Currently, healthcare is critical environment in our society which attracts attention to malicious activities and has caused an important number of damaging attacks. In parallel, the recent advancements in technologies, computing systems, and wireless communications are changing healthcare environment by adding different improvements and complexity to it. This article reviews the current state of the literature and provides a holistic view of cybersecurity in healthcare. With this purpose in mind, the article enumerates the main stakeholders and architecture implemented in the healthcare environment, as well as the main security issues (threats, attacks, etc.) produced in healthcare. In this context, this work maps the threats collected with a widely used knowledge-based framework, MITRE ATT&CK, building a contribution not seen so far. This article also enumerates the security mechanisms created to protect healthcare, identifying the principal research lines addressed in the literature, and listing the available public security-focused datasets used in machine learning to provide security in the medical domain. To conclude, the research challenges that need to be addressed for future research works in this area are presented.
O que é válido fazer para reduzir, postergar ou afastar a incidência de tributos (“tax avoidance”) com uso de operações societárias? Pesquisas estrangeiras dizem que responder a esta pergunta não é tarefa fácil. No Brasil, esta dificuldade é agravada pelo fato das figuras jurídicas formalmente apontadas para realizar tal balizamento – tais como “simulação”, “fraude à lei”, dentre outras - na prática, são aplicadas de forma confusa, ou, simplesmente, não são aplicadas. Enquanto isso, é amplamente reconhecida a relevância deste tipo de práticas na busca por melhor desempenho empresarial. Nesta pesquisa, foram analisados Acórdãos do Conselho Administrativo de Recursos Fiscais (CARF) publicados entre 2008 e 2013 que julgaram comportamentos de tax avoidance com uso de operações societárias típicas (cisão, fusão e incorporação). Este estudo, abrindo mão de rastrear conceitos preestabelecidos pela legislação vigente (como dito, “simulação”, “fraude”, “abuso de forma ou de direito”, etc.), partiu diretamente das características fáticas dos casos sob análise para a fundamentação utilizada pelos julgadores e a sua conclusão, fazendo uso da metodologia criada por Alchourrón e Bulygin em 1975, conhecida como “normative systems”, ajustado de modo similar a como fizeram Shoueri et. al. em 2010. Ao final, pôde-se concluir que a motivação extratributária das operações, a consideração de que os fatos ocorreram, tais como foram descritos pelo contribuinte e o respeito às normas cogentes não tributárias, nessa ordem, são importantes balizadores do convencimento dos julgadores. Outras propriedades tais como adequado intervalo temporal entre as operações e independência entre as partes envolvidas, são igualmente critério de validade.
The EU-funded PALANTIR project proposes a cybersecurity framework combining privacy assurance, data protection, incident detection and recovery aspects under the same platform. The project main focus is on cyber-resilience of SMEs and compliance with the relevant data privacy and protection regulations. The outcomes of the project will be validated in diverse application areas (eHealth, eCommerce, 5G-MEC) and will provide enterprises with security tools that will boost their resilience at a reasonable cost to protect their assets in the ever evolving cyber threat range.
Small and medium enterprises are significantly hampered by cyber-threats as they have inherently limited skills and financial capacities to anticipate, prevent, and handle security incidents. The EU-funded PALANTIR project aims at facilitating the outsourcing of the security supervision to external providers to relieve SMEs/MEs from this burden. However, good practices for the operation of SME/ME assets involve avoiding their exposure to external parties, which requires a tightly defined and timely enforced security policy when resources span across the cloud continuum and need interactions. This paper proposes an innovative architecture extending Network Function Virtualisation to externalise and automate threat mitigation and remediation in cloud, edge, and on-premises environments. Our contributions include an ontology for the decision-making process, a Fault-and-Breach-Management-based remediation policy model, a framework conducting remediation actions, and a set of deployment models adapted to the constraints of cloud, edge, and on-premises environment(s). Finally, we also detail an implementation prototype of the framework serving as evaluation material.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.