Abstract
Telemedical systems contain and provide information that is extremely sensitive. Disclosing or damaging that information in an unauthorized way may be catastrophic both for organizations and patients. In order to assure the security of telemedical systems, suitable security policies, security architectures and security mechanisms must be applied. Additionally, a secure and safe working environment must be guaranteed. The rules for setting up such an environment are described (for example) in HIPPA.
Best-practice telemedical systems should satisfy such evaluation criteria as TCSEC or ITSEC. Conformity with these standards helps achieve a well-protected and secure system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
8 Bibliography
P. B. Checkland, Systems Thinking, Systems Practice, John Wiley & Sons, Inc., New York (1981).
W. R. Cheswick and S. M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley Publishing Co., Reading, MA (1994).
Committee on Information Systems Trustworthiness, National Research Council, Trust in Cyberspace, National Academy Press, Washington, DC (1999).
D. Ferraiolo, Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and System Security, Vol. 4, No. 3 (August 2001), pp. 224–274.
D. Ferraiolo, D. Kuhn, and R. Chandramouli, Role-Based Access Control, Artech House, Norwood, MA (2003).
Digital Signature Guidelines, American Bar Association (1996), Section 1.35, available at http://www.abanet.org/scitech/ec/isc/dsgfree.html.
Guide for Development of Protection Profiles and Security Targets, ISO/IEC PDTR 15446, available at http://csrc.nist.gov/cc/t4/wg3/27n2449.pdf, pp. 69–74.
Information Technology—Security Techniques—Evaluation Criteria for IT Security—Part 1: Introduction and General Model, ISO/IEC 15408-1 (1999); available at http://isotc.iso.ch/livelink/livelink/fetch/2000/2489/lttf_Home/PubliclyAvailableStandards.htm.
Information Technology—Security Techniques—Evaluation Criteria for IT Security—Part 2: Security Functional Requirements, ISO/IEC 15408-2 (1999).
Information Technology—Security Techniques—Evaluation Criteria for IT Security—Part 3: Security Assurance Requirements, ISO/IEC 15408-3 (1999).
H. Johner, S. Fujiwara, A. S. Yeung, A. Stephanou, and J. Whitmore, Deploying a Public Key Infrastructure, Redbook SG24-5512-00, IBM Corporation, http://www.redbooks.ibm.co.
N. Kall, Service-Oriented Security Architecture: Part 1, Metagroup, ZDNet (2003).
A. Kumar, N. Karnik, and G. Chafle, Context Sensitivity in Role Based Access Control, ACM SIGOPS Operating Systems Review (July 2002), pp. 53–66.
P. T. L. Lloyd and G. M. Galambos, Technical Reference Architectures, IBM Systems Journal 38, No. 1, 51–75 (1999); available at http://researchweb.watson.ibm.com/journal/sj/381/lloyd.html.
S. McClure, J. Scambray, and G. Kurtz, Hacking Exposed: Network Security Secrets & Solutions, McGraw-Hill Publishing Company, Maidenhead, Berkshire (1999).
M. Moyer and M. Ahamad, Generalized Role-Based Access Control, International Conference on Distributed Computing Systems (April 2001), pp. 391–398.
NEMA-Privacy and Security Committee, Security and Privacy: An Introduction to HIPAA (April 10, 2001).
OMG, Resource Access Decision, Version 1.0. (2001); available at http://www.omg.org/technology/documents/formal/resource_access_decision.htm.
A. Patel and S. O. Ciardhuain, The Impact of Forensic Computing on Telecommunications, IEEE Communications Magazine 38, No. 11, 64–67 (November 2000).
E. Rechtin, Systems Architecting: Creating and Building Complex Systems, Prentice Hall, New York (1991).
RFC 1825, Security Architecture for the Internet Protocol (August 1995); available at http://www.ietf.org/rfc.html.
RFC 2316, Report of the IAB Security Architecture Workshop (April 1998); available at http://www.ietf.org/rfc.html.
F. B. Schneider, Enforceable Security Policies, ACM Transactions on Information and System Security 3, No. 1, 30–50 (February 2000).
Security Architecture, e-Government Strategy, Version 2.0 (September 2002).
Security Architecture for Open Systems Interconnection for CCITT Applications, ITU-T Recommendation X.800/ISO 7498-2 (1991); available at http://www.itu.int/itudoc/itu-t/rec/x/x500up/x800.html.
P. Slowikowski and M. Jarzab, Security aspect of medical portals, Proceedings, the International Conference on E-he@lth in Common Europe, Krakow, Poland (2003).
D. Verton, Common Ground Sought for IT Security Requirements, Computerworld 35, No. 11, 8 (March 12, 2001).
J. J. Whitmore, Security and e-business: Is There a Prescription? Proceedings, 21st National Information Systems Security Conference, Arlington, VA (October 6–9, 1998); available at http://csrc.nist.gov/nissc/1998/proceedings/paperD13.pdf.
http://www.commoncriteria.org/protection_profiles/pp.html.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag London Limited
About this chapter
Cite this chapter
Słowikowski, P., Zieliński, K. (2006). Security and Safety of Telemedical Systems. In: Zieliński, K., Duplaga, M., Ingram, D. (eds) Information Technology Solutions for Healthcare. Health Informatics. Springer, London. https://doi.org/10.1007/1-84628-141-5_4
Download citation
DOI: https://doi.org/10.1007/1-84628-141-5_4
Publisher Name: Springer, London
Print ISBN: 978-1-85233-978-4
Online ISBN: 978-1-84628-141-9
eBook Packages: MedicineMedicine (R0)