nach oben

Annals of Telecommunications

Erschienen in:

15.02.2017

IT governance and risk mitigation approach for private cloud adoption: case study of provincial healthcare provider

verfasst von: Ayo Gbadeyan, Sergey Butakov, Shaun Aghili

Erschienen in: Annals of Telecommunications | Ausgabe 5-6/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Cloud computing (CC) has the potential to provide significant benefits to healthcare organizations; however, its susceptibility to security and privacy apprehensions needs to be addressed before its adoption. It is important to evaluate the risks that arise from CC prior to its adoption in healthcare projects. Failure to evaluate security and privacy concerns could result in regulatory penalties, reputation loss, financial issues, and public loss of confidence in the healthcare provider. This paper uses Alberta’s Privacy Impact Assessment (PIA) requirement and COBIT 5 for Risk as guidance to highlight CC risk assessment areas and presents an IT governance and risk mitigation approach useful for CC adoption in the healthcare industry. In compliance with Alberta’s Health Information Act (HIA), the risk assessment areas are analyzed based on the security triad with emphasis on the confidentiality principle where privacy is the main focus. The proposed approach presented in this paper can be utilized by healthcare providers to mitigate and continuously evaluate CC risks from an IT governance perspective. Although the case study uses Canadian regulations, similar considerations can be taken into account in other jurisdictions.

Vorheriger Artikel Software-defined systems support for secure cloud computing based on data classification

Nächster Artikel Efficient designated server identity-based encryption with conjunctive keyword search

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Ahuja et al (2012) A survey of the state of cloud computing in healthcare. Netw Commun Technol 12–19

Alberta Health (2014) Alberta Health Annual Report 2013–14. Retrieved from Alberta Health: http://www.health.alberta.ca/documents/Annual-Report-14.pdf

Alberta Health (2017) Alberta Health. Retrieved from Alberta Health: http://www.health.alberta.ca/about-us.html

Association of Healthcare Internal Auditors (AHIA) & Grant Thornton LLP (2013) Third-party Relationships and Your Confidential Data. Retrieved from Association of Healthcare Internal Auditors (AHIA): http://www.ahia.org/news/white-papers/third-party-relationships-and-your-confidential-data-/

Badger et al (2012) NIST Special Publication 800-146. Retrieved from NIST: http://csrc.nist.gov/publications/nistpubs/800-146/sp800-146.pdf

Becker JD, Bailey E (2014) A comparison of IT governance & control frameworks in cloud computing, Twentieth Americas Conference on Information Systems(AMCIS). Association for Information Systems (AIS), Savanah, pp 1825–1840

Canada Health Infoway (2012) Emerging Technology Series: Cloud Computing in Health White Paper. Retrieved from Canada Health Infoway: https://www.infoway-inforoute.ca/index.php/resources/technical-documents/emerging-technology/doc_download/659-cloud-computing-in-health-white-paper-full

Canadian Healthcare Technology (2014) Alberta Privacy Commissioner Investigates Big Breach. Retrieved from Canadian Healthcare Technology: http://www.canhealth.com/2014/02/alberta-privacy-commissioner-investigates-big-breach/

Chan et al. (2012) Enterprise Risk Management for Cloud Computing. Retrieved from Committee of Sponsoring Organizations of the Treadway Commission (COSO): http://www.coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf

10.

Chaput SR, Ringwood K (2010) Cloud compliance: a framework for using cloud computing in a regulated world. In Cloud Computing, pp. 241–255

11.

Cloud Security Alliance (2013) The Notorious Nine: Cloud Computing Top Threats in 2013. Retrieved from Cloud Security Alliance(CSA): https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf

12.

CSA (2011) Security Guidance for Critical Areas of Focus in Cloud Computing v3.0. Retrieved from Cloud Security Alliance (CSA): https://cloudsecurityalliance.org/download/security-guidance-for-critical-areas-of-focus-in-cloud-computing-v3/

13.

CSA (2013) "Cloud Computing Vulnerability Incidents” Document and Appendices. Retrieved from Cloud Security Alliance: https://cloudsecurityalliance.org/download/cloud-computing-vulnerability-incidents-a-statistical-overview/

14.

CSA and ISACA (2012) Cloud Computing Market Maturity: Study Results. Retrieved from ISACA: http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/2012-Cloud-Computing-Market-Maturity-Study-Results.aspx

15.

CSCC (2012) Impact of Cloud Computing on Healthcare. Retrieved from Cloud Standards Customer Council(CSCC): http://www.cloud-council.org/cscchealthcare110512.pdf

16.

ENISA (2009) Cloud Computing Risk Assessment. Retrieved from ENISA European Union Agency for Network and Information Security: http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment

17.

Gatewood V (2013) Aspirations to reality: filling the cloud computing performance gap. ISACA 2:6–9

18.

Government of Alberta: Health and Wellness (2012) Alberta Netcare. Retrieved from Alberta Health: http://www.albertanetcare.ca/documents/ABNetcarePortal_PIA.pdf

19.

Hines C (2015) What the Anthem Breach Means for Healthcare Security. Retrieved from Cloud Security Alliance: https://blog.cloudsecurityalliance.org/2015/02/06/anthem-breach-means-healthcare-security/

20.

Hitachi (2012) How to Improve Healthcare with Cloud Computing. Retrieved from Hitachi Data Systems: http://docs.media.bitpipe.com/io_10x/io_108673/item_650544/cloud%20computing%20wp.pdf

21.

IPC/Ontario (2004) A Guide to the Personal Health Information and Protection Act. Retrieved from Information and Privacy Commissioner/Ontario: https://www.ipc.on.ca/images/resources/hguide-e.pdf

22.

ISACA (2012) An ISACA Cloud Computing Vision Series: Guiding Principles for Cloud Adoption and Use. Retrieved from ISACA: http://www.isaca.org/Knowledge-Center/Research/Documents/Guiding-Principles-Cloud_whp_Eng_0212.pdf

23.

ISACA (2013a) Cloud Governance: Questions Boards of Directors Need to Ask; An ISACA Cloud Vision Series White Paper. Retrieved from ISACA: http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Cloud-Governance-Questions-Boards-of-Directors-Need-to-Ask.aspx

24.

ISACA (2013b) COBIT 5 for Risk

25.

ISACA (2014) Controls and Assurance in the Cloud: Using COBIT 5. Retrieved from ISACA: http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Controls-and-Assurance-in-the-Cloud-Using-COBIT-5.aspx

26.

Kuo AM-H (2011) Opportunities and challenges of cloud computing to improve health care services. J Med Internet Res:1–21

27.

Marks L (2013) Governance implementation—COBIT 5 and ISO. ISACA 1:17–23 Retrieved from http://www.isaca.org/Journal/archives/2013/Volume-1/Documents/13v1-Governance-Implementation.pdf

28.

McCann E (2012) Forecast looks clear for cloud computing. Retrieved from Healthcare IT News: http://www.healthcareitnews.com/news/forecasts-look-clear-cloud-computing

29.

Meis R, Heisel M (2016) Supporting privacy impact assessments using problem-based privacy analysis. In Software Technologies, pp 79–98

30.

Mell P, Grance T (2011) SP 800-145, The NIST Definition of Cloud. Retrieved from National Institute of Standards and Technology (NIST): http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

31.

NIST (2012) NIST SPECIAL PUBLICATIONS. Retrieved from National Institute of Standards and Technology (NIST): http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf

32.

OIPC (2010) Privacy Impact Assesssment Requirement. Retrieved from Office of the Information and Privacy Commissioner(OIPC) of Alberta: http://www.oipc.ab.ca/Content_Files/Files/PIAs/PIA_Requirements_2010.pdf

33.

OPC (2011) Privacy Impact Assessment. Retrieved from Office of the Privacy Commissioner of Canada: https://www.priv.gc.ca/resource/fs-fi/02_05_d_33_e.asp

34.

Rodrigues JJ, de la Torre I, Fernández G, López-Coronado M (2013) Analysis of the security and privacy requirements of cloud-based electronic health records systems. J Med Internet Res, 15(8)

35.

Rossi B (2015) How Anthem was breached – and how you can prevent it happening to you - See more at: http://www.information-age.com/technology/security/123458996/how-anthem-was-breached-and-how-you-can-prevent-it-happening-you#sthash.jGqewgq2.dpuf . Retrieved from Information Age: http://www.information-age.com/technology/security/123458996/how-anthem-was-breached-and-how-you-can-prevent-it-happening-you

36.

Schrutt M (2013) IDC and TELUS Enterprise Cloud Study, 2013: Capitalizing on Cloud's Window od Opportunity for Business Value. Retrieved from TELUS: http://resources-business.telus.com/cms/files/files/000/000/583/original/IDC_TELUS_Cloud_Study_June_3_FINAL.pdf

37.

ServiceMesh (2013) Enterprice Cloud Governance: Requirements and Best Practices. Retrieved from CSC: https://assets1.csc.com/cloud/downloads/8217_21_Cloud_Governance_White_Paper_v7_Web.pdf

38.

Tancock D, Pearson S, & Charlesworth A (2013) A privacy impact assessment tool. In Privacy and Security for Cloud Computing. Springer.

39.

Theoharidou et al (2013) Privacy risks, security accountability in the cloud, 5th IEEE Conference on Cloud Computing Technology and Science. IEEE Press, United Kingdom, pp 177–184

40.

Wan et al. (2010) Six questions every health industry executive should ask about cloud computing. Retrieved from Accenture: http://newsroom.accenture.com/images/20020/HealthcareCloud.pdf

41.

Zeng K, Cavoukian A (2010) Modelling cloud computing architecture without compromising privacy: a privacy by design approach. Retrieved from Privacy by Design: https://www.privacybydesign.ca/content/uploads/2010/07/pbd-NEC-cloud.pdf

42.

Zhang R, Lui L (2010) Security models and requirements for healthcare application clouds, IEEE 3rd International Conference on Cloud Computing. IEEE, Miami, Florida, pp 268–275

Titel: IT governance and risk mitigation approach for private cloud adoption: case study of provincial healthcare provider
verfasst von: Ayo Gbadeyan
Sergey Butakov
Shaun Aghili
Publikationsdatum: 15.02.2017
Verlag: Springer Paris
Erschienen in: Annals of Telecommunications / Ausgabe 5-6/2017
Print ISSN: 0003-4347
Elektronische ISSN: 1958-9395
DOI: https://doi.org/10.1007/s12243-017-0568-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 5-6/2017

An empirical study on acceptance of secure healthcare service in Malaysia, Pakistan, and Saudi Arabia: a mobile cloud computing perspective

The three-dimensional model for dependability integration in cloud computing

Modeling network traffic for traffic matrix estimation and anomaly detection based on Bayesian network in cloud computing networks

Software-defined systems support for secure cloud computing based on data classification

EACF: extensible access control framework for cloud environments

Securing wireless sensor networks for improved performance in cloud-based environments

Premium Partner