Abstract
The objective of the study reported by the present paper was to assess the cyber resilience state of a Portuguese hospital. For the study implementation, the Cyber Security Framework (CSF), proposed by the National Institute of Standards and Technology (NIST), was used in conjunction with the Cyber Resilience Review (CRR) tool. The results point to satisfactory levels of cyber resilience of the healthcare entity being studied, but several features need to be optimized. The results also show that the use of CSF and CRR report, generates a large quantity of objective information, which provides an exhaustive identification of aspects that should be improved.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In 2019, The National Cybersecurity Center formalized the “QNRCS-Quadro Nacional de Referência de Cibersegurança”, based on CSF of NIST.
References
Sedgewick, A.: Framework for improving critical infrastructure cybersecurity, version 1.0. https://www.us-cert.gov/ccubedvp/self-service-crr. Accessed 29 July 2020
Assessments: Cyber Resilience Review (CRR). United States Computer Emergency Readiness Team (US-CERT). https://www.us-cert.gov/ccubedvp/self-service-crr. Accessed 29 July 2020
Stallings, W.: Effective Cybersecurity - Understanding and Using Standards and Best Practices. Pearson Education (2019)
European Comission: Programme | H2020 | European Commission (europa.eu)-call ‘Raising awareness and developing training schemes on cybersecurity in hospitals’. https://project.securehospitals.eu/. Accessed 29 July 2020
Brooks, C., Grow, C.: Cybersecurity Essentials. Sybex (2018)
Shoemaker, D., Kohnke, A., Sigler, K.: How to Build a Cyber-Resilient Organization. CRC Press, Boca Raton (2019)
NIST: Cyber Resiliency. https://csrc.nist.gov/glossary/term/cyber_resiliency. Accessed 29 July 2020
Santos, O.: Developing Cybersecurity Programs and Policies. Pearson (2019)
CERT: CERT® Resilience Management Model, Version 1.2. https://www.sei.cmu.edu/. Accessed 29 July 2020
NIST: NIST Special Publications (SP). https://www.nist.gov/pml/weights-and-measures/publications/nist-special-publications. Accessed 29 July 2020
HITRUST Alliance: Information Risk Management and Compliance. https://hitrustalliance.net. Accessed 29 July 2020
Sulistyowati, D., Handayani, F., Suryanto, Y.: Comparative analysis and design of cybersecurity maturity assessment methodology using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS. JOIV Int. J. Inform. Vis. 4(4), 225–230 (2020)
CISA: Cyber Resilience Review (CCR): NIST Cybersecurity Framework Crosswalks. https://www.cisa.gov/sites/default/files/publications/4_CRR_4.0_Self_Assessment-NIST_CSF_v1.1_Crosswalk-April_2020.pdf. Accessed 29 July 2020
EU Agency for Cybersecurity: Cybersecurity Procurement Guide for Hospitals. https://www.enisa.europa.eu/news/enisa-news/prevention-is-the-cyberdefence-for-hospitals. Accessed 29 July 2020
Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients. https://www.phe.gov/Preparedness/planning. Accessed 29 July 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Pereira, B., Pavão, J., Carreira, D., Costa, V., Rocha, N.P. (2022). A Security Review of a Portuguese Hospital Using the Cyber Security Framework: A Case Study. In: Antipova, T. (eds) Digital Science. DSIC 2021. Lecture Notes in Networks and Systems, vol 381. Springer, Cham. https://doi.org/10.1007/978-3-030-93677-8_32
Download citation
DOI: https://doi.org/10.1007/978-3-030-93677-8_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93676-1
Online ISBN: 978-3-030-93677-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)