IEEE Std 11073-40102 pdf free download
IEEE Std 11073-40102 pdf free download.Health informatics—Device interoperability Part 40102: Foundational—Cybersecurity—Capabilities for mitigation.
4. Information security
4.1 General
Within the context of PHD/PoCD interfaces, security is most frequently used in reference to information security. It describes characteristics of information-processing and information-storing systems, which maximize confidentiality (see 4.2), integrity (see 4.3), and availability (see 4.4). These three core principles of information security are called the CIA triad. Information security helps protect from dangers and/or threats, avoid damage, and minimize risks. The extended (‘IA triad additionally includes non-repudiation (see 4.5) as a principle.
4.2 Confidentiality
Confidentiality has been defined by the International Organization for Standardization in ISO/IEC 27002 [B 12] as “ensuring that information is accessible only to those authorized to have access.” Minimizing disclosure of information to unauthorized individuals or systems is one cornerstone of information security. A confidentiality breach might take many forms, even if no information technology is involved, e.g., eavesdropping on conversations of others, looking over the shoulder to read information, looking into secret documents, injecting a computer virus, or using a Trojan horse that sends information to another person. In the context of PHD/PoCD, a confidentiality breach primarily means eavesdropping on information somewhere between the source (e.g., sensor) and the receiver (e.g., personal computer, physician’s computer, hospital server) or unauthorized access to stored information. To enforce confidentiality, the information could be encrypted during transmission (i.e., data in transit) and storage (i.e., data at rest) as well as requiring authentication and/or authorization with in the request before transmission.
Privacy is an important part of confidentiality, especially when it comes to protected health information (PHI). PHI is defined as individually identifiable health infbrmation transmitted or maintained by a covered entity or its business associates in any form or medium (45CFR160.103 [B I]). The U.S. Health Insurance Portability and Accountability Act (HIPAA) limits the circumstances in which an individual’s PHI may be used or disclosed by covered entities (HHS [B7]). Similarly, the EU General Data Protection Regulation states that personal data shall be processed lawfully, fairly, and in a transparent manner; collected for specified, explicit, and legitimate purpose; and kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed (Official Journal of the EU [B 19]).
4.3 Integrity
In information security, integrity (also known as authenticity) means that data is not modified or deleted without authorization. Integrity is violated when information is changed by a user that is not authorized to do so. A security breach related to integrity might occur directly on the devices (e.g., because of a virus) and on the way from information source to receiver.
Authentication technologies help ensure that the original data is not altered or deleted during the transfer. They also provide technological means to check if the data came from the right sender and not from a sender that only pretends to be the sender. This is achieved, for example, through electronic signatures and certificates.
4.4 Availability
Information security availability means the information is available when it is needed by authorized users. The computing systems (physical and digital) used to store and process the information, the security controls used to protect it, and the communication channels used to access it have to be functioning correctly and reliably.IEEE Std 11073-40102 pdf download.
