boo paper 20.docx
Document Details
Uploaded by RefreshingLapisLazuli
Full Transcript
11. Define Public Key Infrastructure (PKI). Public Key Infrastructure (PKI) is a system of cryptographic protocols that provide secure communication over the internet. It is used to establish and maintain a trusted environment for the exchange of digital information, such as medical records or fina...
11. Define Public Key Infrastructure (PKI). Public Key Infrastructure (PKI) is a system of cryptographic protocols that provide secure communication over the internet. It is used to establish and maintain a trusted environment for the exchange of digital information, such as medical records or financial transactions. PKI uses a combination of public and private keys to encrypt and decrypt data, ensuring that only authorized parties have access to sensitive information. The public key is freely available to anyone who wants to send messages to a particular recipient, while the private key is kept secret and known only to the recipient. PKI is an essential component of many healthcare systems, as it helps to protect patient privacy and ensure the integrity of medical data. 12. Define firewall. A firewall in healthcare systems is a security measure that helps to protect the network and the information stored in it from unauthorized access or malicious attacks. It acts as a barrier between the internal network and external networks such as the internet, and monitors and filters incoming and outgoing traffic according to pre-defined security rules. The firewall can be hardware or software-based and is an important component in ensuring the confidentiality, integrity, and availability of sensitive healthcare data 13. List types of firewall techniques. 1. Packet filter firewall: Packet filter firewall is a network security mechanism that operates by examining the data packets that are being transmitted through a network. It filters the packet on the basis of pre-configured rules, such as source and destination IP address, protocol type, and port number. Packet filter firewalls are fast and efficient, but they only provide basic security. 2. Stateful inspection firewall: Stateful inspection firewall is a type of firewall that monitors the state of active connections and uses this information to determine which network packets are allowed through the firewall. It keeps track of the state of the connection and only allows packets that are part of an established connection to pass through the firewall. Stateful inspection firewalls provide better security than packet filter firewalls. 3. Application-level gateway firewall: Application-level gateway firewall is a type of firewall that operates at the application layer of the OSI model. It provides advanced security features such as content filtering, URL filtering, and antivirus protection. It is also known as a proxy firewall because it acts as a mediator between the client and the server. 4. Circuit-level gateway firewall: Circuit-level gateway firewall is a type of firewall that operates at the session layer of the OSI model. It sets up a virtual circuit between the client and the server and only allows packets that belong to that circuit to pass through the firewall. It provides a basic level of security and is often used in conjunction with other firewall types. 5. Next-generation firewall (NGFW): Next-generation firewall is a type of firewall that combines the features of stateful inspection, application-level gateway, and intrusion prevention system (IPS). It provides advanced security features such as deep packet inspection, intrusion detection and prevention, and SSL inspection. It is more advanced and provides better security than other types of firewalls. 14. Describe a ransomware attack. A ransomware attack is a type of malicious software that blocks access to a computer system or files until a ransom is paid to the attacker. The attacker typically encrypts the victim's files, making them inaccessible, and demands payment in exchange for the decryption key. The ransomware can spread rapidly through a network, affecting multiple systems and causing significant damage to a company's operations. Victims of a ransomware attack often face a difficult decision of whether to pay the ransom or risk losing valuable data. Ransomware attacks have become increasingly common in recent years, and it is important for individuals and organizations to take steps to prevent and respond to these types of attacks. 15. Who shares in the responsibility for an effective information security plan? An effective information security plan requires the participation and collaboration of various stakeholders within an organization. This includes executives, managers, IT professionals, employees, and even third-party service providers. Each of these stakeholders has a unique role to play in ensuring that the organization's information assets are adequately protected. It is essential to foster a culture of security awareness and provide ongoing training to employees to promote responsible information security practices. Additionally, regular risk assessments, security audits, and incident response plans are critical components of an effective information security plan. 16. Who should have access to confidential information in the HIS? Access to confidential information in the HIS (Health Information System) should be restricted to authorized personnel only, such as healthcare providers directly involved in the care of the patient and those responsible for managing the system's security. Unauthorized access to confidential information can result in breaches of patient privacy and confidentiality, which can have serious consequences for both patients and healthcare providers. Therefore, it is crucial to implement strict security measures and protocols to ensure that only authorized individuals have access to sensitive information in the HIS. 17. Define audit trails. In healthcare systems, audit trails refer to a record of all the activity that occurs within the system. This includes any changes made to patient records, system settings, or user permissions. The audit trail captures information such as who made the change, when it was made, and what was changed. The purpose of an audit trail is to provide a detailed history of all activity within the system, which can be used for security and compliance purposes. It can also help with troubleshooting issues and detecting potential security breaches. 18. List the 5 criteria necessary for information security, integrity, confidentiality, accessibility, and privacy policies to be effective. The five criteria necessary for effective information security are: 1. Confidentiality: This means that only authorized individuals or systems have access to sensitive information. Confidentiality policies ensure that sensitive information is not disclosed to unauthorized personnel. 2. Integrity: This means that data is accurate, complete, and trustworthy. Integrity policies ensure that information is not corrupted, lost, or altered in any unauthorized manner. 3. Availability: This means that authorized personnel have access to information when they need it. Availability policies ensure that systems and data are available and accessible to those who need it, without interruption. 4. Privacy: This means that personal information is protected from unauthorized access or disclosure. Privacy policies ensure that personal information is collected, used, and disclosed only with the individual's consent and in accordance with applicable laws and regulations. 5. Compliance: This means that an organization is adhering to all applicable laws, regulations, and industry standards. Compliance policies ensure that an organization is following standard practices and procedures to ensure effective information security. 19. List the 6 tasks required for good system security management. 1. Risk Assessment: This involves identifying potential security threats and vulnerabilities in the system and assessing the likelihood and potential impact of each threat. 2. Access Control: This involves implementing measures to control access to system resources and data, such as using strong passwords, multi-factor authentication, and role-based access control. 3. Network Security: This involves implementing measures to secure the network infrastructure, such as firewalls, intrusion detection/prevention systems, and virtual private networks (VPNs). 4. Data Protection: This involves implementing measures to protect sensitive data, such as encryption, data backups, and secure data storage . 5. Incident Response: This involves developing a plan to respond to security incidents, such as data breaches or system compromises, and putting in place procedures for detecting, reporting, and responding to such incidents . 6. Security Monitoring: This involves monitoring the system for potential security threats, such as suspicious network activity or unauthorized access attempts, and taking appropriate action to prevent or mitigate such threats. 20. What is the purpose of encrypting e-mails? The purpose of encrypting emails is to protect the confidentiality and privacy of the message content. Encryption scrambles the message in a way that only the intended recipient who has the correct decryption key can read it. This is important because emails can be intercepted or accessed by unauthorized individuals during transmission or storage, potentially exposing sensitive or confidential information. Encryption helps to ensure that only the intended recipient can access and read the message, providing a layer of security to protect against data breaches and unauthorized access 21.. Define Wearable technology. Wearable technology refers to electronic devices that can be worn on the body, usually as an accessory or implant. These devices are equipped with sensors and other technologies that can track and monitor various health-related metrics, such as heart rate, blood pressure, sleep patterns, and physical activity. Wearable technology has become increasingly popular in healthcare systems as a way to improve patient outcomes and reduce healthcare costs by providing real-time data and insights for healthcare professionals to make informed decisions. Examples of wearable technology include smartwatches, fitness trackers, and implantable medical devices, among others. 22. Give an example of wearable technology. One example of wearable technology in healthcare is the smartwatch. Smartwatches can track a user's heart rate, steps taken, calories burned, and sleep patterns. Some smartwatches can also monitor blood pressure and blood glucose levels, making them a valuable tool for individuals with chronic conditions such as diabetes or hypertension. Additionally, smartwatches can send alerts for medication reminders or emergency situations, providing an extra layer of safety and peace of mind for users. 23. Why is PHI more valuable on the black market than credit card information? PHI (Personal Health Information) is more valuable on the black market than credit card information because it contains sensitive and personal information such as medical history, medications, and treatments. This information can be used for a variety of fraudulent activities such as identity theft, insurance fraud, and even blackmail. Additionally, PHI is often more difficult to detect and resolve than credit card fraud, making it a more attractive target for cybercriminals.