Visible to the public Cybersecurity maturity model for the protection and privacy of personal health data

Submitted by grigby1 on Thu, 01/05/2023 - 4:39pm
TitleCybersecurity maturity model for the protection and privacy of personal health data
Publication TypeConference Paper
Year of Publication2022
AuthorsRojas, Aarón Joseph Serrano, Valencia, Erick Fabrizzio Paniura, Armas-Aguirre, Jimmy, Molina, Juan Manuel Madrid
Conference Name2022 IEEE 2nd International Conference on Advanced Learning Technologies on Education & Research (ICALTER)
KeywordsData models, data privacy, data protection, health information, Maturity Model, Metrics, Organizations, Program management, Proposals, pubcrawl, risk management, supply chain management, supply chain risk assessment
AbstractThis paper proposes a cybersecurity maturity model to assess the capabilities of medical organizations to identify their level of maturity, prioritizing privacy and personal data protection. There are problems such as data breaches, the lack of security measures in health information, and the poor capacity of organizations to handle cybersecurity threats that generate concern in the health sector as they seek to mitigate risks in cyberspace. The proposal, based upon C2M2 (Cybersecurity Capability Maturity Model), incorporates practices and controls which allow organizations to identify security gaps generated through cyberattacks on sensitive health patient data. This model seeks to integrate the best practices related to privacy and protection of personal data in the Peruvian legal framework through the Administrative Directive No. 294-MINSA and the personal data protection Act No. 29733. The model consists of 3 evaluation phases. 1. Assessment planning; 2. Execution of the evaluation; 3. Implementation of improvements. The model was validated and tested in a public sector medical organization in Lima, Peru. The preliminary results showed that the organization is at Level 1 with 14% of compliance with established controls, 34% in risk, threat and vulnerability management practices and 19% in supply chain management. These the 3 highest percentages of the 10 evaluated domains.
DOI10.1109/ICALTER57193.2022.9964729
Citation Keyrojas_cybersecurity_2022
Groups: