Michail Smyrlis, Evangelos Floros, Ioannis Basdekis, Dumitru-Bogdan Prelipcean, Aristeidis Sotiropoulos, Herve Debar, Apostolis Zarras, George Spanoudakis
{"title":"RAMA:医疗机构风险评估解决方案","authors":"Michail Smyrlis, Evangelos Floros, Ioannis Basdekis, Dumitru-Bogdan Prelipcean, Aristeidis Sotiropoulos, Herve Debar, Apostolis Zarras, George Spanoudakis","doi":"10.1007/s10207-024-00820-4","DOIUrl":null,"url":null,"abstract":"<p>Recent cyber-attacks targeting healthcare organizations underscore the growing prevalence of the sector as a prime target for malicious activities. As healthcare systems manage and store sensitive personal health information, the imperative for robust cyber security and privacy protocols becomes increasingly evident. Consequently, healthcare institutions are compelled to actively address the intricate cyber security risks inherent in their digital ecosystems. In response, we present RAMA, a risk assessment solution designed to evaluate the security status of cyber systems within critical domain, such as the healthcare one. By leveraging RAMA, both local stakeholders, such as the hospital’s IT personnel, and global actors, including external parties, can assess their organization’s cyber risk profile. Notably, RAMA goes beyond risk quantification; it facilitates a comparative analysis by enabling organizations to measure their performance against average aggregated mean scores, fostering a culture of continuous improvement in cyber security practices. The practical efficacy of RAMA is demonstrated through its deployment across four real-world healthcare IT infrastructures. This study not only underscores the significance of addressing cyber security risks within healthcare but also highlights the value of innovative solutions like RAMA in safeguarding sensitive health information and enhancing the sector’s overall cyber resilience.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"224 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"RAMA: a risk assessment solution for healthcare organizations\",\"authors\":\"Michail Smyrlis, Evangelos Floros, Ioannis Basdekis, Dumitru-Bogdan Prelipcean, Aristeidis Sotiropoulos, Herve Debar, Apostolis Zarras, George Spanoudakis\",\"doi\":\"10.1007/s10207-024-00820-4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Recent cyber-attacks targeting healthcare organizations underscore the growing prevalence of the sector as a prime target for malicious activities. As healthcare systems manage and store sensitive personal health information, the imperative for robust cyber security and privacy protocols becomes increasingly evident. Consequently, healthcare institutions are compelled to actively address the intricate cyber security risks inherent in their digital ecosystems. In response, we present RAMA, a risk assessment solution designed to evaluate the security status of cyber systems within critical domain, such as the healthcare one. By leveraging RAMA, both local stakeholders, such as the hospital’s IT personnel, and global actors, including external parties, can assess their organization’s cyber risk profile. Notably, RAMA goes beyond risk quantification; it facilitates a comparative analysis by enabling organizations to measure their performance against average aggregated mean scores, fostering a culture of continuous improvement in cyber security practices. The practical efficacy of RAMA is demonstrated through its deployment across four real-world healthcare IT infrastructures. This study not only underscores the significance of addressing cyber security risks within healthcare but also highlights the value of innovative solutions like RAMA in safeguarding sensitive health information and enhancing the sector’s overall cyber resilience.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"224 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00820-4\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00820-4","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
最近发生的针对医疗机构的网络攻击事件表明,医疗行业日益成为恶意活动的主要目标。由于医疗保健系统管理和存储着敏感的个人健康信息,因此建立健全的网络安全和隐私协议变得日益重要。因此,医疗保健机构不得不积极应对其数字生态系统中固有的错综复杂的网络安全风险。为此,我们推出了 RAMA 风险评估解决方案,旨在评估医疗保健等关键领域网络系统的安全状况。利用 RAMA,医院 IT 人员等本地利益相关者和包括外部各方在内的全球参与者都可以评估其组织的网络风险状况。值得注意的是,RAMA 不仅能量化风险,还能使组织对照平均综合平均分来衡量自己的表现,从而促进比较分析,培养不断改进网络安全实践的文化。RAMA 在四个实际医疗保健 IT 基础设施中的应用证明了它的实际功效。这项研究不仅强调了应对医疗保健领域网络安全风险的重要性,还突出了 RAMA 等创新解决方案在保护敏感健康信息和提高行业整体网络复原力方面的价值。
RAMA: a risk assessment solution for healthcare organizations
Recent cyber-attacks targeting healthcare organizations underscore the growing prevalence of the sector as a prime target for malicious activities. As healthcare systems manage and store sensitive personal health information, the imperative for robust cyber security and privacy protocols becomes increasingly evident. Consequently, healthcare institutions are compelled to actively address the intricate cyber security risks inherent in their digital ecosystems. In response, we present RAMA, a risk assessment solution designed to evaluate the security status of cyber systems within critical domain, such as the healthcare one. By leveraging RAMA, both local stakeholders, such as the hospital’s IT personnel, and global actors, including external parties, can assess their organization’s cyber risk profile. Notably, RAMA goes beyond risk quantification; it facilitates a comparative analysis by enabling organizations to measure their performance against average aggregated mean scores, fostering a culture of continuous improvement in cyber security practices. The practical efficacy of RAMA is demonstrated through its deployment across four real-world healthcare IT infrastructures. This study not only underscores the significance of addressing cyber security risks within healthcare but also highlights the value of innovative solutions like RAMA in safeguarding sensitive health information and enhancing the sector’s overall cyber resilience.
期刊介绍:
The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation.
Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
