Web application security has become a big issue because of common vulnerabilities found in web applications. This paper illustrates a case study on conducting security testing on an example application, Tunestore. The example application was tested using a number of tools such as Paros, WebScarab, JBroFuzz, Acunetix, and Fortify. Manual testing was also conducted. The testing results of different tools and manual testing are compared and discussed. Our case study shows manual testing is very important since some vulnerability types can only be found through manual testing and tester's observations, and it is important to utilize a variety of tools as well as conduct careful manual testing in order to find the most number of vulnerabilities in a web application. Based on this case study, hands-on labs can be developed for teaching web security, software security testing, and other topics.
The information maintained by Health Information Systems (HIS) is often faced with security threats from a wide range of sources. Some government's regulations require healthcare organizations and custodians of personal health information to take practical steps to address the security and privacy needs of personal health information. Standards help to ensure an adequate level of security is attained, resources are used efficiently and the best security practices are adopted. In this paper, the authors survey security standards applicable to healthcare industry including Control OBjective for Information and related Technology (COBIT), ISO/IEC 27002:2005, ISO/IEC 27001:2005, NIST Special Publication 800-53, ISO 27799:2008, HITRUST Common Security Framework (CSF), ISO 17090:2008, ISO/TS 25237:2008, etc. This survey informs the audience currently available standards that can guide the implementation of information security programs in healthcare organizations, and provides a starting point for IT management in healthcare organizations to select a standard suitable for their organizations.
As healthcare organizations and their business associates operate in an increasingly complex technological world, there exist security threats and attacks which render individually identifiable health information vulnerable. In United States, a number of laws exist to ensure that healthcare providers take practical measures to address the security and privacy needs of health information. This paper provides a survey of U.S. laws related to health information security and privacy, which include Health Insurance Portability and Accountability Act (HIPAA),Gramm-Leach-Bliley Act, Sarbanes-Oxley Act of 2002, Patient Safety and Quality Improvement Act of 2005, and Health Information Technology for Economic and Clinical Health (HITECH).The history and background of the laws, highlights of what the laws require, and the challenges organizations face in complying with the laws are discussed.
In this chapter, the authors survey security standards and guides applicable to healthcare industry including control objective for information and related technologies (COBIT), ISO/IEC 27001:2005 (which has been revised by ISO/IEC 27001:2013), ISO/IEC 27002:2005 (which has been revised by ISO/IEC 27002:2013), ISO 27799:2008 (which has been revised by ISO 27799:2016), ISO 17090:2008 (which has been revised by ISO 17090:2015), ISO/TS 25237:2008, HITRUST common security framework (CSF), NIST Special Publication 800-53, NIST SP 1800, NIST SP 1800-8, and building code for medical device software security. This survey informs the audience of currently available standards that can guide the implementation of information security programs in healthcare organizations, and provides a starting point for IT management in healthcare organizations to select a standard suitable for their organizations.
In this chapter, the authors survey security standards and guides applicable to healthcare industry including control objective for information and related technologies (COBIT), ISO/IEC 27001:2005 (which has been revised by ISO/IEC 27001:2013), ISO/IEC 27002:2005 (which has been revised by ISO/IEC 27002:2013), ISO 27799:2008 (which has been revised by ISO 27799:2016), ISO 17090:2008 (which has been revised by ISO 17090:2015), ISO/TS 25237:2008, HITRUST common security framework (CSF), NIST Special Publication 800-53, NIST SP 1800, NIST SP 1800-8, and building code for medical device software security. This survey informs the audience of currently available standards that can guide the implementation of information security programs in healthcare organizations, and provides a starting point for IT management in healthcare organizations to select a standard suitable for their organizations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.