD S PERIPHERAL PARTS Security analysis, Health Care Telematics, Electronic Health Card, Information Security Management Systems. Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Securing the E-Health Cloud Chair for Information Systems, Technische Universität München, Boltzmannstraße 3, Garching, Germany Abstract: Based on ISO for Information Security Management Systems, this paper introduces a newly developed {sunyaev, kaletsch, mauro, krcmar}@in.tum.de security analysis approach, suitable for technical security analyses in general. This approach is used for a security analysis of several components and processes of the Health Care Telematics in Germany. Besides the results of the analysis, basics for further analysis and verification activities is given. Hans Löhr Ahmad-Reza Sadeghi Marcel Winandy Horst Görtz Institute Horst Görtz Institute Horst Görtz Institute Keywords: Security for IT Security Analysis, Electronic Health Card, for IT Health Security Care Telematics. for IT Security!"#$%&#'()*+,%*&&(#&%*$%-#)./$%0#/1+0'/)#% 1 INTRODUCTION Ruhr-University Bochum Ruhr-Universityoutlook. BochumThe current Ruhr-University security status of Bochum health care in Abstract: This Germany paper describes a technical security Germany analysis which Germany is based was on evaluated experiments and Germany valuable done in a hints laboratory for future and hans.loehr@trust.rub.de verified in a physician s practice. +#1#./+*'&% ahmad.sadeghi@trust.rub.de The health care In Germany, the Electronic Health Card (ehc) will developments telematics infrastructure marcel.winandy@trust.rub.de in the health Germany care sector stipulates could be every derived. physician and every patient to automatically be given an electronic health smart card (for patients) and a replace the present health card as requested by law. corresponding health professional card (for health care providers). We analyzed these cards and the By establishing the ehc, several improvements, such The paper is based on a literature review (e.g. ABSTRACT peripheral parts of the telematics infrastructure according to the ISO security standard. The as cost savings, better ways of communication!"#$%&'()*+$ countries in the Computers in the & Security, recent years. Information There are Management continuing efforts & on introduced attack scenarios show that there are several security issues the peripheral parts of the German Modernhealth information care sector technology or theis self-determination increasingly used in ofhealth- care with sured theperson goal toconcerning improve national and international standardization for interoperability and data we provide exchange. corresponding Many different security application measures scenarios to the in- Computer Security, Information Systems Security, International Journal of Medical Informatics, Informa- health!"#$%&'"(&)*+),(+*%'$&-./0)1".2(-/.2")3(-4"%/-&5&)67(.2"(0)68(-.20)9"%'$(:) care telematics. andmedical enhance Based data, medical on discovered are supposed services vulnerabilities overcome these open issues and /8(:$"4;-(<&8'<=") and to reduce costs. In this context, the outsourcing derive of conceivable are envisaged consequences in electronic for the nation-wide healthcare (e-health), introduction e.g., of electronic health records [12, 23, 22], accounting and billing [17, to be achieved (Schabetsberger et al., 2006). tion Systems Journal, European Journal of Information Systems, International Journal of Information Se- computation and storage electronic resources health card to in general Germany. IT providers The use of IT to administrate medical data of the (cloud computing) has become very appealing.,)'$-)./0$1*#2*#34*.$ E-health 24], medical research, and trading intellectual property [15]. insured, implicates the question, whether these systems medical are safe data, enough and opportunities to satisfy requirements for new business like pri- (EHRs) rity, ACM aretransaction believed to on decrease Information costs inand healthcare Systems (e.g., curity, security & privacy, Journal of computer secu- clouds offer new possibilities, such as easy and ubiquitous In particular e-health systems like electronic health records!"#$%&'"(&)*+)>.*(*'-./0)3(-4"%/-&5&)?$//"@0)9"%'$(:) access models. 1 vacy, INTRODUCTION However, safety, they security also bear and availability new risks and (Heeks, raise2006). challenges with The respect data administrated to security and by privacy the ehcaspects. and its infras- (Anderson, ministration) rity analysis2001). approach and tofurthermore, improve presented personal inone s thishealth paper reputation management differs taking avoiding Security out expensive unda ACM loan double Computing or trying diagnoses, Surveys). to find or repetitive insurance The secu- drug ad- In this tructure paper, iswe mosltly point strictly out several confidential shortcomings as it 5*"2&4$6./2).$ contains of current e-health personal solutions information and standards, about peoples particularly state of they health, do infrom general. other approaches due to the following aspects: During the next years in Germany the present health could get tarnished when the wrong pieces of own Examples of national activities are the e-health approach Focus (health care sector; technical evaluation of security measures), being up-to-date (appliance of up- insurance card!"#$%&'"(&)*+),(+*%'$&-./0)1".2(-/.2")3(-4"%/-&5&)67(.2"(0)68(-.20)9"%'$(:) will be replaced by the new sensitive medical information becomes publicly not address coursetheofclient disease platform and hereditary security, which diseases a(lorence crucial in Austria [23], the German electronic Health Card (ehc) electronic health card (ehc) (Sunyaev et al., B%.'$%;-(<&8'<=") 2009). accessible (Schneider, 2004). aspect for the overall security of e-health systems. To fill system [12] under development, or the Taiwan Electronic and Churchill, 2005). As for example insurance companies Dezember or employers 2010would be highly interested in tinctions (located in germany, regional and political to-date techniques and standards) and regional dis- The introduction tends to improve the efficiency of This paper is based on extensive laboratory this gap, we present a security architecture for establishing Medical Record Template (TMT) [22]. In Germany each insured personand will on get a smartcard detailed review that not of only gematik s contains Mittwoch, 15. privacy the domains health system in e-health and the infrastructures. patients rights Our (Bales, solution experiments ad- Peripheral parts (end-user systems) Platform security Other open security issues
25 Open Problem: Card Management System!!! Mittwoch, 15. Dezember 2010
26 Open Problem: Card Management System!!! Einführung der Gesundheitskarte Einführung der Gesundheitskarte Kartenmanagement egk Facharchitektur Kartenmanagement egk Fachkonzept Version: Revision: main/rel_main/8 Stand: Status: freigegeben gematik_cms_facharchitektur_kartenmanagement_egk.doc Seite 1 von 81 Version: gematik Stand: Version: Revision: main/rel_main/5 Stand: Status: freigegeben gematik_cms_fachkonzept_kartenmanagement_egk_v1.3.0.doc Seite 1 von 62 Version: gematik Stand: Mittwoch, 15. Dezember 2010
27 Open Problem: Card Management System!!! Einführung der Gesundheitskarte Einführung der Gesundheitskarte Kartenmanagement egk Facharchitektur Kartenmanagement egk Fachkonzept Version: Revision: main/rel_main/8 Stand: Status: freigegeben gematik_cms_facharchitektur_kartenmanagement_egk.doc Seite 1 von 81 Version: gematik Stand: Version: Revision: main/rel_main/5 Stand: Status: freigegeben gematik_cms_fachkonzept_kartenmanagement_egk_v1.3.0.doc Seite 1 von 62 Version: gematik Stand: Mittwoch, 15. Dezember 2010
28 Card Management System
29 Card Management System
30 Card Management System
31 Card Management System
32 Card Management System
33 Card Management System
34 Card Management System
35 Card Management System
36 Card Management System
37 Card Management System
38 Card Management System
39 Card Management System
40 Card Management System
41 Card Management System
42 (1) Conflicting Requirements Security Requirement: At any time, the card management is not allowed to obtain information about application contents [...] for which it is not authorized. The card issuer MUST NOT get possession of unencrypted medical application data. Availability Requirement: When a replacement or renewal card is created, it MUST be assured that application data stored on a server (e.g., EHR) can be accessed using the new ehc. Mittwoch, 15. Dezember 2010
43 (1) Conflicting Requirements Security Requirement: Specification requires particular technical solution: At any time, the card management is not allowed to obtain information about application contents [...] for which it is not authorized. The following secret keys MUST be presently managed in The card issuer MUST NOT get possession of unencrypted medical application the context data. of the card management: [a list of keys follows]. Availability Requirement: Copies of the keys are stored!!! When a replacement or renewal card is created, it MUST be assured that application data stored on a server (e.g., EHR) can be accessed using the new ehc. Mittwoch, 15. Dezember 2010
44 Card Management System
45 Card Management System
46 Card Management System
47 (2) Creating Replacement Cards Lost/stolen ehc or switching health insurance implies creating a replacement card Copies of the keys from the old card are used: All data required for the production of the card are available. The card issuer may assign the creation of the card to one or more service providers. Mittwoch, 15. Dezember 2010
48 Card Management System
49 Card Management System
50 (3) Re-Encrypting Data Issuing replacement or renewal card implies re-encryption of data Input needed for Card Issuer: ICCSN (ehc ID) Input for the Application Operator: [Card Issuer] transmits the ICCSN of the insured party and other data to the application operator. Application Operator processes the application data. Mittwoch, 15. Dezember 2010
51 (3) Re-Encrypting Data Issuing replacement or renewal card implies re-encryption of data Input needed for Card Issuer: ICCSN (ehc ID) Input for the Application Operator: [Card Issuer] transmits the ICCSN of the insured party and other data to the application operator. Application Operator processes the application data. Mittwoch, 15. Dezember 2010
52 (3) Re-Encrypting Data Issuing replacement or renewal card implies re-encryption of data Input needed for Card Issuer: ICCSN (ehc ID) Input for the Application Operator: [Card Issuer] transmits the ICCSN of the insured party and other data to the application operator. Application Operator processes the application data. Mittwoch, 15. Dezember 2010
53 (3) Re-Encrypting Data Issuing replacement or renewal card implies re-encryption of data Input needed for Card Issuer: ICCSN (ehc ID) Input for the Application Operator: [Card Issuer] transmits the ICCSN of the insured party and other data to the application operator. Application Operator processes the application data. Mittwoch, 15. Dezember 2010
54 Card Management System
55 Card Management System
56 Card Management System Violation of Data Sovereignty of the Patient!!!! Mittwoch, 15. Dezember 2010
57 Conclusion German E-Health Card: complex security architecture Card Management System has serious flaws: Copies of the secret keys of the patients are stored and could spread to other (unauthorized) parties Data Sovereignty of the patient is violated! Possible solution: remove technical requirement (instead: designs could use, e.g., secret key sharing) MediTrust (Platform security for end-users) ebpg ebusiness Plattform Gesundheit (Alternative security solution for accessing electronic health records) Mittwoch, 15. Dezember 2010
58 Questions? Contact: Marcel Winandy Ruhr-University Bochum Mittwoch, 15. Dezember 2010
Securing the E-Health Cloud
Securing the E-Health Cloud Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy 1st ACM International Health Informatics Symposium (IHI 2010) Arlington, Virginia, USA, 11-12 November 2010 Introduction Buzzwords
More informationSECURITY ANALYSIS OF THE GERMAN ELECTRONIC HEALTH CARD S PERIPHERAL PARTS
SECURITY ANALYSIS OF THE GERMAN ELECTRONIC HEALTH CARD S PERIPHERAL PARTS Ali Sunyaev, Alexander Kaletsch, Christian Mauro and Helmut Krcmar Chair for Information Systems, Technische Universität München,
More informationPlease quote as: Sunyaev, A.; Leimeister, J.M.; Krcmar, H. (2010): Open Security Issues in German Healthcare Telematics. In: Proceedings of the Third
Please quote as: Sunyaev, A.; Leimeister, J.M.; Krcmar, H. (2010): Open Security Issues in German Healthcare Telematics. In: Proceedings of the Third International Conference on Health Informatics (HealthInf
More informationSecuring the E-Health Cloud
Securing the E-Health Cloud Hans Löhr Horst Görtz Institute for IT Security Ruhr-University Bochum Germany hans.loehr@trust.rub.de Ahmad-Reza Sadeghi Horst Görtz Institute for IT Security Ruhr-University
More informationConnected health-it - Germany s Telematics Infrastructure
Connected health-it - Germany s Telematics Infrastructure Dr. Christof Gessner gematik Gesellschaft für Telematikanwendungen der Gesundheitskarte mbh Friedrichstraße 136 10117 Berlin 20.04.2016 1 Shareholders
More informationPlease quote as: Duennebeil, S.; Sunyaev, A.; Blohm, I.; Leimeister, J. M. & Krcmar, H. (2010): Do German physicians want electronic health services?
Please quote as: Duennebeil, S.; Sunyaev, A.; Blohm, I.; Leimeister, J. M. & Krcmar, H. (2010): Do German physicians want electronic health services? A characterization of potential adopters and rejectors
More informationPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationStrategies for Development and Adoption of EHR in German Ambulatory Care
Strategies for Development and Adoption of EHR in German Ambulatory Care Sebastian Duennebeil 1, Ali Sunyaev 1, Jan Marco Leimeister 2, Helmut Krcmar 1 1 Department of Informatics 1 Technische Universität
More informationPlease quote as: Mauro, C.; Sunyaev, A.; Leimeister, J. M.; Schweiger, A. & Krcmar, H. (2008): A proposed solution for managing doctor's smart cards
Please quote as: Mauro, C.; Sunyaev, A.; Leimeister, J. M.; Schweiger, A. & Krcmar, H. (2008): A proposed solution for managing doctor's smart cards in hospitals using a single sign-on central architecture.
More informationA Proposed Solution for Managing Doctor s Smart Cards in Hospitals Using a Single Sign-On Central Architecture
A Proposed Solution for Managing Doctor s Smart Cards in Hospitals Using a Single Sign-On Central Architecture Christian Mauro Ali Sunyaev Jan Marco Leimeister Andreas Schweiger Helmut Krcmar Technische
More informationUniversität München Fakultät für Informatik Lehrstuhl für Wirtschaftsinformatik (i17) Sebastian Dünnebeil Helmut Krcmar
Universität München Fakultät für Informatik Lehrstuhl für Wirtschaftsinformatik (i17) Sebastian Dünnebeil Helmut Krcmar Market Engineering for Electronic Health Services Technische Universität München
More informationSmart Cards for Future Healthcare Systems. Secure, efficient, reliable
Smart Cards for Future Healthcare Systems Secure, efficient, reliable Card-based e-health networks: cutting costs and improving care All around the world, newspaper headlines warn about the exploding costs
More informationCommon Criteria Protection Profile. electronic Health Card (ehc) elektronische Gesundheitskarte (egk)
electronic Health Card (ehc) elektronische Gesundheitskarte (egk) BSI-CC-PP-0020-V3-2010-MA-01 Approved by the Federal Ministry of Health Version 2.9, 19th April 2011 electronic Health Card Version 2.9,
More informationAN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
More informationCommon Criteria Protection Profile. electronic Health Card (ehc) elektronische Gesundheitskarte (egk) BSI-PP-0020-V2-2007
VERSION 2.00 (ehc) elektronische Gesundheitskarte (egk) BSI-PP-0020-V2-2007 Approved by the Federal Ministry of Health Version 2.00, 29 th January 2007 Version 2.00, 29 th January 2007 this page was intentionally
More informationKeywords: German electronic ID card, e-government and e-business applications, identity management
From Student Smartcard Applications to the German Electronic Identity Card Lucie Langer, Axel Schmidt, Alex Wiesmaier Technische Universität Darmstadt, Department of Computer Science, Darmstadt, Germany
More informationCommon Criteria Protection Profile. electronic Health Card (ehc) elektronische Gesundheitskarte (egk) BSI-PP-0020-V2-2007-MA01
VERSION 2.50 (ehc) elektronische Gesundheitskarte (egk) BSI-PP-0020-V2-2007-MA01 Approved by the Federal Ministry of Health Version 2.50, 2 nd January 2008 Version 2.50, 2nd January 2008 this page was
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationWritten Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015
Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 to the Public Consultation of the European Commission on Standards in the Digital : setting priorities
More informationProperty Based TPM Virtualization
Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix
More informationSecurity und Compliance in Clouds
Security und Compliance in Clouds Prof. Dr. Jan Jürjens, Kristian Beckers Fraunhofer Institut für Software- und Systemtechnologie ISST, Dortmund http://jan.jurjens.de The NIST Cloud Definition Framework
More informationComputer and Network Security Policy
Coffeyville Community College Computer and Network Security Policy Created By: Jeremy Robertson Network Administrator Created on: 6/15/2012 Computer and Network Security Page 1 Introduction: The Coffeyville
More informationJournal of Electronic Banking Systems
Journal of Electronic Banking Systems Vol. 2015 (2015), Article ID 614386, 44 minipages. DOI:10.5171/2015.614386 www.ibimapublishing.com Copyright 2015. Khaled Ahmed Nagaty. Distributed under Creative
More informationPlease quote as: Sunyaev, A.; Atherton, M.; Mauro, C.; Leimeister, J. M. & Krcmar, H. (2009): Characteristics of IS security approaches with respect
Please quote as: Sunyaev, A.; Atherton, M.; Mauro, C.; Leimeister, J. M. & Krcmar, H. (2009): Characteristics of IS security approaches with respect to healthcare. In: Proceedings of the Fifteenth Americas
More informationECCA 2014 Conference Santander 26.05.2014
ECCA 2014 Conference Santander 26.05.2014 Introducing -Technology For Strong Authentication Section 3- IT-Systems, Softwareintegration Department 6 Information And Communication Services Dezernat6 - Informations-
More informationEHR IN THE CLOUD - FINDING A BALANCE
1 05/12/2013 EHR IN THE CLOUD - FINDING A BALANCE Michael De Geest Central information security consultant vzw Provincialaat der Broeders van Liefde 2 EHR in the Cloud - introduction Find a clever way
More informationFor a health-care system with a future. The electronic health insurance card.
For a health-care system with a future. The electronic health insurance card. Find out more What will change with the electronic health insurance card? Opportunities The electronic health insurance card
More informationSecondary Use of the EHR via Pseudonymisation
Secondary Use of the EHR via Klaus POMMERENING Institut für Medizinische Biometrie, Epidemiologie und Informatik Johannes-Gutenberg-Universität D-55101 Mainz, Germany Michael RENG Klinik und Poliklinik
More informationOptimizing the User Experience of a Social Content Management Software for Casual Users
Optimizing the User Experience of a Social Content Management Software for Casual Users 10.08.2015, TU München Florian Katenbrink, Thomas Reschenhofer, Prof. Dr. Florian Matthes Software Engineering for
More informationSecurity and Compliance in Clouds: Challenges and Solutions
Security and Compliance in Clouds: Challenges and Solutions Prof. Dr. Jan Jürjens Fraunhofer Institut für Software- und Systemtechnologie ISST, Dortmund http://jan.jurjens.de This Talk What are the challenges?
More informationD.I.M. allows different authentication procedures, from simple e-mail confirmation to electronic ID.
Seite 1 von 11 Distributed Identity Management The intention of Distributed Identity Management is the advancement of the electronic communication infrastructure in justice with the goal of defining open,
More informationSOLUTIONS FOR HEALTHCARE PROFESSIONALS AND GOVERNMENTS
SOLUTIONS FOR HEALTHCARE PROFESSIONALS AND GOVERNMENTS The number of people in need of medical care in the world is continuously increasing, as evidenced by the evolving demographic outlook in both developed
More informationThe ELGA initiative: A plan for implementing a nationwide electronic health records system in Austria
The ELGA initiative: A plan for implementing a nationwide electronic health records system in Austria Georg Duftschmid, Wolfgang Dorda, Walter Gall Core Unit of Medical Statistics and Informatics Section
More informationSiemens Roadmap to ehealth
Siemens Roadmap to ehealth 4. th. ehealth national conference, Sofia Michael Gorgi June 26 th., 2007 Siemens Bulgaria Agenda ehealth? Evolution of ehealth Systems Siemens & ehealth Page 2 June 2007 Siemens
More informationMatthias Hauss- SRC Security Research & Consulting GmbH October 2011. PCI DSS Requirements in the Context of European Data Protection Law
Matthias Hauss- SRC Security Research & Consulting GmbH October 2011 PCI DSS Requirements in the Context of European Data Protection Law About SRC Two pillars: Card-based Payment Systems and IT security
More informationUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device Atanas Filyanov 1, Jonathan M. McCune 2, Ahmad-Reza Sadeghi 3, Marcel Winandy 1 1 Ruhr-University Bochum, Germany 2 Carnegie Mellon
More informationContinuity of Care Record (CCR) in Germany? PROREC activities on the way to EHR interoperability
Herzlich Willkommen! EHTEL Telemed ehealth IOP Satellite Heidelberg, 12 June 2008 Continuity of Care Record (CCR) in Germany? PROREC activities on the way to EHR interoperability Sebastian Claudius Semler
More informationCard enabled e-health network How to improve healthcare
Card enabled e-health network How to improve healthcare Dr. Elmar Fassbinder Patrick Melioris Bratislava, 25. Sept. 2008 Page 1 Agenda 1) The Vicious Circle in health care 2) Card enabled e-health Network
More informationSERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security
International Telecommunication Union ITU-T Y.2740 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2011) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS
More informationPlease quote as: Dünnebeil, S.; Mauro, C.; Sunyaev, A.; Leimeister, J. M. & Krcmar, H. (2009): Integration of patient health portals into the German
Please quote as: Dünnebeil, S.; Mauro, C.; Sunyaev, A.; Leimeister, J. M. & Krcmar, H. (2009): Integration of patient health portals into the German healthcare telematics infrastructure. In: 15. Americas
More informationPCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker
PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS
More informationPlease quote as: Dünnebeil, S.; Köbler, F.; Koene, P.; Leimeister, J. M. & Krcmar, H. (2011): Encrypted NFC emergency tags based on the German
Please quote as: Dünnebeil, S.; Köbler, F.; Koene, P.; Leimeister, J. M. & Krcmar, H. (2011): Encrypted NFC emergency tags based on the German Telematics Infrastructure. In: Third International Workshop
More informationHow to Use ISO/IEC 24727-3 with Arbitrary Smart Cards
How to Use ISO/IEC 24727-3 with Arbitrary Smart Cards Detlef Hühnlein 1 and Manuel Bach 2 1 secunet Security Networks AG, Sudetenstraße 16, 96247 Michelau, Germany detlef.huehnlein@secunet.com 2 Federal
More informationMobile App Testing. Mobile App Testing. Seite 1 von 10
Mobile App Testing Seite 1 von 10 1 Security and Insecurity of mobile Applications... 3 1.1 App-Security in official App Stores... 3 1.2 mediatest digital App Security Audits... 3 1.2.1 Testing Approach...
More informationResponse of the German Medical Association
Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful
More informationGuide for Securing E-mail With WISeKey CertifyID Personal Digital Certificate (Personal eid)
The World Internet Security Company Solutions for Security Guide for Securing E-mail With WISeKey CertifyID Personal Digital Certificate (Personal eid) Wherever Security relies on Identity, WISeKey has
More informationModel-based Security Analysis of the German Health Card Architecture
Model-based Security Analysis of the German Health Card Architecture J. Jürjens Computing Department, The Open University, UK R. Rumm Munich, Germany Summary Objectives: Health-care information systems
More informationAlternative authentication what does it really provide?
Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies
More informationQualified mobile electronic signatures: Possible, but worth a try?
Qualified mobile electronic signatures: Possible, but worth a try? Lothar Fritsch 1, Johannes Ranke 2, Heiko Rossnagel 1 Interest level of audience: 3 - for application developers (interested in IT security)
More informationInadequacies of Current Risk Controls for the Cloud
Inadequacies of Current Risk Controls for the Cloud Name: Michael Goldsmith Michael Auty, Sadie Creese and Paul Hopkins Venue: CPSRT@CloudCom2010, Indianapolis Date: 2 December 2010 Research supported
More informationProtected Patients Data Centre in Cloud Computing
Protected Patients Data Centre in Cloud Computing Ms.M.Shanthi 1, Mr. P. Ranjithkumar 2 M.E II year, Department of Computer Science and Engineering, Sri Subramanya College Of Engineering and Technology,
More informationCanada Health Infoway
Canada Health Infoway EHR s in the Canadian Context June 7, 2005 Mike Sheridan, COO Canada Health Infoway Healthcare Renewal In Canada National Healthcare Priorities A 10-year Plan to Strengthen Healthcare
More informationTechnical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA
Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA Dr. Stephan Beirer s.beirer@gai-netconsult.de Sichere ebusiness
More informationCertification Practice Statement
Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require
More informationManaging for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud
Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to
More informationIntroducing the Electronic Health Record in Austria
Introducing the Electronic Health Record in Austria Wolfgang Dorda a, Georg Duftschmid a, Lukas Gerhold a, Walter Gall a, Jürgen Gambal b a Core Unit for Medical Statistics and Informatics, Medical University
More informationVs Encryption Suites
Vs Encryption Suites Introduction Data at Rest The phrase "Data at Rest" refers to any type of data, stored in the form of electronic documents (spreadsheets, text documents, etc.) and located on laptops,
More informationThreat Model for Software Reconfigurable Communications Systems
Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationexceet Secure Solutions Smart & Secure Network From Vision to Reality
exceet Secure Solutions Smart & Secure Network From Vision to Reality Agenda 1. About exceet 2. Entering the World of Smart Connected Products 3. exceet s Transformation Developing New Competencies 4.
More informatione-health in Europe Georges Liberman, Ingenico
e-health in Europe At Ingenico, we bring the security layer between the patient, the doctor, and the health management system. This way healthcare systems become safer, more efficient, and provide a better
More informationWhite Paper. From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards
From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards Abstract HIPAA requires a number of administrative, technical, and physical safeguards to protect patient information
More informationSecure Information Systems Engineering: Experiences and Lessons Learned from two Health Care Projects
Secure Information Systems Engineering: Experiences and Lessons Learned from two Health Care Projects H. Mouratidis 1, A. Sunyaev 2, J. Jurjens 3 1 School of Computing and Technology, University of East
More informationSECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER
SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER Mrs. P.Venkateswari Assistant Professor / CSE Erode Sengunthar Engineering College, Thudupathi ABSTRACT Nowadays Communication
More informationSecurity and privacy rights management for mobile and ubiquitous computing
Security and privacy rights management for mobile and ubiquitous computing Michael Fahrmair, Wassiou Sitou, and Bernd Spanfelner Technische Universität München, Department of Informatics, Boltzmannstr.3,
More informationFederation Proxy for Cross Domain Identity Federation
Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationGENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET
http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004
More informationSecure procedure for the German CCIs certificates of origin
Secure procedure for the German CCIs certificates of origin In Germany, Chambers of Commerce and Industry issue certificates of origin. They apply two different procedures, which are equally correct and
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More informationCompliance in Clouds A cloud computing security perspective
Compliance in Clouds A cloud computing security perspective Kristian Beckers, Martin Hirsch, Jan Jürjens GI Workshop: Governance, Risk & Compliance on the 19th of March 2010 What is Cloud Computing? Today:
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationHeuristic Walkthrough Usability Evaluation of Electronic Health Record with a Proposed Security Architecture
Heuristic Walkthrough Usability Evaluation of Electronic Health Record with a Proposed Prajakta Pawar, Sushopti Gawade Abstract: There currently appears to be concerted efforts at national (HSE) Regional
More informationTechnische Herausforderungen der Cloud-Forensik
Technische Herausforderungen der Cloud-Forensik Dominik Birk Horst Görtz Institute for IT Security Bochum (Germany) Anwendertag IT-Forensik 2011 April 12 th, 2011, Darmstadt The Speaker Dominik Birk Ph.D.
More informationA Structured Comparison of Security Standards
A Structured Comparison of Security Standards Kristian Beckers 1, Isabelle Côté 3, Stefan Fenz 2, Denis Hatebur 1,3, and Maritta Heisel 1 1 paluno - The Ruhr Institute for Software Technology - University
More informationPervasive Computing und. Informationssicherheit
Pervasive Computing und 11. Symposium on Privacy and Security Rüschlikon, 13. September 2006 Prof. Christof Paar European Competence Center for IT Security www.crypto.rub.de Contents 1. Pervasive Computing
More information2.2 The Security of Electronic Medical Records (EMR) DOH, the Executive Yuan August 19, 2009
Topic 2: Privacy Protection and Ensuring Security of Network Applications or Services 2.2 The Security of Electronic Medical Records (EMR) DOH, the Executive Yuan August 19, 2009 1 Agenda 1. The Vision
More informationehealth EHR Viewer & Integration Joint Service/Access Policy Executive Summary for Authorized Provider Organizations ("APOs")
ehealth EHR Viewer & Integration Joint Service/Access Policy July 31, 2013 Version 1.0 1. BACKGROUND: Executive Summary for Authorized Provider Organizations ("APOs") ehealth Saskatchewan ("ehealth") is
More informationImplementation of Role Based Access Control on Encrypted Data in Hybrid Cloud
Implementation of Role Based Access Control on Encrypted Data in Hybrid Cloud Gajanan Ganorkar, Prof. A.B. Deshmukh, Prof M.D.Tambhakhe Information Technology Email:g.ganorkar7691@gmail.com Contact: 8600200142
More informationCHAPTER 1 INTRODUCTION
1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing
More informationDIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES
DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationNational Deployment Committee Activity Report
National Deployment Committee Activity Report Nation / Region Name: IHE Austria Deployment Committee Report Date Activity Report Issued: April 26 th, 2012 Mission of the National / Regional IHE initiative
More informationSecurity and Privacy Issues and Requirements for Healthcare Cloud Computing
ICT Innovations 2012 Web Proceedings ISSN 1857-7288 143 Security and Privacy Issues and Requirements for Healthcare Cloud Computing Goce Gavrilov 1, Vladimir Trajkovik 2 1 Health Insurance Fund of Macedonia,
More informationpreliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.
Privacy-Preserving Public Auditing For Secure Cloud Storage ABSTRACT: Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationsecure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress
secure Identity and Access Management solutions user IDs and business processes Your business technologists. Powering progress 2 Protected identity through access management Cutting costs, increasing security
More informationSecure Card based Voice over Internet Protocol Authentication
Secure Card based Voice over Internet Protocol Authentication By GOWSALYA.S HARINI.R CSE-B II YEAR (IFET COLLEGE OF ENGG.) Approach to Identity Card-based Voiceover-IP Authentication Abstract Voice-over-IP
More informationEHR STRATEGY FINLAND. Kari Harno Helsinki University Central Hospital
EHR STRATEGY FINLAND Kari Harno Helsinki University Central Hospital The Nordic Welfare Model In Finland this model includes: universal coverage of services universal social security scheme health insurance
More informationPseudonymization for Secondary Use of Cloud Based Electronic Health Records
Pseudonymization for Secondary Use of Cloud Based Electronic Health Records Liangyu Xu 1, Armin B. Cremers 2 and Tobias Wilken 3 Institute of Computer Science III University of Bonn, 53117 Bonn, Germany
More informationHealthcare Delivery. Transforming. through Mobility Solutions. A Solution White Paper - version 1.0
Transforming Healthcare Delivery through Mobility Solutions A Solution White Paper - version 1.0 HTC Global Services HTC Towers, No. 41, GST Road, Guindy, Chennai - 600 032, India. Ph: +91 44 4345 3500
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationSecure Cloud Identity Wallet
1 CREDENTIAL Secure Cloud Identity Wallet DS-02-2014 Dr. Arne Tauber u 2 CREDENTIAL Research Project Call: H2020-DS-2014-1 Acronym: CREDENTIAL Type of Action: IA Number: 653454 Partners: 12 Duration: 36
More informationEUNIS 2009: AVAILABILITY AND CONTINUITY MANAGEMENT AT TECHNISCHE UNIVERSITÄT MÜNCHEN AND THE LEIBNIZ SUPERCOMPUTING CENTRE
EUNIS 2009: AVAILABILITY AND CONTINUITY MANAGEMENT AT TECHNISCHE UNIVERSITÄT MÜNCHEN AND THE LEIBNIZ SUPERCOMPUTING CENTRE Wolfgang Hommel 1, Silvia Knittl 2, and Daniel Pluta 3 1 Leibniz Supercomputing
More informationInformation & Communication Security (SS 15)
Information & Communication Security (SS 15) Electronic Signatures Dr. Jetzabel Serna-Olvera @sernaolverajm Chair of Mobile Business & Multilateral Security Goethe University Frankfurt www.m-chair.de Agenda
More information