Data Loss Prevention Management in Healthcare Enterprise Environments
- Conference
- Location
-
Indianapolis, Indiana
- Publication Date
-
June 15, 2014
- Start Date
-
June 15, 2014
- End Date
-
June 18, 2014
- ISSN
-
2153-5965
- Conference Session
- Tagged Division
-
Computing & Information Technology
- Page Count
-
11
- Page Numbers
-
24.352.1 - 24.352.11
- DOI
-
10.18260/1-2--20243
- Permanent URL
-
https://peer.asee.org/20243
- Download Count
-
624
Paper Authors
Manghui Tu Purdue University Calumet
Manghui Tu, assistant professor of Computer Information Technology, Purdue University Calumet, USA. He received his Ph.D. degree of computer science from the University of Texas at Dallas in December 2006. His research interests include distributed computing, information security, and computer forensics.
Kimberly Lynn Spoa-Harty Purdue University Calumet Graduate Student
System Engineer and Architect, work with security standards for desktop standardization and implementation. Experience is over 10 years in Information Technology. Currently working towards a Master of Science at the School of Technology.
Abstract
As healthcare data are pushed online, consumers have raised great concerns on databreach of their personal information. Also, law and regulations have placed businessesand public organizations under obligations to take actions to prevent data breach. Amongvarious threats, insider threats have been identified to be a major threat on data loss.Thus, effective mechanisms to control insider threats to prevent data loss are urgentlyneeded. The objective of this research is to address data loss prevention challenges in thehealthcare enterprise environment. First, a novel approach is provided to model internalthreat, specifically inside activities, to provide a genuine method that can formallydescribe inside activities. With inside activities modeling, data loss paths and threatvectors are formally described and identified. Then, threat vectors and potential data losspaths have been investigated in a healthcare enterprise environment. Threat vectors havebeen enumerated and data loss statistics for some threat vectors have been collected.Finally, evidences of inside activities are modeled and the models are expected to provideguidance for internal activity incident identification, detection and reconstruction
Tu, M., & Spoa-Harty, K. L. (2014, June), Data Loss Prevention Management in Healthcare Enterprise Environments Paper presented at 2014 ASEE Annual Conference & Exposition, Indianapolis, Indiana. 10.18260/1-2--20243
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2014 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015