Asee peer logo

Data Loss Prevention Management in Healthcare Enterprise Environments

Download Paper |

Conference

2014 ASEE Annual Conference & Exposition

Location

Indianapolis, Indiana

Publication Date

June 15, 2014

Start Date

June 15, 2014

End Date

June 18, 2014

ISSN

2153-5965

Conference Session

Topics in Computing and Information Technologies

Tagged Division

Computing & Information Technology

Page Count

11

Page Numbers

24.352.1 - 24.352.11

DOI

10.18260/1-2--20243

Permanent URL

https://peer.asee.org/20243

Download Count

179

Request a correction

Paper Authors

biography

Manghui Tu Purdue University Calumet

visit author page

Manghui Tu, assistant professor of Computer Information Technology, Purdue University Calumet, USA. He received his Ph.D. degree of computer science from the University of Texas at Dallas in December 2006. His research interests include distributed computing, information security, and computer forensics.

visit author page

biography

Kimberly Lynn Spoa-Harty Purdue University Calumet Graduate Student

visit author page

System Engineer and Architect, work with security standards for desktop standardization and implementation. Experience is over 10 years in Information Technology. Currently working towards a Master of Science at the School of Technology.

visit author page

Download Paper |

Abstract

As healthcare data are pushed online, consumers have raised great concerns on databreach of their personal information. Also, law and regulations have placed businessesand public organizations under obligations to take actions to prevent data breach. Amongvarious threats, insider threats have been identified to be a major threat on data loss.Thus, effective mechanisms to control insider threats to prevent data loss are urgentlyneeded. The objective of this research is to address data loss prevention challenges in thehealthcare enterprise environment. First, a novel approach is provided to model internalthreat, specifically inside activities, to provide a genuine method that can formallydescribe inside activities. With inside activities modeling, data loss paths and threatvectors are formally described and identified. Then, threat vectors and potential data losspaths have been investigated in a healthcare enterprise environment. Threat vectors havebeen enumerated and data loss statistics for some threat vectors have been collected.Finally, evidences of inside activities are modeled and the models are expected to provideguidance for internal activity incident identification, detection and reconstruction

Tu, M., & Spoa-Harty, K. L. (2014, June), Data Loss Prevention Management in Healthcare Enterprise Environments Paper presented at 2014 ASEE Annual Conference & Exposition, Indianapolis, Indiana. 10.18260/1-2--20243

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2014 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015