TY - GEN
T1 - Cybersecurity maturity model for the protection and privacy of personal health data
AU - Rojas, Aaron Joseph Serrano
AU - Valencia, Erick Fabrizzio Paniura
AU - Armas-Aguirre, Jimmy
AU - Molina, Juan Manuel Madrid
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - This paper proposes a cybersecurity maturity model to assess the capabilities of medical organizations to identify their level of maturity, prioritizing privacy and personal data protection. There are problems such as data breaches, the lack of security measures in health information, and the poor capacity of organizations to handle cybersecurity threats that generate concern in the health sector as they seek to mitigate risks in cyberspace. The proposal, based upon C2M2 (Cybersecurity Capability Maturity Model), incorporates practices and controls which allow organizations to identify security gaps generated through cyberattacks on sensitive health patient data. This model seeks to integrate the best practices related to privacy and protection of personal data in the Peruvian legal framework through the Administrative Directive No. 294-MINSA and the personal data protection Act No. 29733. The model consists of 3 evaluation phases. 1. Assessment planning; 2. Execution of the evaluation; 3. Implementation of improvements. The model was validated and tested in a public sector medical organization in Lima, Peru. The preliminary results showed that the organization is at Level 1 with 14% of compliance with established controls, 34% in risk, threat and vulnerability management practices and 19% in supply chain management. These the 3 highest percentages of the 10 evaluated domains.
AB - This paper proposes a cybersecurity maturity model to assess the capabilities of medical organizations to identify their level of maturity, prioritizing privacy and personal data protection. There are problems such as data breaches, the lack of security measures in health information, and the poor capacity of organizations to handle cybersecurity threats that generate concern in the health sector as they seek to mitigate risks in cyberspace. The proposal, based upon C2M2 (Cybersecurity Capability Maturity Model), incorporates practices and controls which allow organizations to identify security gaps generated through cyberattacks on sensitive health patient data. This model seeks to integrate the best practices related to privacy and protection of personal data in the Peruvian legal framework through the Administrative Directive No. 294-MINSA and the personal data protection Act No. 29733. The model consists of 3 evaluation phases. 1. Assessment planning; 2. Execution of the evaluation; 3. Implementation of improvements. The model was validated and tested in a public sector medical organization in Lima, Peru. The preliminary results showed that the organization is at Level 1 with 14% of compliance with established controls, 34% in risk, threat and vulnerability management practices and 19% in supply chain management. These the 3 highest percentages of the 10 evaluated domains.
KW - Data privacy
KW - Health Information
KW - Maturity Model
UR - https://www.scopus.com/pages/publications/85144115946
U2 - 10.1109/ICALTER57193.2022.9964729
DO - 10.1109/ICALTER57193.2022.9964729
M3 - Contribución a la conferencia
AN - SCOPUS:85144115946
T3 - Proceedings of the 2022 IEEE 2nd International Conference on Advanced Learning Technologies on Education and Research, ICALTER 2022
BT - Proceedings of the 2022 IEEE 2nd International Conference on Advanced Learning Technologies on Education and Research, ICALTER 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2nd IEEE International Conference on Advanced Learning Technologies on Education and Research, ICALTER 2022
Y2 - 16 November 2022 through 19 November 2022
ER -