Revision for Final Exam INF406 Medical Information System.pdf

Full Transcript

Revision on Lecture 01

1

Q1) What is the sensor ?
Answer
A sensor is a device that detects the change in the environment (physical phenomenon)
and converts this change into a measurable analog voltage (or sometimes a digital signal).

Q2) What is the IoT ?
Answer
Internet of Things (IoT) describes the network of physical objects called “things” that are
embedded with sensors, software, and other technologies for the purpose of connecting and
exchanging data with other devices and systems over the internet.

Q3) What is the IoMT?
Answer
The Internet of Medical Things (IoMT) is the network of Internet-connected medical devices,
hardware infrastructure, and software applications used to connect healthcare information
technology.
2

1
 Q4) What is Popular types of Medical sensors?
Answer
1. Patient monitoring via remote access
2. Glucose monitoring ‫مراق ة الجلوكوز‬
3. Heart Rate Monitoring
4. Hand hygiene inspection ‫ﻓﺤﺺ ﻧﻈﺎﻓة ال دين‬
5. Testing of Blood Coagulation ‫اخت ﺎر تخ الدم‬
6. Air-Quality Sensor

3

Q5) What are the most common wearable devices in healthcare?
Answer
1. Smartwatches
2. ECG Monitors ‫شﺎشﺎت تخط ط القلب‬
3. Blood Pressure Monitors
4. Glucose Monitoring Systems ‫أﻧﻈمة مراق ة الجلوكوز‬
5. Body Temperature Monitors
6. Smart Jewellery ‫مجوهرات ذك ة‬

4

2
 Q6) What are the types of Medical Equipment ?
Answer
1) Diagnostic Equipment
Imaging machine
Aside from medical imaging machines
2) Durable Medical Equipment (DME)
3) Treatment Equipment
4) Life Support Equipment
5) Medical Laboratory Equipment

5

Revision on Lecture 03

6

3
 Q1) What do you know about Health Information System (HIS) ?

Answer
Health Information System, or HIS, refers to a system designed to store, share, and analyse
the data collected in any healthcare facility. It could be private and public clinics, hospitals,
and doctor’s private chambers ‫غرف الطب ب الخﺎصة‬. It also contains, organizes, and manages
patients’ electronic medical records.

7

Q2) What are the Types of Health Information System?
Answer
1. Medical Practice Management System/Software (PMS)
2. Electronic Medical Record (EMR) & Electronic Health Record Systems (EHR)
3. E-Prescribing (eRx) Software
4. Remote Patient Monitoring (RPM)
5. Master Patient Index (MPI)

8

4
 Q3) What are the Components of HMIS?
Answer

 Administrative Management ‫التنﻈ م اﻹداري‬
 Clinical Management
 Hospital Facilities
 Medical Documentation ‫الوثﺎئق الطب ة‬
 Transportation Management
 Statistics Management

9

Revision on Lecture 05

10

5
 Q1) What are the Types of Medical Reports?
Answer

 Imaging Reports (Radiology, Ultrasound, MRI, etc.)
 Pathology Reports
 Laboratory Reports (Blood Tests, Urinalysis, etc.)
 Electrophysiological Reports (ECG, EEG, etc.)

11

Q2) Give example on Collection methods of Primary data?
Answer
1. Questionnaires and surveys
2. Interviews
3. Focus groups
4. Observation

Q3) Give example on Collection methods of Secondary data?
Answer

1. Online journals, records, and publications
2. Government records and publications
3. Business and industry records
4. Newspapers
5. Unpublished sources

12

6
 Revision on Lecture 06

13

Q1) Define Cybersecurity ?
Answer
Cybersecurity is the practice of protecting systems, networks, and programs from digital
attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive
information; extorting money from users via ransomware; or interrupting normal business
processes.

Q2) What are the functions of attack ?
Answer
o Interruption ‫اﻧقطﺎع‬
o Interception ‫اع اض‬
o Modification ‫تعد ل‬
o Fabrication ‫تﺼنﻊ‬

14

7
 Q3) What are the types of attacks ?
Answer

There are two types/groups of attackers:
 Passive attackers.
They do not affect on the data transmission. They can get a copy from transmitted
data only. Their function is Interception.
 Active attackers.
They affect on the transmitted data. Their functions are Interruption, Modification, and
Fabrication.

15

Q4) What do you know about CIA?
Answer
CIA triad is another model used to describe security aspects. CIA stand for: Confidentiality,
Integrity, and Availability.
 Confidentiality ‫الخصوص ة‬/‫ال ه‬
Confidentiality means that the data is only available to authorized parties. Confidential
data are not disclosed to people who do not require them or who should not have
access to them.
Confidentiality is called also Privacy, but the difference is:
 Privacy concerns people ‫ الخﺼوص ة تﻬم النﺎس‬that restricts ‫ ق د‬the public from
accessing the personal details ‫ الب ﺎﻧﺎت الشخﺼ ة‬about a person.
 Confidentiality concerns data ‫ ال ة تتعلق ﺎلب ﺎﻧﺎت‬that protects the information from
unauthorised persons.

16

8
  Integrity ‫السﻼمة‬/‫الت امل ة‬
Integrity refers to the methods of ensuring that data is accurate, real, and protected
from unauthorised user modification or destruction. Data integrity also refers to the
accuracy and validity of data over its entire lifecycle. Integrity is an important element
of data hygiene, reliability and accuracy.

 Availability ‫اﻻتاح ة‬
Availability guarantees that systems, applications and data are available to users when
they need them. The most common attack that impacts availability is Denial-of-Service
(DoS) in which the attacker interrupts access to information, system, devices or other
network resources.

17

Q5) What are the Popular Cybersecurity Threats ?
Answer
 Reconnaissance Attacks ‫هجمﺎت اﻻستطﻼع‬
 Access Attack
 Malicious Software (Malware) ‫ال امج الضﺎرة‬
 Cross-Site Scripting (XSS)

Q6) Give examples on reconnaissance attacks ?
Answer
1) Packet Sniffer
2) Port scan
3) Ping sweep
4) Internet information queries

18

9
 Q7) Give examples on access attacks ?
Answer
1) Password Attacks
2) Trust Exploitation ‫استغﻼل الثقة‬
3) Port Redirection
4) Man-in-the-middle attack

Q8) What are the types of password cracking?
Answer
a) Dictionary Attack
b) Brute force attack
c) Hybrid Attack

19

Q9) What are the common types of Malware?
Answer
 Virus  Spyware
 Keyloggers  Rootkits
 Worms  Fileless Malware
 Trojans  Logic Bomb
 Ransomware
 Bots/Botnets
 Adware

20

10
 Revision on Lecture 07

21

Q1) Define Cryptography ?
Answer
Cryptography is defined as the science and art of transforming messages to make them
secure and immune ‫ ﻣﻧﺎﻋﺔ‬to attack.

Q2) What are the two main processes used with data security?
Answer
Data security depends on two main processes:
o Authentication process
It is used to authenticate the devices identities to each other before data-exchange. Also, it
can be used with data-exchange to authenticate the transmitted message.
o Data encryption process
It is used to encrypt the data.

22

11
 Q3) What are the two types of encryption algorithms?
Answer
There are two types of encryption algorithms:
o Symmetrical encryption algorithms
It is used to encrypt the data in WLAN during data exchange process. the encryption key
is the same as decryption key.
o Asymmetrical encryption algorithms
It is used to encrypt the devices identities during authentication process. Also, for
message authentication during data transmission. the encryption key is not the same as
decryption key.

23

Q4) What are the security aspects achieved by Authentication and Data Encryption?

Answer

Authentication process achieves the integrity as a security aspect for the
network while data encryption process achieves the confidentiality (or privacy)
‫اﳋﺼﻮﺻﻴﺔ‬/‫ اﻟﺴﺮﻳﺔ‬as a security aspect for the network.

24

12
 Q5) What are the Popular types of Asymmetrical Encryption Algorithms?
Answer

Rivest, Shamir and Adleman (RSA) algorithm
Identities
Encryption El-Gamal encryption system

Popular types of
Asymmetrical
Encryption Algorithms
Diffie-Hellman (DH) algorithm
Key
Exchange Elliptic Curve Cryptography (ECC)

25

Q6) What do you know about Symmetrical Encryption algorithms and what is
the types of Symmetrical Encryption Algorithms?
Answer
In Symmetrical encryption algorithm, the
encryption key is the same as decryption key.

26

13
 Q7) Compare between DES, TDES (called also 3DES), and AES ?
Answer
Algorithm Plaintext size Key size No of rounds
DES 64-bits 56-bits 16
TDES 64-bits 192-bits 16
AES-128 128-bits 128-bits 10
AES-192 192-bits 192-bits 12
AES-256 256-bits 256-bits 14

27

Q8) What are the ways used for Message Authentication?
Answer
There are many different ways used for message authentication used to generate MAC code:
o Hash function
o Digital Signature
o CRC-32 (used in WEP protocol)
o Message Integrity Check MIC (used in WPA protocol and WPA2)

Q9) Draw the block diagram for digital signature?
Answer
Message
……
……
…

……
……
…

Hash MAC
Hash Function Yes, Authorized Message
Function code Are they
MAC code
Recovered the same?
Encryption Decryption No, Rejected Message
Signature MAC code
C=Pd mod n P=Ce mod n

28

14
 Revision on Lecture 08

29

Q1) What are the popular authentication methods?
Answer
A) Something you know: Such as: Password-based authentication
B) Something you have: Such as: smart card.
C) Something you are: Such as: Biometric authentication:
 Facial recognition
 Fingerprint
 Voice identification
 Eye scanners
D) Multi-Factor Authentication (MFA)
E) Token-based authentication
F) Open Authorization (OAuth)
G) Access Control Lists (ACLs)
30

15
 Q2) What do you know about Firewall?
Answer
Firewall is installed between the internal network
of an organization and the rest of the Internet. It is
designed to forward some packets and filter (not
forward) others.

Firewall Classification
A firewall is usually classified as:
a) Packet-filter firewall
It filters the data based on Port number or IP address. So, it work in Transport Layer
and Network Layer.
b) Proxy-based firewall
it filters based on application type such as images, videos, audio, and so on. So, it work
in Application layer

31

Q3) What are the types of Proxy server?
Answer
o Proxy Server
It request the service from the internet as the client request without modification and
prevention (or filtering).
o Forward Proxy
It adds controls and security for the client requesting.

o Reverse Proxy
If external users (from the internet) request to services
from our servers in our internal network, the reverse
proxy server will request these services by using IP
address of proxy server instead of the external users.
32

16
 Q4) What do you know about Network Segmentation?
Answer
Network Segmentation divides the network
into distinct sub-networks ‫ش ﺎت ﻓرع ة منﻔﺼلة‬
without cables (or wireless) disconnection.
They will be separated by devices like
firewalls, switches and routers.
Firebox device is an example used to partition
the network into sub-network.
Network segmentation enables network
administrators to deliver unique security
controls and services to each sub-network.

33

Q5) What are the three main ways to segment the network?
Answer
There are three main ways to segment the network:
 Virtual Local Area Network (VLAN) segmentation
 Firewall segmentation
 Software-Defined Networking (SDN) segmentation

34

17
 Q6) What are the types of data-link security protocols?
Answer

Data-Link Security Protocols are: OSI model
 WEP Application Layer
 WPA
 WPA2 Presentation Layer
 WPA3 Link
Session Layer
Transport Layer

Network Layer

Data link Layer
Physical Layer

35

Revision on Lecture 09

36

18
 Q1) What are the types of Data in Cybersecurity?
Answer
a) Data at rest
b) Data in motion
c) Data in use

Q2) What do you know about Data Loss Prevention (DLP)?
Answer
Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches,
exfiltration ‫ال سلل‬, or unwanted destruction ‫ تدم‬of sensitive data. Organizations use DLP to
protect and secure their data and comply with regulations ‫اﻻمتثﺎل للوائح‬.

37

Q3) What are the steps of DLP life cycle?
Answer
1. Classifying data
2. Determining confidentiality levels
3. Developing security rules
4. Monitoring and Investigating ‫التﺤقيق‬
5. Classifying new data

Q4) What are the types of Data Loss Prevention (DLP)?
Answer
1) Network DLP
2) Endpoint DLP
3) Cloud DLP

38

19
 Q5) What is the difference between Intrusion Detection System (IDS) and
Intrusion Prevention Systems (IPS)?
Answer
The main difference between intrusion detection systems (IDS) and intrusion prevention
systems (IPS) is that IDS are monitoring systems and IPS are control systems. IDS won't alter
‫ تغي‬network traffic while IPS prevents packets from delivering based on the contents of the
packet

Q6) What are the two types of Intrusion Detection System (IDS)?
Answer
1) Network Intrusion Detection System (NIDS)
2) Host Intrusion Detection System (HIDS)

39

Q7) What are the types of behaviour analytics ?

Answer
a) User and Entity Behaviour Analytics (UEBA)
b) Network Behaviour Analytics (NBA)
c) Insider Threat Behaviour Analytics (ITBA)

Q8) What are the types of Hackers?

Answer

Black Hat Hackers
White Hat Hackers
Grey Hat Hackers

40

20