Vivek Agrawal

Security and Privacy Issues in Wireless Sensor Networks for Healthcare

Background –The design and development of wearable sensors enable user to monitor physiological data using wireless sensor networks (WSNs) in healthcare. Problem –healthcare applications based on WSNs are not addressing security and privacy issues. Effect –A healthcare system using a sensor network can subject to the privacy breach of the patients as the sensitive data may be exposed to a malicious party. Serious security threats might compromise the healthcare service, disabling patients to avail healthcare facilities. Contribution –(a) An overview of the status of security requirements in various WSNs healthcare application. (b) An overview of potential security and privacy threats that can compromise the normal functionality of a WSNs healthcare system. (c) We also present a study on the existing security mechanisms to safeguard WSNs healthcare system.

Factors Affecting the Willingness to Share Knowledge in the Communities of Practice

The purpose of this study is to investigate various factors that can affect the willingness of the IT professionals in Norway to share their knowledge in the open communities of practice. The study is conducted through an online survey among the IT professionals working in Norway. The findings of the study present various factors that increase or decrease the willingness to share knowledge on open communities of practice. These factors are further explained with the help of the descriptive theories. The findings of this study are useful to get the initial insight into the determinants that influence the willingness to share knowledge on the communities of practice.

Factors Influencing the Participation of Information Security Professionals in Electronic Communities of Practice

The purpose of this study is to contribute to a better understanding of the current status of the participation of the information security professionals (ISPs) in the electronic communities of practice (eCoP) in the information security (IS) domain in Norway. An online survey is conducted with 56 ISPs working in Norway to investigate this issue. This study used the logistic regression as a statistical technique to formulate the results and findings. The probability of an ISP being a user of eCoP is tested with demographic data, nature of the job, and the knowledge sharing preference. Furthermore, the determinants of the knowledge sharing theories, i.e., the theory of planned behavior, the motivation theory, and perceived trust theory are used to test our statistical model. The findings of this study are useful to get the initial insight into the determinants that influence the participation of ISPs in eCoP in Norway.

CIRA Perspective on Risks Within UnRizkNow — A Case Study

UnRizkNow is a community of practice for cyber security practitioners in Norway. It is imperative for the establishment of UnRizkNow to identify the underlying risks that can affect the normal operation of the community. This paper presents a study to carry out a risk assessment of UnRizkNow CoP using conflicting incentives risk analysis (CIRA) method. The main contribution of this research work is to identify and analyze the risks that can be obtained from the conflicts in the incentives of members and organizer in UnRizkNow. This paper also presents risk treatment plan regarding incentives as suggested by CIRA method. The findings of this study are helpful to establish UnRizkNow community, and also for the researchers who want to analyze human risks in a system.

A Framework for the Information Classification in ISO 27005 Standard

Information Security Risk Management (ISRM) process involves several activities to conduct a risk management (RM) task in an organization. ISRM activities require access to various information related to the organization. An organization often needs to share information related to an ISRM process with the stakeholders involved in the activity. Therefore, it is important to manage the information which is critical to the operations of the organization. The presence of an information classification scheme can enable the proper handling of the information involved in the RM task. We selected ISO/IEC27005:2011 risk management standard to assess various information generated during the process of applying this standard in an organization. The purpose of this study is to propose a framework to show various information objects involved in ISO27005 risk management standard and classify the information based on the guideline provided by UNINETT scheme. A case scenario of a health clinic is developed to identify ISRM related information objects using the proposed framework and classify the information using UNINETT scheme.

UnRizkNow: An open electronic community of practice for information security professionals

We are establishing UnRizkNow as the open electronic community of practice (eCoP) for information security practitioners (ISP) working in Norway. UnRizkNow will aim to solve the challenges faced by the ISP in the information security domain. The purpose of this study is to analyze the factors that are essential to design UnRizkNow community. A research model based on purpose, motivation, facilitating condition, and preference to share knowledge in the electronic platforms is proposed in the study. Furthermore, an online questionnaire is developed based on the elements of the proposed research model to collect responses from the ISP affiliated with ISACA Norway. We analyzed the responses collected through the online survey to extract the most desirable features of UnRizkNow community. We incorporated the following features into UnRizkNow: a) the information available in the community is easy to search, b) the updated information can be easily accessed, c) verify the information is coming from a reliable member, d) The information is relevant to the problem/ concern of the member, e) useful information can be collected at the same place. The designed features of UnRizkNow will be helpful for ISP to share knowledge effectively.

Secure migration to the cloud—In and out

This chapter describes the aspects to be considered for a small enterprise to transfer in-house computing to a Cloud Service Provider (CSP). The migration strategy and the accompanying measures are described citing an example of a small lawyer-office. This includes the security aspects and policy, privacy concerns, interoperability and strategic and legal aspects. Moving in-house computing to a CSP leads to a strong dependability of the customer to the CSP (Vendor lock-in). The issue of lock-in is described, and a 5-Phase-Migration-Model into the cloud is introduced to avoid lock-in and keep the flexibility for the customer.