Shawon Rahman

George W. Jackson,, Shawon Rahman

As device interconnectivity and ubiquitous computing continues to proliferate healthcare, the Medical Internet of Things (MIoT), also well known as the, Internet of Medical Things (IoMT) or the Internet of Healthcare Things (IoHT), is certain to play a major role in the health, and well-being of billions of people across the globe. When it comes to issues of cybersecurity risks and threats connected to the IoT in all of its various flavors the emphasis has been on technical challenges and technical solution. However, especially in the area of healthcare there is another substantial and potentially grave challenge. It is the challenge of thoroughly and accurately communicating the nature and extent of cybersecurity risks and threats to patients who are reliant upon these interconnected healthcare technologies to improve and even preserve their lives. This case study was conducted to assess the scope and depth of cybersecurity risk and threat communications delivered to an extremely vulnerable patient population, semi-structured interviews were held with cardiac medical device specialists across the United States. This research contributes scientific data in the field of healthcare cybersecurity and assists scholars and practitioners in advancing education and research in the field of MIoT patient communications.

Margie Todd, Shawon Rahman

The purpose of this paper is to present a comprehensive budget conscious security plan for smaller enterprises that lack security guidelines.The authors believe this paper will assist users to write an individualized security plan. In addition to providing the top ten free or affordable tools get some sort of semblance of security implemented, the paper also provides best practices on the topics of Authentication, Authorization, Auditing, Firewall, Intrusion Detection & Monitoring, and Prevention. The methods employed have been implemented at Company XYZ referenced throughout

Marc Rader, Shawon Rahman

Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure. These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most organizations rely on training to mitigate and reduce risk of non-technical attacks such as social engineering. Organizations lump IA training into small modules that personnel typically rush through because the training programs lack enough depth and creativity to keep a trainee engaged. The key to retaining knowledge is making the information memorable. This paper describes common and emerging attack vectors and how to lower and mitigate the associated risks.

DJ Neal, Shawon Rahman

A high-resolution video surveillance management system incurs huge amounts of storage and network bandwidth. The current infrastructure required to support a high resolution video surveillance management system (VMS) is expensive and time consuming to plan, implement and maintain. With the recent advances in cloud technologies, opportunity for the utilization of virtualization and the opportunity for distributed computing techniques of cloud storage have been pursued on the basis to find out if the various cloud computing services that are available can support the current requirements to a high resolution video surveillance management system. The research concludes, after investigating and comparing various Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) cloud computing provides what is possible to architect a VMS using cloud technologies; however, it is more expensive and it will require additional reviews for legal implications, as well as emerging threats and countermeasures associated with using cloud technologies for a video surveillance management system

Karen Benson, Shawon Rahman

Inherent in any organization are security risks and barriers that must be understood, analyzed, and minimized in order to prepare for and perpetuate future growth and return on investment within the business. Likewise, company leaders must determine the security health of the organization and routinely review the potential threats that are ever changing in this new global economy. Once these risks are outlined, the cost and potential damage must be weighed before action is implemented. This paper will address the modern problems of securing information technology (IT) of a mechanical engineering enterprise, which can be applied to other modern industries.

Lee Rice, Shawon Rahman

The need for information security within small to mid-size companies is increasing. The risks of information security breach, data loss, and disaster are growing. The impact of IT outages and issues on the company are unacceptable to any size business and their clients. There are many ways to address the security for IT departments. The need to address risks of attacks as well as disasters is important to the IT security policies and procedures. The IT departments of small to medium companies have to address these security concerns within their budgets and other limited resources.Security planning, design, and employee training that is needed requires input and agreement from all levels of the company and management. This paper will discuss security needs and methods to implement them into a corporate infrastructure.

Kimmarie Donahue, Shawon Rahman

Healthcare Information Technology (IT) has made great advances over the past few years and while these advances have enable healthcare professionals to provide higher quality healthcare to a larger number of individuals it also provides the criminal element more opportunities to access sensitive information, such as patient protected health information (PHI) and Personal identification Information (PII). Having an Information Assurance (IA) programallows for the protection of information and information systems and ensures the organization is in compliance with all requires regulations, laws and directive is essential. While most organizations have such a policy in place, often it is inadequate to ensure the proper protection to prevent security breaches. The increase of data breaches in the last few years demonstrates the importance of an effective IA program. To ensure an effective IA policy, the policy must manage the operational risk, including identifying risks, assessment and mitigation of identified risks and ongoing monitoring to ensure compliance

Kathleen Jungck, Shawon Rahman

Businesses have become dependent on ever increasing amounts of electronic information and rapid transaction speeds. Experts such as Diffie speculate that the end of isolated computing is at hand, and that within the next decade most businesses will have made the shift to utility computing. In order to cut costs while still implementing increasingly complex Information Technology services, many companies turned to Application Service Providers (ASPs). Due to poor business models, over competition, and poor internet availability and bandwidth, many ASPs failed with the dot com crash. Other ASPs, however, who embraced web services architecture and true internet delivery were well placed as early cloud adopters. With the expanded penetration and bandwidth of internet services today, better business plans, and a wide divergence of offering, cloud computing is avoiding the ASP downfall, and is positioned to emerge as an enduring paradigm in computing

Charles DeVoe, Shawon Rahman

Most small to medium health care organizations do not have the capability to address cyber incidents within the organization. Those that do are poorly trained and ill equipped. These health care organizations are subject to various laws that address privacy concerns, proper handling of financial information, and Personally Identifiable Information. Currently an IT staff handles responses to these incidents in an Ad Hoc manner. A properly trained, staffed, and equipped Cyber Incident Response Team is needed to quickly respond to these incidents to minimize data loss, and provide forensic data for the purpose of notification, disciplinary action, legal action, and to remove the risk vector. This paper will use the proven Incident Command System model used in emergency services to show any sized agency can have an adequate CIRT