A Survey of Security Standards Applicable to Health Information Systems

Akowuah, Francis; Yuan, Xiaohong; Xu, Jinhui; Wang, Hong

doi:10.4018/ijisp.2013100103

Cited by 8 publications

(3 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Along the same lines – although it is a well-documented fact that a successful management system requires leadership endorsement (e.g. Crowder, 2013) – several articles indicate that ISO/IEC 27001 is mostly developed by IT departments alone (Van Wessel et al , 2011; Akowuah et al , 2013). Stewart (2018) notes that information security leaders are unlikely to be included in the management committee.…”

Section: Thematic Findingsmentioning

confidence: 99%

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Culot

Nassimbeni

Podrecca

et al. 2021

TQM

View full text Add to dashboard Cite

PurposeAfter 15 years of research, this paper aims to present a review of the academic literature on the ISO/IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory-based research agenda to inspire interdisciplinary studies in the field.Design/methodology/approachThe study is structured as a systematic literature review.FindingsResearch themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors.Originality/valueThe study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.

show abstract

Section: Thematic Findingsmentioning

confidence: 99%

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

Culot

Nassimbeni

Podrecca

et al. 2021

TQM

View full text Add to dashboard Cite

show abstract

“…The Control Objectives for Information and Related Technology (COBIT) framework was created by the Information Systems Audit and Control Association (ISACA) for IT management and governance. It allows technical managers to bridge the gap between control requirements, technical issues, and business risks (Akowuah et al, 2013). The COBIT 2019 framework provides for integration with NIST's Cybersecurity Framework to comprehensively address IT governance in the rapidly evolving cybersecurity landscape.…”

Section: Applying Security Standards Using the Frameworkmentioning

confidence: 99%

DeTER Framework

Parthasarathy

Wyant

Bingi

et al. 2021

International Journal of Intelligent Information Technologies

View full text Add to dashboard Cite

The use of health apps on mobile devices by healthcare providers and receivers (patients) is proliferating. This has elevated cybersecurity concerns owing to the transmittal of personal health information through the apps. Research literature has mostly focused on the technology aspects of cybersecurity in mobile healthcare. It is equally important to focus on the ethical and regulatory perspectives. This article discusses cybersecurity concerns in mobile healthcare from the ethical perspective, the regulatory/compliance perspective, and the technology perspective. The authors present a comprehensive framework (DeTER) that integrates all three perspectives through which cybersecurity concerns in mobile healthcare could be viewed, understood, and acted upon. Guidance is provided with respect to leveraging the framework in the decision-making process that occurs during the system development life cycle (SDLC). Finally, the authors discuss a case applying the framework to a situation involving the development of a contact tracing mobile health app for pandemics such as COVID-19.

show abstract

“…Scholarshavestudiedpasswordauthenticationfromdiverseperspectives.Forexample,In1980s, anidentityauthenticationsolutionbasedonapasswordlistforaccessofremoteuserswaspresented (Akowuah, Yuan, Xu, & Wang, 2013). Purdy (1974) proposes to use a one-way function Y=f(x) transformationforacquiringthecorrespondingrelationbetweenapasswordandanexplicittext.…”

Section: Password Authenticationmentioning

confidence: 99%

Identity Authentication Security Management in Mobile Payment Systems

Wang

Shan

Chen

et al. 2020

Journal of Global Information Management

Self Cite

View full text Add to dashboard Cite

Mobile payment is a new payment method offering users mobility, reachability, compatibility, and convenience. But mobile payment involves great uncertainty and risk given its electronic and wireless nature. Therefore, biometric authentication has been adopted widely in mobile payment in recent years. However, although technology requirements for secure mobile payment have been met, standards and consistent requirements of user authentication in mobile payment are not available. The flow management of user authentication in mobile payment is still at its early stage. Accordingly, this paper proposes an anonymous authentication and management flow for mobile payment to support secure transaction to prevent the disclosure of users' information and to reduce identity theft. The proposed management flow integrates transaction key generation, encryption and decryption, and matching to process users' personal information and biometric characteristics based on mobile equipment authentication carrier.

show abstract

A Survey of Security Standards Applicable to Health Information Systems

Cited by 8 publications

References 10 publications

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda

DeTER Framework

Identity Authentication Security Management in Mobile Payment Systems

Contact Info

Product

Resources

About