TY - GEN
T1 - Personal Health Data
T2 - 17th Iberian Conference on Information Systems and Technologies, CISTI 2022
AU - Sanchez Rubio, Carlos Javier
AU - Villacorta, Gino Gerardo
AU - Choque, Jercino Osorio
AU - Armas-Aguirre, Jimmy
N1 - Publisher Copyright:
© 2022 IEEE Computer Society. All rights reserved.
PY - 2022
Y1 - 2022
N2 - In this paper, we proposed a model of security capabilities to prevent personal health data leakage in Big Data environments. There are new threats and risks in every organization in the health sector, among which the leakage of personal data stands out as the amount of digital information about a patient or employee circulates in networks, equipment, and systems. The proposed model allows the healthcare entity to measure the level of maturity of its organization by identifying how robust it is to prevent data leakage scenarios, as well as to identify existing gaps and shortcomings. This proposal allows healthcare organizations to establish remediation measures in those domains with a deficient level, acting preventively before the risk event materializes. The model incorporates 10 domains with the best practices of NIST, which have allowed an analysis to be carried out to obtain a greater scope of all the necessary edges to have an adequate level of prevention in the organization. The structure of the model is made up of three phases: 1. Diagnosis of the organization by using the proposed model through a questionnaire; 2. Collection and processing of the results divided into 3 sub-phases: 2.1 Review and measurement of the results of the answers, 2.2 Analysis based on criteria from 1 to 5, and 2.3 Level of maturity obtained; 3. The proposal was validated in private health organizations in Lima, Peru. Preliminary results show a trend of security deficiencies in the same domains for the companies evaluated.
AB - In this paper, we proposed a model of security capabilities to prevent personal health data leakage in Big Data environments. There are new threats and risks in every organization in the health sector, among which the leakage of personal data stands out as the amount of digital information about a patient or employee circulates in networks, equipment, and systems. The proposed model allows the healthcare entity to measure the level of maturity of its organization by identifying how robust it is to prevent data leakage scenarios, as well as to identify existing gaps and shortcomings. This proposal allows healthcare organizations to establish remediation measures in those domains with a deficient level, acting preventively before the risk event materializes. The model incorporates 10 domains with the best practices of NIST, which have allowed an analysis to be carried out to obtain a greater scope of all the necessary edges to have an adequate level of prevention in the organization. The structure of the model is made up of three phases: 1. Diagnosis of the organization by using the proposed model through a questionnaire; 2. Collection and processing of the results divided into 3 sub-phases: 2.1 Review and measurement of the results of the answers, 2.2 Analysis based on criteria from 1 to 5, and 2.3 Level of maturity obtained; 3. The proposal was validated in private health organizations in Lima, Peru. Preliminary results show a trend of security deficiencies in the same domains for the companies evaluated.
KW - Big Data Security
KW - Data Breaches
KW - Data Leakage
KW - Health Data
UR - https://www.scopus.com/pages/publications/85134828494
U2 - 10.23919/CISTI54924.2022.9820432
DO - 10.23919/CISTI54924.2022.9820432
M3 - Contribución a la conferencia
AN - SCOPUS:85134828494
T3 - Iberian Conference on Information Systems and Technologies, CISTI
BT - Proceedings of 2022 17th Iberian Conference on Information Systems and Technologies, CISTI 2022
A2 - Rocha, Alvaro
A2 - Bordel, Borja
A2 - Penalvo, Francisco Garcia
A2 - Goncalves, Ramiro
PB - IEEE Computer Society
Y2 - 22 June 2022 through 25 June 2022
ER -