Risk-driven security metrics development for an e-health IoT application

Reijo M. Savola, Pekka Savolainen, Antti Evesti, Habtamu Abie, Markus Sihvonen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

10 Citations (Scopus)

Abstract

Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.
Original languageEnglish
Title of host publicationInformation Security for South Africa (ISSA), 2015
PublisherInstitute of Electrical and Electronic Engineers IEEE
Pages1 - 6
ISBN (Electronic)978-1-4799-7755-0, 978-1-4799-7754-3
DOIs
Publication statusPublished - 23 Nov 2015
MoE publication typeA4 Article in a conference publication
Event14th International Information Security South Africa Conference, ISSA 2015 - Johannesburg, South Africa
Duration: 12 Aug 201514 Aug 2015
Conference number: 14

Conference

Conference14th International Information Security South Africa Conference, ISSA 2015
Abbreviated titleISSA 2015
CountrySouth Africa
CityJohannesburg
Period12/08/1514/08/15

Fingerprint

Health
Decision making
Decomposition
Internet of things

Keywords

  • android
  • risk analysis
  • security effectiveness
  • security metrics

Cite this

Savola, R. M., Savolainen, P., Evesti, A., Abie, H., & Sihvonen, M. (2015). Risk-driven security metrics development for an e-health IoT application. In Information Security for South Africa (ISSA), 2015 (pp. 1 - 6). Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/ISSA.2015.7335061
Savola, Reijo M. ; Savolainen, Pekka ; Evesti, Antti ; Abie, Habtamu ; Sihvonen, Markus. / Risk-driven security metrics development for an e-health IoT application. Information Security for South Africa (ISSA), 2015. Institute of Electrical and Electronic Engineers IEEE, 2015. pp. 1 - 6
@inproceedings{8e8be36f9e674d7cadbb008742806ee1,
title = "Risk-driven security metrics development for an e-health IoT application",
abstract = "Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.",
keywords = "android, risk analysis, security effectiveness, security metrics",
author = "Savola, {Reijo M.} and Pekka Savolainen and Antti Evesti and Habtamu Abie and Markus Sihvonen",
year = "2015",
month = "11",
day = "23",
doi = "10.1109/ISSA.2015.7335061",
language = "English",
pages = "1 -- 6",
booktitle = "Information Security for South Africa (ISSA), 2015",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Savola, RM, Savolainen, P, Evesti, A, Abie, H & Sihvonen, M 2015, Risk-driven security metrics development for an e-health IoT application. in Information Security for South Africa (ISSA), 2015. Institute of Electrical and Electronic Engineers IEEE, pp. 1 - 6, 14th International Information Security South Africa Conference, ISSA 2015, Johannesburg, South Africa, 12/08/15. https://doi.org/10.1109/ISSA.2015.7335061

Risk-driven security metrics development for an e-health IoT application. / Savola, Reijo M.; Savolainen, Pekka; Evesti, Antti; Abie, Habtamu; Sihvonen, Markus.

Information Security for South Africa (ISSA), 2015. Institute of Electrical and Electronic Engineers IEEE, 2015. p. 1 - 6.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Risk-driven security metrics development for an e-health IoT application

AU - Savola, Reijo M.

AU - Savolainen, Pekka

AU - Evesti, Antti

AU - Abie, Habtamu

AU - Sihvonen, Markus

PY - 2015/11/23

Y1 - 2015/11/23

N2 - Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.

AB - Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.

KW - android

KW - risk analysis

KW - security effectiveness

KW - security metrics

U2 - 10.1109/ISSA.2015.7335061

DO - 10.1109/ISSA.2015.7335061

M3 - Conference article in proceedings

SP - 1

EP - 6

BT - Information Security for South Africa (ISSA), 2015

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Savola RM, Savolainen P, Evesti A, Abie H, Sihvonen M. Risk-driven security metrics development for an e-health IoT application. In Information Security for South Africa (ISSA), 2015. Institute of Electrical and Electronic Engineers IEEE. 2015. p. 1 - 6 https://doi.org/10.1109/ISSA.2015.7335061