Article Details

Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

Comparative Analysis of Threat Modeling Methods for Cloud Computing towards Healthcare Security Practice

Author 1: Prosper K. Yeng
Author 2: Stephen D. Wulthusen
Author 3: Bian Yang

Download PDF

Digital Object Identifier (DOI) : 10.14569/IJACSA.2020.0111194

Article Published in International Journal of Advanced Computer Science and Applications(IJACSA), Volume 11 Issue 11, 2020.

Abstract: Healthcare organizations consist of unique activities including collaborating on patients care and emergency care. The sector also accumulates high sensitive multifaceted patients’ data such as text reports, radiology images and pathological slides. The large volume of the data is often stored as Electronic Health Records (EHR) which must be frequently updated while ensuring higher percentage up-time for constant availability of patients’ records. Healthcare as a critical infrastructure also needs highly skilled IT personnel, Information and Communication Technol-ogy (ICT) and infrastructure with regular maintenance culture. Fortunately, cloud computing can provide these necessary services at a lower cost. But with all thees enormous benefits of cloud computing, it is characterized with various information security issues which is not enticing to healthcare. Amid many threat modelling methods, which of them is suitable for identifying cloud related threats towards the adoption of cloud computing for healthcare? This paper compared threat modelling methods to determine their suitability for identifying and managing healthcare related threats in cloud computing. Threat modelling in pervasive computing (TMP) was identified to be suitable and can be combined with Attack Tree (AT), Attack Graph (AG) and Practical Threat Analysis (PTA) or STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege). Also Attack Tree (AT) could be complemented with TMP, AG and STRIDE or PTA. Healthcare IT security professionals can hence rely on these methods in their security practices, to identify cloud related threats for healthcare. Essentially, privacy related threat modeling methods such as LINDDUN framework, need to be included in these synergy of cloud related threat modelling methods towards enhancing security and privacy for healthcare needs.

Keywords: Cloud computing; healthcare; threat modelling; security practice; data privacy

Prosper K. Yeng, Stephen D. Wulthusen and Bian Yang, “Comparative Analysis of Threat Modeling Methods for Cloud Computing towards Healthcare Security Practice” International Journal of Advanced Computer Science and Applications(IJACSA), 11(11), 2020. http://dx.doi.org/10.14569/IJACSA.2020.0111194

@article{Yeng2020,
title = {Comparative Analysis of Threat Modeling Methods for Cloud Computing towards Healthcare Security Practice},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2020.0111194},
url = {http://dx.doi.org/10.14569/IJACSA.2020.0111194},
year = {2020},
publisher = {The Science and Information Organization},
volume = {11},
number = {11},
author = {Prosper K. Yeng and Stephen D. Wulthusen and Bian Yang}
}

IJACSA

Upcoming Conferences

IntelliSys 2021

2-3 September 2021

Future Technologies Conference (FTC) 2021

28-29 October 2021

Future of Information and Communication Conference (FICC) 2022

3-4 March 2022

Computing Conference 2022

14-15 July 2022