Securing software systems in the health care domain
MetadataVis full innførsel
Cloud computing is a continuously emerging technology of which new areas of utilization is adopted. Among these, medical sensor networks are increasingly used for purposes like remote monitoring of the health condition of patients in their own homes. As healthcare data are characterized as sensitive personal data, there are many security and privacy issues that are essential to address. Currently, cloud consumers find it difficult to assess these issues. In order to assist cloud consumers in managing the security risks associated with the cloud, this thesis created a security checklist that can be utilized for assessing the security and privacy risks of a cloud service. The resulting checklist consists of 35 security requirements formulated as questions that a consumer can ask a potential provider, to discover the security offered for a cloud service. The security checklist was applied to a cloud-based healthcare service, to evaluate the extent of which it manages to encompass the main security and privacy issues of this service. The results of the evaluation revealed that the most important security and privacy issues are covered by the checklist. However, it is not detailed enough to guarantee that protection of data in the cloud service is sufficiently implemented. Hence, the security checklist is reliable as guidance for a cloud consumer to utilize for discovering the overall security protection offered for a cloud service.