scispace - formally typeset
Search or ask a question
Author

Bian Yang

Bio: Bian Yang is an academic researcher from Norwegian University of Science and Technology. The author has contributed to research in topics: Computer science & Health care. The author has an hindex of 3, co-authored 20 publications receiving 23 citations.

Papers
More filters
Proceedings ArticleDOI
15 Jul 2019
TL;DR: Observational measures relating to healthcare security practices such as self-authorization, inter-organizational accesses to PHI and ICT readiness were found to be unique and have not been factored in existing observational measures for efficient profiling of healthcare staffs.
Abstract: The healthcare sector is characterized with variant situations and services such as emergency services, collaborations in patient care and patient referrals These activities require erratic accesses and electronic exchange of personal health information (PHI) between health professionals and healthcare organizations Also, healthcare information is deemed to be among the most confidential of all types of personal data Analyzing and modeling the security threats emanating from healthcare staffs' security practices therefore need an efficient approach There is a need for tailored measures to be adopted in assessing healthcare personnel security practices in relation to Confidentiality, Integrity and Availability (CIA) threats Standards and technical security implementations, required by regulatory bodies, have resulted in tracking healthcare staffs' security practices in various data sources which can be explored for security countermeasures A literature survey was adopted to obtain the most appropriate observational measures that can be used to empirically study healthcare staffs' security practice analysis, modeling and incentivization (HSPAMI) The survey was conducted in journal and conference articles, healthcare security breaches reports and AI tools for detecting anomalous healthcare staff security practices The survey results did not find a comprehensive and tailed observational measures suitable for the HSPAMI project A comprehensive and tailored observational measures were therefore developed from healthcare standards, legal, regulatory aspects, and the code of conduct Observational measures relating to healthcare security practices such as self-authorization, inter-organizational accesses to PHI and ICT readiness were found to be unique and have not been factored in existing observational measures for efficient profiling of healthcare staffs

21 citations

Journal ArticleDOI
09 Jun 2021
TL;DR: In this article, the authors developed a comprehensive framework for modeling and analyzing health care professionals' information security practices related to their individual characteristics, such as their psychological, social, and cultural traits.
Abstract: Background: Data breaches in health care are on the rise, emphasizing the need for a holistic approach to mitigation efforts. Objective: The purpose of this study was to develop a comprehensive framework for modeling and analyzing health care professionals’ information security practices related to their individual characteristics, such as their psychological, social, and cultural traits. Methods: The study area was a hospital setting under an ongoing project called the Healthcare Security Practice Analysis, Modeling, and Incentivization (HSPAMI) project. A literature review was conducted for relevant theories and information security practices. The theories and security practices were used to develop an ontology and a comprehensive framework consisting of psychological, social, cultural, and demographic variables. Results: In the review, a number of psychological, social, and cultural theories were identified, including the health belief model, protection motivation theory, theory of planned behavior, and social control theory, in addition to some social demographic variables, to form a comprehensive set of health care professionals’ characteristics. Furthermore, an ontology was developed from these theories to systematically organize the concepts. The framework, called the psychosociocultural (PSC) framework, was then developed from the various combined psychological and sociocultural attributes of the ontology. The Human Aspect of Information Security Questionnaire was adopted as a comprehensive tool for gathering staff security practices as mediating variables in the framework. Conclusions: Data breaches occur often in health care today. This frequency has been attributed to the lack of experience of health care professionals in information security, the lack of development of conscious care security practices, and the lack of motivation to incentivize health care professionals. The frequent data breaches in health care threaten the mutual trust between health care professionals and patients, which implicitly impacts the quality of the health care service. The modeling and analysis of health care professionals’ security practices can be conducted with the PSC framework by combining methods of statistical survey, observations, and interviews in relation to PSC variables, such as perceptions (perceived benefits, perceived threats, and perceived barriers) or psychological traits, social factors, cultural factors, and social demographics.

12 citations

Proceedings ArticleDOI
17 Aug 2021
TL;DR: In this paper, the authors examined the link between stress level and cybersecurity practices among hospital employees in Indonesia by surveying 99 hospital workers and found that hospital worker's higher stress levels correlate significantly with riskier cybersecurity practices.
Abstract: Since healthcare information systems have many important data that can attract many adversaries, it is important to take the right steps to prevent data breaches. Recent studies suggested that 85% of breaches involved a human element and the frequent patterns used are social engineerings. Therefore, many studies focus on making a better understanding of human behavior in cybersecurity and the factors that affect cybersecurity practices. However, there are only a few peer-reviewed studies that focus on the link between stress level and cybersecurity practices. In this study, we examined the link between stress level and cybersecurity practices among hospital employees in Indonesia by surveying 99 hospital workers. Perceived Stress Scale (PSS) was used to measure the employees’ stress level and a new scale to measure hospital staff’s risky cybersecurity practices was proposed. This study showed that both PSS and proposed cybersecurity practices scales are reliable with Cronbach’s α value of more than 0.7. The survey results also revealed that hospital worker’s higher stress levels correlate significantly with riskier cybersecurity practices (rs = 0.305, p

11 citations

Book ChapterDOI
03 Sep 2020
TL;DR: A systematic review was conducted to pinpoint appropriate AI methods and data sources that can be used for effective studies and found KNN, Bayesian Network and Decision Trees algorithms were mostly applied on Electronic Health Records (EHR) Logs and Network logs with varying input features of healthcare staffs’ security practices.
Abstract: Data breaches in healthcare continue to grow exponentially, calling for a rethinking into better approaches of security measures towards mitigating the menace. Traditional approaches including technological measures, have significantly contributed to mitigating data breaches but what is still lacking is the development of the “human firewall,” which is the conscious care security practices of the insiders. As a result, the healthcare security practice analysis, modeling and incentivization project (HSPAMI) is geared towards analyzing healthcare staffs’ security practices in various scenarios including big data. The intention is to determine the gap between staffs’ security practices and required security practices for incentivization measures. To address the state-of-the art, a systematic review was conducted to pinpoint appropriate AI methods and data sources that can be used for effective studies. Out of about 130 articles, which were initially identified in the context of human-generated healthcare data for security measures in healthcare, 15 articles were found to meet the inclusion and exclusion criteria. A thorough assessment and analysis of the included article reveals that, KNN, Bayesian Network and Decision Trees (C4.5) algorithms were mostly applied on Electronic Health Records (EHR) Logs and Network logs with varying input features of healthcare staffs’ security practices. What was found challenging is the performance scores of these algorithms which were not sufficiently outlined in the existing studies.

10 citations

Journal ArticleDOI
TL;DR: A survey of the existing literature on the application of attribute-based access control in e-health systems to understand the suitability of ABAC for e- health systems and the possibility of using ABAC access logs for observing, modelling and analysing security practices of healthcare professionals.
Abstract: In recent years, there has been an increase in the application of attribute-based access control (ABAC) in electronic health (e-health) systems. E-health systems are used to store a patient’s electronic version of medical records. These records are usually classified according to their usage i.e., electronic health record (EHR) and personal health record (PHR). EHRs are electronic medical records held by the healthcare providers, while PHRs are electronic medical records held by the patients themselves. Both EHRs and PHRs are critical assets that require access control mechanism to regulate the manner in which they are accessed. ABAC has demonstrated to be an efficient and effective approach for providing fine grained access control to these critical assets. In this paper, we conduct a survey of the existing literature on the application of ABAC in e-health systems to understand the suitability of ABAC for e-health systems and the possibility of using ABAC access logs for observing, modelling and analysing security practices of healthcare professionals. We categorize the existing works according to the application of ABAC in PHR and EHR. We then present a discussion on the lessons learned and outline future challenges. This can serve as a basis for selecting and further advancing the use of ABAC in e-health systems

7 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: In this article, the authors propose a framework for Congress to craft new and more effective legislation dealing with employee monitoring, and classify the top contemporary monitoring practices into four categories designed to balance employee privacy with enterprise protection -protection that occurs in the form of completing business transactions, protecting the company from liability and conducting or assisting in internal and external investigations.
Abstract: The twenty-first century continues to usher in new and increasingly-powerful technology. This technology is both a blessing and a curse in the employment arena. Sophisticated monitoring software and hardware allow businesses to conduct basic business transactions, avoid liability, conduct investigations and, ultimately, achieve success in a competitive global environment. Employees can also benefit when monitoring provides immediate feedback, keeps the workforce efficient and focused and discourages unethical/illegal behavior. The same technology, however, allows employers to monitor every detail of their employees’ actions, communications and whereabouts both inside and outside the workplace. As more and more employers conduct some form of monitoring, the practice will shortly become ubiquitous. This trend is problematic because excessive and unreasonable monitoring can: (1) invade an employee’s reasonable expectation of privacy, (2) lead employees to sneak around to conduct personal activities on work time, (3) lower morale, (4) cause employees to complain and, potentially, quit and (5) cause employees to fear using equipment even for benign work purposes.The American legal system’s effort to protect employee privacy is a patchwork of federal and state laws combined with the common law tort of intrusion upon seclusion. his regime is not properly equipped to defend against excessive invasions of privacy that come from increasingly-sophisticated monitoring practices. This article analyzes the problems with the current monitoring regime, evaluates the top contemporary monitoring techniques and proposes a framework around which Congress can craft new and more effective legislation dealing with employee monitoring. This framework classifies the top contemporary monitoring practices into four categories designed to balance employee privacy with enterprise protection - protection that occurs in the form of completing business transactions, protecting the company from liability and conducting or assisting in internal and external investigations. The categories form a sliding scale able to dictate the minimum amount of monitoring necessary to achieve the enterprise protection sought by management without excessively invading employee privacy.

38 citations

Journal ArticleDOI
TL;DR: A hybrid framework using Deep Learning named “ImmuneNet” to recognize the latest intrusion attacks and defend healthcare data is proposed, which is comparatively better and up-to-date than other existing approaches in classifying between requests that are normal, intrusion, and other cyber attacks.
Abstract: The unbounded increase in network traffic and user data has made it difficult for network intrusion detection systems to be abreast and perform well. Intrusion Systems are crucial in e-healthcare since the patients' medical records should be kept highly secure, confidential, and accurate. Any change in the actual patient data can lead to errors in the diagnosis and treatment. Most of the existing artificial intelligence-based systems are trained on outdated intrusion detection repositories, which can produce more false positives and require retraining the algorithm from scratch to support new attacks. These processes also make it challenging to secure patient records in medical systems as the intrusion detection mechanisms can become frequently obsolete. This paper proposes a hybrid framework using Deep Learning named “ImmuneNet” to recognize the latest intrusion attacks and defend healthcare data. The proposed framework uses multiple feature engineering processes, oversampling methods to improve class balance, and hyper-parameter optimization techniques to achieve high accuracy and performance. The architecture contains <1 million parameters, making it lightweight, fast, and IoT-friendly, suitable for deploying the IDS on medical devices and healthcare systems. The performance of ImmuneNet was benchmarked against several other machine learning algorithms on the Canadian Institute for Cybersecurity's Intrusion Detection System 2017, 2018, and Bell DNS 2021 datasets which contain extensive real-time and latest cyber attack data. Out of all the experiments, ImmuneNet performed the best on the CIC Bell DNS 2021 dataset with about 99.19% accuracy, 99.22% precision, 99.19% recall, and 99.2% ROC-AUC scores, which are comparatively better and up-to-date than other existing approaches in classifying between requests that are normal, intrusion, and other cyber attacks.

14 citations

Proceedings ArticleDOI
01 Dec 2019
TL;DR: A comprehensive Healthcare Security Practice Analysis, Modeling and Incentivization (HSPAMI) framework was proposed for analyzing healthcare staffs’ security practices in a comprehensive way.
Abstract: Healthcare professionals are often the weakest link in the security chain, which is contributing to data breaches in the healthcare sector. A number of reasons account for this. Technological countermeasures for cyber defenses have been heightened and the adversaries tend to exploit easy entry points. Besides, healthcare staffs are usually occupied by their core duty of healthcare provison with little experience in information security.With a Design Science Approach (DSA), observational measures for effective profiling of healthcare staffs were developed. Regulations and security standards such as the Code of Conduct, General Data Protection Regulation (GDPR) of European Union (EU), ISO 7799, and other Norwegian Acts and regulations for personal data protection, were reviewed for the observational measures. A comprehensive Healthcare Security Practice Analysis, Modeling and Incentivization (HSPAMI) framework was proposed for analyzing healthcare staffs’ security practices in a comprehensive way.

13 citations

Journal ArticleDOI
09 Jun 2021
TL;DR: In this article, the authors developed a comprehensive framework for modeling and analyzing health care professionals' information security practices related to their individual characteristics, such as their psychological, social, and cultural traits.
Abstract: Background: Data breaches in health care are on the rise, emphasizing the need for a holistic approach to mitigation efforts. Objective: The purpose of this study was to develop a comprehensive framework for modeling and analyzing health care professionals’ information security practices related to their individual characteristics, such as their psychological, social, and cultural traits. Methods: The study area was a hospital setting under an ongoing project called the Healthcare Security Practice Analysis, Modeling, and Incentivization (HSPAMI) project. A literature review was conducted for relevant theories and information security practices. The theories and security practices were used to develop an ontology and a comprehensive framework consisting of psychological, social, cultural, and demographic variables. Results: In the review, a number of psychological, social, and cultural theories were identified, including the health belief model, protection motivation theory, theory of planned behavior, and social control theory, in addition to some social demographic variables, to form a comprehensive set of health care professionals’ characteristics. Furthermore, an ontology was developed from these theories to systematically organize the concepts. The framework, called the psychosociocultural (PSC) framework, was then developed from the various combined psychological and sociocultural attributes of the ontology. The Human Aspect of Information Security Questionnaire was adopted as a comprehensive tool for gathering staff security practices as mediating variables in the framework. Conclusions: Data breaches occur often in health care today. This frequency has been attributed to the lack of experience of health care professionals in information security, the lack of development of conscious care security practices, and the lack of motivation to incentivize health care professionals. The frequent data breaches in health care threaten the mutual trust between health care professionals and patients, which implicitly impacts the quality of the health care service. The modeling and analysis of health care professionals’ security practices can be conducted with the PSC framework by combining methods of statistical survey, observations, and interviews in relation to PSC variables, such as perceptions (perceived benefits, perceived threats, and perceived barriers) or psychological traits, social factors, cultural factors, and social demographics.

12 citations

Proceedings ArticleDOI
24 May 2021
TL;DR: In this article, the authors propose HoneyGen, a practical and highly robust HGT that produces realistic looking honeywords by leveraging representation learning techniques to learn useful and explanatory representations from a massive collection of unstructured data, i.e., each operator's password database.
Abstract: Honeywords are false passwords injected in a database for detecting password leakage. Generating honeywords is a challenging problem due to the various assumptions about the adversary's knowledge as well as users' password-selection behaviour. The success of a Honeywords Generation Technique (HGT) lies on the resulting honeywords; the method fails if an adversary can easily distinguish the real password. In this paper, we propose HoneyGen, a practical and highly robust HGT that produces realistic looking honeywords. We do this by leveraging representation learning techniques to learn useful and explanatory representations from a massive collection of unstructured data, i.e., each operator's password database. We perform both a quantitative and qualitative evaluation of our framework using the state-of-the-art metrics. Our results suggest that HoneyGen generates high-quality honeywords that cause sophisticated attackers to achieve low distinguishing success rates.

12 citations