Risk-driven security metrics development for an e-health IoT application

Reijo M. Savola, Pekka Savolainen, Antti Evesti, Habtamu Abie, Markus Sihvonen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    11 Citations (Scopus)

    Abstract

    Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.
    Original languageEnglish
    Title of host publicationInformation Security for South Africa (ISSA), 2015
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages1 - 6
    ISBN (Electronic)978-1-4799-7755-0, 978-1-4799-7754-3
    DOIs
    Publication statusPublished - 23 Nov 2015
    MoE publication typeA4 Article in a conference publication
    Event14th International Information Security South Africa Conference, ISSA 2015 - Johannesburg, South Africa
    Duration: 12 Aug 201514 Aug 2015
    Conference number: 14

    Conference

    Conference14th International Information Security South Africa Conference, ISSA 2015
    Abbreviated titleISSA 2015
    CountrySouth Africa
    CityJohannesburg
    Period12/08/1514/08/15

    Fingerprint

    Health
    Decision making
    Decomposition
    Internet of things

    Keywords

    • android
    • risk analysis
    • security effectiveness
    • security metrics

    Cite this

    Savola, R. M., Savolainen, P., Evesti, A., Abie, H., & Sihvonen, M. (2015). Risk-driven security metrics development for an e-health IoT application. In Information Security for South Africa (ISSA), 2015 (pp. 1 - 6). IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ISSA.2015.7335061
    Savola, Reijo M. ; Savolainen, Pekka ; Evesti, Antti ; Abie, Habtamu ; Sihvonen, Markus. / Risk-driven security metrics development for an e-health IoT application. Information Security for South Africa (ISSA), 2015. IEEE Institute of Electrical and Electronic Engineers , 2015. pp. 1 - 6
    @inproceedings{8e8be36f9e674d7cadbb008742806ee1,
    title = "Risk-driven security metrics development for an e-health IoT application",
    abstract = "Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.",
    keywords = "android, risk analysis, security effectiveness, security metrics",
    author = "Savola, {Reijo M.} and Pekka Savolainen and Antti Evesti and Habtamu Abie and Markus Sihvonen",
    year = "2015",
    month = "11",
    day = "23",
    doi = "10.1109/ISSA.2015.7335061",
    language = "English",
    pages = "1 -- 6",
    booktitle = "Information Security for South Africa (ISSA), 2015",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    address = "United States",

    }

    Savola, RM, Savolainen, P, Evesti, A, Abie, H & Sihvonen, M 2015, Risk-driven security metrics development for an e-health IoT application. in Information Security for South Africa (ISSA), 2015. IEEE Institute of Electrical and Electronic Engineers , pp. 1 - 6, 14th International Information Security South Africa Conference, ISSA 2015, Johannesburg, South Africa, 12/08/15. https://doi.org/10.1109/ISSA.2015.7335061

    Risk-driven security metrics development for an e-health IoT application. / Savola, Reijo M.; Savolainen, Pekka; Evesti, Antti; Abie, Habtamu; Sihvonen, Markus.

    Information Security for South Africa (ISSA), 2015. IEEE Institute of Electrical and Electronic Engineers , 2015. p. 1 - 6.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Risk-driven security metrics development for an e-health IoT application

    AU - Savola, Reijo M.

    AU - Savolainen, Pekka

    AU - Evesti, Antti

    AU - Abie, Habtamu

    AU - Sihvonen, Markus

    PY - 2015/11/23

    Y1 - 2015/11/23

    N2 - Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.

    AB - Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.

    KW - android

    KW - risk analysis

    KW - security effectiveness

    KW - security metrics

    U2 - 10.1109/ISSA.2015.7335061

    DO - 10.1109/ISSA.2015.7335061

    M3 - Conference article in proceedings

    SP - 1

    EP - 6

    BT - Information Security for South Africa (ISSA), 2015

    PB - IEEE Institute of Electrical and Electronic Engineers

    ER -

    Savola RM, Savolainen P, Evesti A, Abie H, Sihvonen M. Risk-driven security metrics development for an e-health IoT application. In Information Security for South Africa (ISSA), 2015. IEEE Institute of Electrical and Electronic Engineers . 2015. p. 1 - 6 https://doi.org/10.1109/ISSA.2015.7335061