Revision for Final Exam INF406 Medical Information System PDF

Summary

These are revision notes for the final exam of INF406 Medical Information Systems. The notes cover a variety of topics, including medical sensors, the Internet of Things (IoT), the Internet of Medical Things (IoMT), and medical equipment. Other topics include concepts like health information systems and cybersecurity.

Full Transcript

Revision on Lecture 01 1 Q1) What is the sensor ? Answer A sensor is a device that detects the change in the environment (physical phenomenon) and converts this change into a measurable analog voltage (or sometimes a digital signal)....

Revision on Lecture 01 1 Q1) What is the sensor ? Answer A sensor is a device that detects the change in the environment (physical phenomenon) and converts this change into a measurable analog voltage (or sometimes a digital signal). Q2) What is the IoT ? Answer Internet of Things (IoT) describes the network of physical objects called “things” that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet. Q3) What is the IoMT? Answer The Internet of Medical Things (IoMT) is the network of Internet-connected medical devices, hardware infrastructure, and software applications used to connect healthcare information technology. 2 1 Q4) What is Popular types of Medical sensors? Answer 1. Patient monitoring via remote access 2. Glucose monitoring ‫مراق ة الجلوكوز‬ 3. Heart Rate Monitoring 4. Hand hygiene inspection ‫ﻓﺤﺺ ﻧﻈﺎﻓة ال دين‬ 5. Testing of Blood Coagulation ‫اخت ﺎر تخ الدم‬ 6. Air-Quality Sensor 3 Q5) What are the most common wearable devices in healthcare? Answer 1. Smartwatches 2. ECG Monitors ‫شﺎشﺎت تخط ط القلب‬ 3. Blood Pressure Monitors 4. Glucose Monitoring Systems ‫أﻧﻈمة مراق ة الجلوكوز‬ 5. Body Temperature Monitors 6. Smart Jewellery ‫مجوهرات ذك ة‬ 4 2 Q6) What are the types of Medical Equipment ? Answer 1) Diagnostic Equipment Imaging machine Aside from medical imaging machines 2) Durable Medical Equipment (DME) 3) Treatment Equipment 4) Life Support Equipment 5) Medical Laboratory Equipment 5 Revision on Lecture 03 6 3 Q1) What do you know about Health Information System (HIS) ? Answer Health Information System, or HIS, refers to a system designed to store, share, and analyse the data collected in any healthcare facility. It could be private and public clinics, hospitals, and doctor’s private chambers ‫غرف الطب ب الخﺎصة‬. It also contains, organizes, and manages patients’ electronic medical records. 7 Q2) What are the Types of Health Information System? Answer 1. Medical Practice Management System/Software (PMS) 2. Electronic Medical Record (EMR) & Electronic Health Record Systems (EHR) 3. E-Prescribing (eRx) Software 4. Remote Patient Monitoring (RPM) 5. Master Patient Index (MPI) 8 4 Q3) What are the Components of HMIS? Answer  Administrative Management ‫التنﻈ م اﻹداري‬  Clinical Management  Hospital Facilities  Medical Documentation ‫الوثﺎئق الطب ة‬  Transportation Management  Statistics Management 9 Revision on Lecture 05 10 5 Q1) What are the Types of Medical Reports? Answer  Imaging Reports (Radiology, Ultrasound, MRI, etc.)  Pathology Reports  Laboratory Reports (Blood Tests, Urinalysis, etc.)  Electrophysiological Reports (ECG, EEG, etc.) 11 Q2) Give example on Collection methods of Primary data? Answer 1. Questionnaires and surveys 2. Interviews 3. Focus groups 4. Observation Q3) Give example on Collection methods of Secondary data? Answer 1. Online journals, records, and publications 2. Government records and publications 3. Business and industry records 4. Newspapers 5. Unpublished sources 12 6 Revision on Lecture 06 13 Q1) Define Cybersecurity ? Answer Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users via ransomware; or interrupting normal business processes. Q2) What are the functions of attack ? Answer o Interruption ‫اﻧقطﺎع‬ o Interception ‫اع اض‬ o Modification ‫تعد ل‬ o Fabrication ‫تﺼنﻊ‬ 14 7 Q3) What are the types of attacks ? Answer There are two types/groups of attackers:  Passive attackers. They do not affect on the data transmission. They can get a copy from transmitted data only. Their function is Interception.  Active attackers. They affect on the transmitted data. Their functions are Interruption, Modification, and Fabrication. 15 Q4) What do you know about CIA? Answer CIA triad is another model used to describe security aspects. CIA stand for: Confidentiality, Integrity, and Availability.  Confidentiality ‫الخصوص ة‬/‫ال ه‬ Confidentiality means that the data is only available to authorized parties. Confidential data are not disclosed to people who do not require them or who should not have access to them. Confidentiality is called also Privacy, but the difference is:  Privacy concerns people ‫ الخﺼوص ة تﻬم النﺎس‬that restricts ‫ ق د‬the public from accessing the personal details ‫ الب ﺎﻧﺎت الشخﺼ ة‬about a person.  Confidentiality concerns data ‫ ال ة تتعلق ﺎلب ﺎﻧﺎت‬that protects the information from unauthorised persons. 16 8  Integrity ‫السﻼمة‬/‫الت امل ة‬ Integrity refers to the methods of ensuring that data is accurate, real, and protected from unauthorised user modification or destruction. Data integrity also refers to the accuracy and validity of data over its entire lifecycle. Integrity is an important element of data hygiene, reliability and accuracy.  Availability ‫اﻻتاح ة‬ Availability guarantees that systems, applications and data are available to users when they need them. The most common attack that impacts availability is Denial-of-Service (DoS) in which the attacker interrupts access to information, system, devices or other network resources. 17 Q5) What are the Popular Cybersecurity Threats ? Answer  Reconnaissance Attacks ‫هجمﺎت اﻻستطﻼع‬  Access Attack  Malicious Software (Malware) ‫ال امج الضﺎرة‬  Cross-Site Scripting (XSS) Q6) Give examples on reconnaissance attacks ? Answer 1) Packet Sniffer 2) Port scan 3) Ping sweep 4) Internet information queries 18 9 Q7) Give examples on access attacks ? Answer 1) Password Attacks 2) Trust Exploitation ‫استغﻼل الثقة‬ 3) Port Redirection 4) Man-in-the-middle attack Q8) What are the types of password cracking? Answer a) Dictionary Attack b) Brute force attack c) Hybrid Attack 19 Q9) What are the common types of Malware? Answer  Virus  Spyware  Keyloggers  Rootkits  Worms  Fileless Malware  Trojans  Logic Bomb  Ransomware  Bots/Botnets  Adware 20 10 Revision on Lecture 07 21 Q1) Define Cryptography ? Answer Cryptography is defined as the science and art of transforming messages to make them secure and immune ‫ ﻣﻧﺎﻋﺔ‬to attack. Q2) What are the two main processes used with data security? Answer Data security depends on two main processes: o Authentication process It is used to authenticate the devices identities to each other before data-exchange. Also, it can be used with data-exchange to authenticate the transmitted message. o Data encryption process It is used to encrypt the data. 22 11 Q3) What are the two types of encryption algorithms? Answer There are two types of encryption algorithms: o Symmetrical encryption algorithms It is used to encrypt the data in WLAN during data exchange process. the encryption key is the same as decryption key. o Asymmetrical encryption algorithms It is used to encrypt the devices identities during authentication process. Also, for message authentication during data transmission. the encryption key is not the same as decryption key. 23 Q4) What are the security aspects achieved by Authentication and Data Encryption? Answer Authentication process achieves the integrity as a security aspect for the network while data encryption process achieves the confidentiality (or privacy) ‫اﳋﺼﻮﺻﻴﺔ‬/‫ اﻟﺴﺮﻳﺔ‬as a security aspect for the network. 24 12 Q5) What are the Popular types of Asymmetrical Encryption Algorithms? Answer Rivest, Shamir and Adleman (RSA) algorithm Identities Encryption El-Gamal encryption system Popular types of Asymmetrical Encryption Algorithms Diffie-Hellman (DH) algorithm Key Exchange Elliptic Curve Cryptography (ECC) 25 Q6) What do you know about Symmetrical Encryption algorithms and what is the types of Symmetrical Encryption Algorithms? Answer In Symmetrical encryption algorithm, the encryption key is the same as decryption key. 26 13 Q7) Compare between DES, TDES (called also 3DES), and AES ? Answer Algorithm Plaintext size Key size No of rounds DES 64-bits 56-bits 16 TDES 64-bits 192-bits 16 AES-128 128-bits 128-bits 10 AES-192 192-bits 192-bits 12 AES-256 256-bits 256-bits 14 27 Q8) What are the ways used for Message Authentication? Answer There are many different ways used for message authentication used to generate MAC code: o Hash function o Digital Signature o CRC-32 (used in WEP protocol) o Message Integrity Check MIC (used in WPA protocol and WPA2) Q9) Draw the block diagram for digital signature? Answer Message …… …… … …… …… … Hash MAC Hash Function Yes, Authorized Message Function code Are they MAC code Recovered the same? Encryption Decryption No, Rejected Message Signature MAC code C=Pd mod n P=Ce mod n 28 14 Revision on Lecture 08 29 Q1) What are the popular authentication methods? Answer A) Something you know: Such as: Password-based authentication B) Something you have: Such as: smart card. C) Something you are: Such as: Biometric authentication:  Facial recognition  Fingerprint  Voice identification  Eye scanners D) Multi-Factor Authentication (MFA) E) Token-based authentication F) Open Authorization (OAuth) G) Access Control Lists (ACLs) 30 15 Q2) What do you know about Firewall? Answer Firewall is installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Firewall Classification A firewall is usually classified as: a) Packet-filter firewall It filters the data based on Port number or IP address. So, it work in Transport Layer and Network Layer. b) Proxy-based firewall it filters based on application type such as images, videos, audio, and so on. So, it work in Application layer 31 Q3) What are the types of Proxy server? Answer o Proxy Server It request the service from the internet as the client request without modification and prevention (or filtering). o Forward Proxy It adds controls and security for the client requesting. o Reverse Proxy If external users (from the internet) request to services from our servers in our internal network, the reverse proxy server will request these services by using IP address of proxy server instead of the external users. 32 16 Q4) What do you know about Network Segmentation? Answer Network Segmentation divides the network into distinct sub-networks ‫ش ﺎت ﻓرع ة منﻔﺼلة‬ without cables (or wireless) disconnection. They will be separated by devices like firewalls, switches and routers. Firebox device is an example used to partition the network into sub-network. Network segmentation enables network administrators to deliver unique security controls and services to each sub-network. 33 Q5) What are the three main ways to segment the network? Answer There are three main ways to segment the network:  Virtual Local Area Network (VLAN) segmentation  Firewall segmentation  Software-Defined Networking (SDN) segmentation 34 17 Q6) What are the types of data-link security protocols? Answer Data-Link Security Protocols are: OSI model  WEP Application Layer  WPA  WPA2 Presentation Layer  WPA3 Link Session Layer Transport Layer Network Layer Data link Layer Physical Layer 35 Revision on Lecture 09 36 18 Q1) What are the types of Data in Cybersecurity? Answer a) Data at rest b) Data in motion c) Data in use Q2) What do you know about Data Loss Prevention (DLP)? Answer Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration ‫ال سلل‬, or unwanted destruction ‫ تدم‬of sensitive data. Organizations use DLP to protect and secure their data and comply with regulations ‫اﻻمتثﺎل للوائح‬. 37 Q3) What are the steps of DLP life cycle? Answer 1. Classifying data 2. Determining confidentiality levels 3. Developing security rules 4. Monitoring and Investigating ‫التﺤقيق‬ 5. Classifying new data Q4) What are the types of Data Loss Prevention (DLP)? Answer 1) Network DLP 2) Endpoint DLP 3) Cloud DLP 38 19 Q5) What is the difference between Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS)? Answer The main difference between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is that IDS are monitoring systems and IPS are control systems. IDS won't alter ‫ تغي‬network traffic while IPS prevents packets from delivering based on the contents of the packet Q6) What are the two types of Intrusion Detection System (IDS)? Answer 1) Network Intrusion Detection System (NIDS) 2) Host Intrusion Detection System (HIDS) 39 Q7) What are the types of behaviour analytics ? Answer a) User and Entity Behaviour Analytics (UEBA) b) Network Behaviour Analytics (NBA) c) Insider Threat Behaviour Analytics (ITBA) Q8) What are the types of Hackers? Answer Black Hat Hackers White Hat Hackers Grey Hat Hackers 40 20

Use Quizgecko on...
Browser
Browser