Cybersecurity maturity model for the protection and privacy of personal health data
Average rating
Cast your vote
You can rate an item by clicking the amount of stars they wish to award to this item.
When enough users have cast their vote on this item, the average rating will also be shown.
Star rating
Your vote was cast
Thank you for your feedback
Thank you for your feedback
Authors
Rojas, Aaron Joseph SerranoValencia, Erick Fabrizzio Paniura
Armas-Aguirre, Jimmy
Molina, Juan Manuel Madrid
Issue Date
2022-01-01
Metadata
Show full item recordJournal
Proceedings of the 2022 IEEE 2nd International Conference on Advanced Learning Technologies on Education and Research, ICALTER 2022DOI
10.1109/ICALTER57193.2022.9964729Additional Links
https://ieeexplore.ieee.org/document/9964729Abstract
This paper proposes a cybersecurity maturity model to assess the capabilities of medical organizations to identify their level of maturity, prioritizing privacy and personal data protection. There are problems such as data breaches, the lack of security measures in health information, and the poor capacity of organizations to handle cybersecurity threats that generate concern in the health sector as they seek to mitigate risks in cyberspace. The proposal, based upon C2M2 (Cybersecurity Capability Maturity Model), incorporates practices and controls which allow organizations to identify security gaps generated through cyberattacks on sensitive health patient data. This model seeks to integrate the best practices related to privacy and protection of personal data in the Peruvian legal framework through the Administrative Directive No. 294-MINSA and the personal data protection Act No. 29733. The model consists of 3 evaluation phases. 1. Assessment planning; 2. Execution of the evaluation; 3. Implementation of improvements. The model was validated and tested in a public sector medical organization in Lima, Peru. The preliminary results showed that the organization is at Level 1 with 14% of compliance with established controls, 34% in risk, threat and vulnerability management practices and 19% in supply chain management. These the 3 highest percentages of the 10 evaluated domains.Rights
info:eu-repo/semantics/embargoedAccessAttribution-NonCommercial-ShareAlike 4.0 International
Language
engae974a485f413a2113503eed53cd6c53
10.1109/ICALTER57193.2022.9964729
Scopus Count
Collections
The following license files are associated with this item:
- Creative Commons
Except where otherwise noted, this item's license is described as info:eu-repo/semantics/embargoedAccess