Data Models for the Pseudonymization of DICOM Data
DICOM has become the most widely implemented and supported communications standard for medical imaging. The security of DICOM relies on the encryption of the communication channels. However, for highly sensitive medical data this is often not sufficient. This paper presents a data model for systems…
Ontology-Based Decision Support for Information Security Risk Management
[:en]As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major…
On the Security of Outsourced and Untrusted Databases
ieeexplore.ieee.org/xpl/articleDetails.jsp The outsourcing of databases to third parties has become a viable alternative to traditional in-house data management. Database management by third parties including the storage and maintenance allows companies to reduce their expenses and profit from the expertise of data storage specialists. However, the…
Verification, Validation, and Evaluation in Information Security Risk Management
[:en] Over the last four decades, various information security risk management (ISRM) approaches have emerged. However, there is a lack of sound verification, validation, and evaluation methods for these approaches. While restrictions, such as the impossibility of measuring exact values for probabilities and follow-up costs,…
Ontology-Based Generation of IT-Security Metrics
Legal regulations and industry standards require organizations to measure and maintain a specified IT-security level. Although several IT-security metrics approaches have been developed, a methodology for automatically generating ISO 27001-based IT-security metrics based on concrete organization-specific control implementation knowledge is missing. Based on the security…
Pseudonymisierung für die datenschutzkonforme Speicherung medizinischer Daten
[:en] E-Health erlaubt eine effiziente Kommunikation zwischen Gesundheitsdiensteanbietern (GDA) und somit die bessere Verfügbarkeit medizinischer Daten, wodurch nicht nur die Kosten im Gesundheitswesen reduziert, sondern auch die Qualität der Patientenbehandlung verbessert werden kann. Der wesentliche Nachteil der resultierenden Vernetzung besteht in der zunehmenden Wahrscheinlichkeit unautorisierter…
Workshop-Based Security Safeguard Selection with AURUM
[:en] Organizations are increasingly exposed to manifold threats concerning the security of their valuable business processes. Due to the increasing damage potential, decision makers are permanently forced to pay attention to security issues and are raising their security investments, but often (i) without considering the…
From the Resource to the Business Process Risk Level
Although a variety of information security risk management (ISRM) approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can the risk level of a business process be determined by taking the risk levels of the involved…
Ontology-Based Generation of Bayesian Networks
[:en] Bayesian networks are indispensable for determining the probability of events which are influenced by various components. Bayesian probabilities encode degrees of belief about certain events and a dynamic knowledge body is used to strengthen, update, or weaken these assumptions. The creation of Bayesian networks…
AURUM: A Framework for Information Security Risk Management
ieeexplore.ieee.org/xpl/articleDetails.jsp As companies are increasingly exposed to a variety of information security threats, they are permanently forced to pay attention to security issues. Risk management provides an effective approach for measuring the security through risk assessment, risk mitigation and evaluation. Existing risk management approaches are…