Limits...
Video calls from lay bystanders to dispatch centers - risk assessment of information security.

Bolle SR, Hasvold P, Henriksen E - BMC Health Serv Res (2011)

Bottom Line: A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability.Twenty security threats of different risk levels were identified and analyzed.Solutions were proposed to reduce the risk level.

View Article: PubMed Central - HTML - PubMed

Affiliation: Norwegian Centre for Integrated Care and Telemedicine, University Hospital of North Norway, N-9038 Tromsø, Norway. stein.roald.bolle@telemed.no

ABSTRACT

Background: Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed.

Methods: Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability.

Results: Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level.

Conclusions: Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Show MeSH

Related in: MedlinePlus

The workflow of risk assessment according to the information security standard ISO/IEC 27005:2008.
© Copyright Policy - open-access
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC3198924&req=5

Figure 1: The workflow of risk assessment according to the information security standard ISO/IEC 27005:2008.

Mentions: Risk assessment is a systematic approach for describing and calculating risks of undesired events. We conducted risk assessment of information security related to the use of videoconference calls with mobile phones between lay bystanders and EMCCs during medical emergencies. Our risk assessment was based on the information security standard ISO/IEC 27005:2008 developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) [13]. In this standard, risk assessment is described as a process consisting of risk identification, risk estimation and risk evaluation. Risk assessment is performed after context establishment, and the process may be iterative (Figure 1).


Video calls from lay bystanders to dispatch centers - risk assessment of information security.

Bolle SR, Hasvold P, Henriksen E - BMC Health Serv Res (2011)

The workflow of risk assessment according to the information security standard ISO/IEC 27005:2008.
© Copyright Policy - open-access
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC3198924&req=5

Figure 1: The workflow of risk assessment according to the information security standard ISO/IEC 27005:2008.
Mentions: Risk assessment is a systematic approach for describing and calculating risks of undesired events. We conducted risk assessment of information security related to the use of videoconference calls with mobile phones between lay bystanders and EMCCs during medical emergencies. Our risk assessment was based on the information security standard ISO/IEC 27005:2008 developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) [13]. In this standard, risk assessment is described as a process consisting of risk identification, risk estimation and risk evaluation. Risk assessment is performed after context establishment, and the process may be iterative (Figure 1).

Bottom Line: A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability.Twenty security threats of different risk levels were identified and analyzed.Solutions were proposed to reduce the risk level.

View Article: PubMed Central - HTML - PubMed

Affiliation: Norwegian Centre for Integrated Care and Telemedicine, University Hospital of North Norway, N-9038 Tromsø, Norway. stein.roald.bolle@telemed.no

ABSTRACT

Background: Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed.

Methods: Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability.

Results: Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level.

Conclusions: Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Show MeSH
Related in: MedlinePlus