Paper Example. Continuous Monitoring for Security Domain: Challenges and Solutions

The health industry is one of the sectors which extensively uses the information system security domain to protect the information in the industry. Some information in the health industry is very confidential and should not be accessed by everyone. It is, therefore, essential to ensure they are safely stored and accessed only by the authorized (Cherdantseva et al., 2016). The industry has used the information system security domain to limit access to information and to encrypt some information to protect them from others (Waltermire et al., 2018). Information security is also maintained to ensure they are safe. For example, the storage of an individual's medical information is not accessible to unauthorized people. If medical information of an individual is made available to the public, the person may suffer stigmatization worsening the situation (Cherdantseva et al., 2016).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

One of the security domains used in the health industry is access control. Through this domain, the hospital can control access to information, thereby maintaining the confidentiality, availability, and integrity of information (Cook et al., 2018). Through the control, the hospital can quickly solve the challenges emerging from unauthorized individuals using, retrieving, and altering information. The domain controls access through identification, authentication, authorization, and accounting. Through identification, the user must have a user ID to be allowed to access the information. The user is then required to provide a password, fingerprints, or a smart card for authentication. Users have different access privileges, and some have full access to information while others have limited access. For example, a doctor may have the ability to place an order and access more information on a patient than a nurse. The domain also allows every user to be accountable for his/her actions. Since the users' IDs are different, an employee is made responsible for his/her actions (Cook et al., 2018). For example, a person who uses his/her access to obtain the health information of others without permission may be made to face the consequences of the action.

Another security domain used in the industry is cryptography. Cryptography concentrates on disguising information to ensure the confidentiality, integrity, and authenticity of information that is transmitted or stored (Quinn et al., 2009). This is done encryption of data, which entails the transformation of data into an unreadable ciphertext. There are two types of cryptography used, symmetrical and asymmetrical cryptography. Symmetrical cryptography uses the same secret key to encipher or decipher a message. On the other hand, asymmetrical cryptography uses two different keys, a private, and a public key (Waltermire et al., 2011). The public key can be used to encrypt and send a message while the private key is used to decrypt the message. This way, the hospital can keep the information confidential, and only the target recipient can assess it. Through this domain, the health industry has been able to solve the challenge they had before sensitive information is accessible by the public. However, hackers pose a significant threat to this communication method as they are capable of hacking the messages. To avoid vulnerability, the encryption must be very complicated such that they find it difficult to hack.

In conclusion, security domains have been a great source of security of information in the health industry. Through the security systems, the hospitals have been able to maintain the confidentiality, integrity, and authenticity of the information in the sector (Quinn et al., 2009). It has made it possible to keep medical records of patients private and accessible only by family members. As a result, it has made the life of celebrities much better since the public is not able to access their health records (Waltermire et al., 2018). However, the threat of hackers has been a significant obstacle that needs to be addressed accordingly by technology experts.

References

Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1-27. https://www.sciencedirect.com/science/article/pii/S0167404815001388

Cook, M., Quinn, S., Waltermire, D., & Prisaca, D. (2018). Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements. National Institute of Standards and Technology. https://csrc.nist.gov/publications/detail/nistir/7511/rev-5/archive/2018-01-16

Quinn, S. D., Waltermire, D. A., Johnson, C. S., Scarfone, K. A., & Banghart, J. F. (2009). The technical specification for the security content automation protocol (SCAP): SCAP version 1.0 NIST SP-800-126. https://dl.acm.org/doi/book/10.5555/2206210

Waltermire, D. A., Quinn, S. D., Booth, H., Scarfone, K., & Prisaca, D. (2018). The Technical Specification for the Security Content Automation Protocol (SCAP) Version 1.3 NIST SP-800-126rev3. https://www.nist.gov/publications/technical-specification-security-content-automation-protocol-scap-version-13

Waltermire, D. A., Quinn, S. D., Scarfone, K. A., & Halbardier, A. M. (2011). The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 NIST SP-800-126 Rev 2. https://www.nist.gov/publications/technical-specification-security-content-automation-protocol-scap-scap-version-12?pub_id=909467