Rabiah Ahmad

Security threats categories in healthcare information systems

This article attempts to investigate the various types of threats that exist in healthcare information systems (HIS). A study has been carried out in one of the government-supported hospitals in Malaysia.The hospital has been equipped with a Total Hospital Information System (THIS). The data collected were from three different departments, namely the Information Technology Department (ITD), the Medical Record Department (MRD), and the X-Ray Department, using in-depth structured interviews. The study identified 22 types of threats according to major threat categories based on ISO/IEC 27002 (ISO 27799:2008). The results show that the most critical threat for the THIS is power failure followed by acts of human error or failure and other technological factors. This research holds significant value in terms of providing a complete taxonomy of threat categories in HIS and also an important component in the risk analysis stage.

A secure audio steganography approach

A wide range of steganography techniques has been described in this paper. Beside the evaluation of embedding parameters for the existing techniques, two problems -weaknesses- of substitution techniques are investigated which if they could be solved, the large capacity - strength- of substitution techniques would be practical. Furthermore, a novel, principled approach to resolve the problems is presented. Using the proposed genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness.

Surveying the Wireless Body Area Network in the realm of wireless communication

Advances in wireless communication technologies and sensors have empowered development of Wireless Body Area Network (WBAN). The wireless nature of network and variety of sensors offer numerous new, practical and innovative applications to improve health monitoring and other health care applications system. In the past few years, many researches focused on building system architecture of health monitoring to improve the technical requirement specifically designed for WBAN. However, as part of communication medium, WBAN faces with various security issues such as loss of data, authentication and access control. Less research were found in providing strong security system in WBAN. Throughout this study, we believe that WBAN can provide various applications including medical and non-medical. In this paper, we present an overview of body area network and their related issues emphasis in security problem. We also provide the differences between Wireless Body Area Network and Wireless Sensor Network (WSN) that is inadequate to apply in WBAN although some challenges faced by WBAN are in many ways similar to WSN. Finally, we highlight security challenges that still need to be addressed to make WBAN truly ubiquitous for a wide range of applications.

An approach to improve the robustness of substitution techniques of audio steganography

Steganography is a technique used to transmit hidden information by modifying an audio signal in an imperceptible manner. The transmission must be possible in spite of subsequent imperceptible alterations (attacks) of the modified signal. We propose a novel approach of substitution technique of audio steganography. Using genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness. The robustness specially would be increased against those intentional attacks which try to reveal the hidden message and also some unintentional attacks like noise addition as well.

Robust audio steganography via genetic algorithm

Steganography is a technique used to transmit hidden information by modifying an audio signal in an imperceptible manner. The transmission must be possible in spite of subsequent imperceptible alterations (attacks) of the modified signal. We propose a novel approach of substitution technique of audio steganography. Using genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness. The robustness specially would be increased against those intentional attacks which try to reveal the hidden message and also some unintentional attacks like noise addition as well.

A conceptual framework of info structure for information security risk assessment (ISRA)

Information security has become a vital entity to most organizations today due to current trends in information transfer through a borderless and vulnerable world. The concern and interest in information security is mainly due to the fact that information security risk assessment (ISRA) is a vital method to not only to identify and prioritize information assets but also to identify and monitor the specific threats that an organization induces; especially the chances of these threats occurring and their impact on the respective businesses. However, organizations wanting to conduct risk assessment may face problems in selecting suitable methods that would augur well in meeting their needs. This is due to the existence of numerous methodologies that are readily available. However, there is a lack in agreed reference benchmarking as well as in the comparative framework for evaluating these ISRA methods to access the information security risk. Generally, organizations will choose the most appropriate ISRA method by carrying out a comparative study between the available methodologies in detail before a suitable method is selected to conduct the risk assessment. This paper suggests a conceptual framework of info-structure for ISRA that was developed by comparing and analysing six methodologies which are currently available. The info-structure for ISRA aims to assist organizations in getting a general view of ISRA flow, gathering information on the requirements to be met before risk assessment can be conducted successfully. This info-structure can be conveniently used by organizations to complete all the required planning as well as the selection of suitable methods to complete the ISRA.

A Novel Approach for Audio Watermarking

This paper presents a novel, principled approach to resolve the remained problems of substitution technique of audio watermarking. Using the proposed genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness. The robustness specially would be increased against those intentional attacks which try to reveal the hidden message and also some unintentional attacks like noise addition as well.

Safeguarding Malaysia's critical national information infrastructure (CNII) against cyber terrorism: Towards development of a policy framework

Critical National Information Infrastructure (CNII) is crucial to the survivability of a nation. The destruction or disruption of these systems and communication networks would significantly affect the economic strength, image, defense and security, government capabilities to function, and public health and safety. CNII would probably become an attractive target for terrorists as the result of cyber attacks could leave the nation with difficult conditions due to the disruption of critical services. This paper provides an overview on the concept and fundamental elements of cyber terrorism. This paper also highlights the cyber security policy initiatives as a guideline for the development of the policy framework. This paper further recommends the need of policy development addressing the protection of CNII from cyber terrorism activities specifically for Malaysia.

Genetic Audio Watermarking

This paper presents a novel, principled approach to resolve the remained problems of substitution technique of audio watermarking. Using the proposed genetic algorithm, message bits are embedded into multiple, vague and higher LSB layers, resulting in increased robustness. Substitution techniques have naturally high capacity, but two major problems, having low robustness and transparency, negate the advantage. The robustness specially would be increased against those intentional attacks which try to reveal the hidden message and also some unintentional attacks like noise addition as well.

Forensics readiness for Wireless Body Area Network (WBAN) system

Wireless Body Area Network (WBAN) is a wireless network that can be attached or implanted onto the human body by using wireless sensor. Since WBAN developed for medical devices, the system should be design for a wide range of end user with different professional skill groups. This require WBAN system to be open, accurate and efficient. As from our previous experienced, any open system is vulnerable, similar to any other current available wireless systems such as Wireless Local Area Network (WLAN). However, currently there were not many discussions on the WBAN security vulnerability and security threats and if there is any, the issues were discussed through theoretical, concept and simulation data. In this paper, we discuss potential WBAN security vulnerability and threats using Practical Impact Assessment (PIA) conducted in real environment so that we are able to identify the problem area in details and develop potential solutions to produce a forensics readiness secure network architecture for WBAN system.