9. Information Security Flashcards
What is the main goal of information security in healthcare?
To protect sensitive medical information from unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction.
What are the key principles of information security?
confidentiality
integrity
availability
authenticity
accountability.
How does data encryption contribute to information security?
Data encryption transforms readable data into an unreadable format, ensuring its confidentiality and integrity.
What are the challenges in maintaining information security in healthcare?
Challenges include balancing data accessibility with security, evolving cyber threats, and ensuring compliance with legal and ethical standards.
how do healthcare providers ensure data integrity?
Data integrity is maintained through measures like regular backups, data validation, and error-checking processes.
Information Security: It involves protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction. It encompasses the preservation of confidentiality, integrity, and availability of information.
Safety: It refers to the property of a system being free from risk of causing harm, particularly physical harm, to its system entities.
According to ISO 27000, the properties include confidentiality (information is not disclosed to unauthorized entities), integrity (protection of accuracy and completeness of assets), availability (system accessibility upon demand), authenticity (ensuring an entity is what it claims to be), and accountability (entities being responsible for their actions).
Protection measures include authenticity (TLS with server certificates, username/password policies), integrity (server hardening, intrusion detection), confidentiality (access restrictions, database encryption), and availability (virtualization, redundant hardware).
Secure Software Development:
It involves functional requirements, threat analysis (using frameworks like STRIDE or LINDDUN), risk analysis, modeling and design of security measures, implementation, and testing.
Threat and Risk Analysis: Basic Concepts, Dependencies:
Threat analysis identifies potential adverse impacts on organizational operations or assets through unauthorized access or actions. Vulnerability is a weakness that could be exploited by threats. Risk is a measure of the extent to which an entity is threatened.
STRIDE, LINDDUN:
STRIDE: A threat modeling approach developed by Microsoft, addressing security properties.
LINDDUN: An extension to STRIDE, focusing on privacy-specific threats and properties.
Example: Cryptology:
Symmetric Ciphers: Encryption and decryption with a similar or easily derivable key.
Asymmetric Ciphers: Utilize a public key for encryption and a private key for decryption.
Hybrid Ciphers: Combine the speed of symmetric ciphers with the safety of asymmetric ciphers.
Example: German Telematik-Infrastruktur:
Personal Cards (eGK, HBA): The electronic health insurance card (eGK) and the electronic health professional card (HBA) are part of the national IT infrastructure for healthcare in Germany, supporting secure communication and electronic medical records.
