Cybersecurity maturity model for the protection and privacy of personal health data
Descripción del Articulo
This paper proposes a cybersecurity maturity model to assess the capabilities of medical organizations to identify their level of maturity, prioritizing privacy and personal data protection. There are problems such as data breaches, the lack of security measures in health information, and the poor c...
| Autores: | , , , |
|---|---|
| Formato: | artículo |
| Fecha de Publicación: | 2022 |
| Institución: | Universidad Peruana de Ciencias Aplicadas |
| Repositorio: | UPC-Institucional |
| Lenguaje: | inglés |
| OAI Identifier: | oai:repositorioacademico.upc.edu.pe:10757/669610 |
| Enlace del recurso: | http://hdl.handle.net/10757/669610 |
| Nivel de acceso: | acceso embargado |
| Materia: | Data privacy Health Information Maturity Model |
| id |
UUPC_05997a3be85a67db387f4bd25984cc49 |
|---|---|
| oai_identifier_str |
oai:repositorioacademico.upc.edu.pe:10757/669610 |
| network_acronym_str |
UUPC |
| network_name_str |
UPC-Institucional |
| repository_id_str |
2670 |
| dc.title.es_PE.fl_str_mv |
Cybersecurity maturity model for the protection and privacy of personal health data |
| title |
Cybersecurity maturity model for the protection and privacy of personal health data |
| spellingShingle |
Cybersecurity maturity model for the protection and privacy of personal health data Rojas, Aaron Joseph Serrano Data privacy Health Information Maturity Model |
| title_short |
Cybersecurity maturity model for the protection and privacy of personal health data |
| title_full |
Cybersecurity maturity model for the protection and privacy of personal health data |
| title_fullStr |
Cybersecurity maturity model for the protection and privacy of personal health data |
| title_full_unstemmed |
Cybersecurity maturity model for the protection and privacy of personal health data |
| title_sort |
Cybersecurity maturity model for the protection and privacy of personal health data |
| author |
Rojas, Aaron Joseph Serrano |
| author_facet |
Rojas, Aaron Joseph Serrano Valencia, Erick Fabrizzio Paniura Armas-Aguirre, Jimmy Molina, Juan Manuel Madrid |
| author_role |
author |
| author2 |
Valencia, Erick Fabrizzio Paniura Armas-Aguirre, Jimmy Molina, Juan Manuel Madrid |
| author2_role |
author author author |
| dc.contributor.author.fl_str_mv |
Rojas, Aaron Joseph Serrano Valencia, Erick Fabrizzio Paniura Armas-Aguirre, Jimmy Molina, Juan Manuel Madrid |
| dc.subject.es_PE.fl_str_mv |
Data privacy Health Information Maturity Model |
| topic |
Data privacy Health Information Maturity Model |
| description |
This paper proposes a cybersecurity maturity model to assess the capabilities of medical organizations to identify their level of maturity, prioritizing privacy and personal data protection. There are problems such as data breaches, the lack of security measures in health information, and the poor capacity of organizations to handle cybersecurity threats that generate concern in the health sector as they seek to mitigate risks in cyberspace. The proposal, based upon C2M2 (Cybersecurity Capability Maturity Model), incorporates practices and controls which allow organizations to identify security gaps generated through cyberattacks on sensitive health patient data. This model seeks to integrate the best practices related to privacy and protection of personal data in the Peruvian legal framework through the Administrative Directive No. 294-MINSA and the personal data protection Act No. 29733. The model consists of 3 evaluation phases. 1. Assessment planning; 2. Execution of the evaluation; 3. Implementation of improvements. The model was validated and tested in a public sector medical organization in Lima, Peru. The preliminary results showed that the organization is at Level 1 with 14% of compliance with established controls, 34% in risk, threat and vulnerability management practices and 19% in supply chain management. These the 3 highest percentages of the 10 evaluated domains. |
| publishDate |
2022 |
| dc.date.accessioned.none.fl_str_mv |
2023-12-08T04:17:16Z |
| dc.date.available.none.fl_str_mv |
2023-12-08T04:17:16Z |
| dc.date.issued.fl_str_mv |
2022-01-01 |
| dc.type.article.es_PE.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| dc.identifier.doi.none.fl_str_mv |
10.1109/ICALTER57193.2022.9964729 |
| dc.identifier.uri.none.fl_str_mv |
http://hdl.handle.net/10757/669610 |
| dc.identifier.journal.es_PE.fl_str_mv |
Proceedings of the 2022 IEEE 2nd International Conference on Advanced Learning Technologies on Education and Research, ICALTER 2022 |
| dc.identifier.eid.none.fl_str_mv |
2-s2.0-85144115946 |
| dc.identifier.scopusid.none.fl_str_mv |
SCOPUS_ID:85144115946 |
| dc.identifier.isni.none.fl_str_mv |
0000 0001 2196 144X |
| identifier_str_mv |
10.1109/ICALTER57193.2022.9964729 Proceedings of the 2022 IEEE 2nd International Conference on Advanced Learning Technologies on Education and Research, ICALTER 2022 2-s2.0-85144115946 SCOPUS_ID:85144115946 0000 0001 2196 144X |
| url |
http://hdl.handle.net/10757/669610 |
| dc.language.iso.es_PE.fl_str_mv |
eng |
| language |
eng |
| dc.relation.url.es_PE.fl_str_mv |
https://ieeexplore.ieee.org/document/9964729 |
| dc.rights.es_PE.fl_str_mv |
info:eu-repo/semantics/embargoedAccess |
| dc.rights.*.fl_str_mv |
Attribution-NonCommercial-ShareAlike 4.0 International |
| dc.rights.uri.*.fl_str_mv |
http://creativecommons.org/licenses/by-nc-sa/4.0/ |
| eu_rights_str_mv |
embargoedAccess |
| rights_invalid_str_mv |
Attribution-NonCommercial-ShareAlike 4.0 International http://creativecommons.org/licenses/by-nc-sa/4.0/ |
| dc.format.es_PE.fl_str_mv |
application/pdf |
| dc.publisher.es_PE.fl_str_mv |
Institute of Electrical and Electronics Engineers Inc. |
| dc.source.es_PE.fl_str_mv |
Repositorio Academico - UPC Universidad Peruana de Ciencias Aplicadas (UPC) |
| dc.source.none.fl_str_mv |
reponame:UPC-Institucional instname:Universidad Peruana de Ciencias Aplicadas instacron:UPC |
| instname_str |
Universidad Peruana de Ciencias Aplicadas |
| instacron_str |
UPC |
| institution |
UPC |
| reponame_str |
UPC-Institucional |
| collection |
UPC-Institucional |
| dc.source.journaltitle.none.fl_str_mv |
Proceedings of the 2022 IEEE 2nd International Conference on Advanced Learning Technologies on Education and Research, ICALTER 2022 |
| bitstream.url.fl_str_mv |
https://repositorioacademico.upc.edu.pe/bitstream/10757/669610/2/license.txt https://repositorioacademico.upc.edu.pe/bitstream/10757/669610/1/license_rdf |
| bitstream.checksum.fl_str_mv |
8a4605be74aa9ea9d79846c1fba20a33 934f4ca17e109e0a05eaeaba504d7ce4 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio académico upc |
| repository.mail.fl_str_mv |
upc@openrepository.com |
| _version_ |
1846065954741551104 |
| spelling |
1caa54282a4b90b91ebb44aa3d03b8c5300fc5aedbaa7de9c49e164911a98caaa723004832ce656228b995761b32f4527dfa586f49d38bcc83c53ed8844d55afb6b6e3500Rojas, Aaron Joseph SerranoValencia, Erick Fabrizzio PaniuraArmas-Aguirre, JimmyMolina, Juan Manuel Madrid2023-12-08T04:17:16Z2023-12-08T04:17:16Z2022-01-0110.1109/ICALTER57193.2022.9964729http://hdl.handle.net/10757/669610Proceedings of the 2022 IEEE 2nd International Conference on Advanced Learning Technologies on Education and Research, ICALTER 20222-s2.0-85144115946SCOPUS_ID:851441159460000 0001 2196 144XThis paper proposes a cybersecurity maturity model to assess the capabilities of medical organizations to identify their level of maturity, prioritizing privacy and personal data protection. There are problems such as data breaches, the lack of security measures in health information, and the poor capacity of organizations to handle cybersecurity threats that generate concern in the health sector as they seek to mitigate risks in cyberspace. The proposal, based upon C2M2 (Cybersecurity Capability Maturity Model), incorporates practices and controls which allow organizations to identify security gaps generated through cyberattacks on sensitive health patient data. This model seeks to integrate the best practices related to privacy and protection of personal data in the Peruvian legal framework through the Administrative Directive No. 294-MINSA and the personal data protection Act No. 29733. The model consists of 3 evaluation phases. 1. Assessment planning; 2. Execution of the evaluation; 3. Implementation of improvements. The model was validated and tested in a public sector medical organization in Lima, Peru. The preliminary results showed that the organization is at Level 1 with 14% of compliance with established controls, 34% in risk, threat and vulnerability management practices and 19% in supply chain management. These the 3 highest percentages of the 10 evaluated domains.Revisión por paresapplication/pdfengInstitute of Electrical and Electronics Engineers Inc.https://ieeexplore.ieee.org/document/9964729info:eu-repo/semantics/embargoedAccessAttribution-NonCommercial-ShareAlike 4.0 Internationalhttp://creativecommons.org/licenses/by-nc-sa/4.0/Repositorio Academico - UPCUniversidad Peruana de Ciencias Aplicadas (UPC)Proceedings of the 2022 IEEE 2nd International Conference on Advanced Learning Technologies on Education and Research, ICALTER 2022reponame:UPC-Institucionalinstname:Universidad Peruana de Ciencias Aplicadasinstacron:UPCData privacyHealth InformationMaturity ModelCybersecurity maturity model for the protection and privacy of personal health datainfo:eu-repo/semantics/articleLICENSElicense.txtlicense.txttext/plain; charset=utf-81748https://repositorioacademico.upc.edu.pe/bitstream/10757/669610/2/license.txt8a4605be74aa9ea9d79846c1fba20a33MD52falseCC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-81031https://repositorioacademico.upc.edu.pe/bitstream/10757/669610/1/license_rdf934f4ca17e109e0a05eaeaba504d7ce4MD51false10757/669610oai:repositorioacademico.upc.edu.pe:10757/6696102023-12-08 04:17:17.525Repositorio académico upcupc@openrepository.comTk9URTogUExBQ0UgWU9VUiBPV04gTElDRU5TRSBIRVJFClRoaXMgc2FtcGxlIGxpY2Vuc2UgaXMgcHJvdmlkZWQgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seS4KCk5PTi1FWENMVVNJVkUgRElTVFJJQlVUSU9OIExJQ0VOU0UKCkJ5IHNpZ25pbmcgYW5kIHN1Ym1pdHRpbmcgdGhpcyBsaWNlbnNlLCB5b3UgKHRoZSBhdXRob3Iocykgb3IgY29weXJpZ2h0Cm93bmVyKSBncmFudHMgdG8gRFNwYWNlIFVuaXZlcnNpdHkgKERTVSkgdGhlIG5vbi1leGNsdXNpdmUgcmlnaHQgdG8gcmVwcm9kdWNlLAp0cmFuc2xhdGUgKGFzIGRlZmluZWQgYmVsb3cpLCBhbmQvb3IgZGlzdHJpYnV0ZSB5b3VyIHN1Ym1pc3Npb24gKGluY2x1ZGluZwp0aGUgYWJzdHJhY3QpIHdvcmxkd2lkZSBpbiBwcmludCBhbmQgZWxlY3Ryb25pYyBmb3JtYXQgYW5kIGluIGFueSBtZWRpdW0sCmluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8gYXVkaW8gb3IgdmlkZW8uCgpZb3UgYWdyZWUgdGhhdCBEU1UgbWF5LCB3aXRob3V0IGNoYW5naW5nIHRoZSBjb250ZW50LCB0cmFuc2xhdGUgdGhlCnN1Ym1pc3Npb24gdG8gYW55IG1lZGl1bSBvciBmb3JtYXQgZm9yIHRoZSBwdXJwb3NlIG9mIHByZXNlcnZhdGlvbi4KCllvdSBhbHNvIGFncmVlIHRoYXQgRFNVIG1heSBrZWVwIG1vcmUgdGhhbiBvbmUgY29weSBvZiB0aGlzIHN1Ym1pc3Npb24gZm9yCnB1cnBvc2VzIG9mIHNlY3VyaXR5LCBiYWNrLXVwIGFuZCBwcmVzZXJ2YXRpb24uCgpZb3UgcmVwcmVzZW50IHRoYXQgdGhlIHN1Ym1pc3Npb24gaXMgeW91ciBvcmlnaW5hbCB3b3JrLCBhbmQgdGhhdCB5b3UgaGF2ZQp0aGUgcmlnaHQgdG8gZ3JhbnQgdGhlIHJpZ2h0cyBjb250YWluZWQgaW4gdGhpcyBsaWNlbnNlLiBZb3UgYWxzbyByZXByZXNlbnQKdGhhdCB5b3VyIHN1Ym1pc3Npb24gZG9lcyBub3QsIHRvIHRoZSBiZXN0IG9mIHlvdXIga25vd2xlZGdlLCBpbmZyaW5nZSB1cG9uCmFueW9uZSdzIGNvcHlyaWdodC4KCklmIHRoZSBzdWJtaXNzaW9uIGNvbnRhaW5zIG1hdGVyaWFsIGZvciB3aGljaCB5b3UgZG8gbm90IGhvbGQgY29weXJpZ2h0LAp5b3UgcmVwcmVzZW50IHRoYXQgeW91IGhhdmUgb2J0YWluZWQgdGhlIHVucmVzdHJpY3RlZCBwZXJtaXNzaW9uIG9mIHRoZQpjb3B5cmlnaHQgb3duZXIgdG8gZ3JhbnQgRFNVIHRoZSByaWdodHMgcmVxdWlyZWQgYnkgdGhpcyBsaWNlbnNlLCBhbmQgdGhhdApzdWNoIHRoaXJkLXBhcnR5IG93bmVkIG1hdGVyaWFsIGlzIGNsZWFybHkgaWRlbnRpZmllZCBhbmQgYWNrbm93bGVkZ2VkCndpdGhpbiB0aGUgdGV4dCBvciBjb250ZW50IG9mIHRoZSBzdWJtaXNzaW9uLgoKSUYgVEhFIFNVQk1JU1NJT04gSVMgQkFTRUQgVVBPTiBXT1JLIFRIQVQgSEFTIEJFRU4gU1BPTlNPUkVEIE9SIFNVUFBPUlRFRApCWSBBTiBBR0VOQ1kgT1IgT1JHQU5JWkFUSU9OIE9USEVSIFRIQU4gRFNVLCBZT1UgUkVQUkVTRU5UIFRIQVQgWU9VIEhBVkUKRlVMRklMTEVEIEFOWSBSSUdIVCBPRiBSRVZJRVcgT1IgT1RIRVIgT0JMSUdBVElPTlMgUkVRVUlSRUQgQlkgU1VDSApDT05UUkFDVCBPUiBBR1JFRU1FTlQuCgpEU1Ugd2lsbCBjbGVhcmx5IGlkZW50aWZ5IHlvdXIgbmFtZShzKSBhcyB0aGUgYXV0aG9yKHMpIG9yIG93bmVyKHMpIG9mIHRoZQpzdWJtaXNzaW9uLCBhbmQgd2lsbCBub3QgbWFrZSBhbnkgYWx0ZXJhdGlvbiwgb3RoZXIgdGhhbiBhcyBhbGxvd2VkIGJ5IHRoaXMKbGljZW5zZSwgdG8geW91ciBzdWJtaXNzaW9uLgo= |
| score |
13.945322 |
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
