Prosper Yeng

Followers

Following

Public Views

Interests

Uploads

Papers by Prosper Yeng

Mapping the Psychosocialcultural Aspects of Healthcare Professionals’ Information Security Practices: Systematic Mapping Study (Preprint)

BACKGROUND Data breaches in health care are on the rise, emphasizing the need for a holistic appr... more BACKGROUND Data breaches in health care are on the rise, emphasizing the need for a holistic approach to mitigation efforts. OBJECTIVE The purpose of this study was to develop a comprehensive framework for modeling and analyzing health care professionals’ information security practices related to their individual characteristics, such as their psychological, social, and cultural traits. METHODS The study area was a hospital setting under an ongoing project called the Healthcare Security Practice Analysis, Modeling, and Incentivization (HSPAMI) project. A literature review was conducted for relevant theories and information security practices. The theories and security practices were used to develop an ontology and a comprehensive framework consisting of psychological, social, cultural, and demographic variables. RESULTS In the review, a number of psychological, social, and cultural theories were identified, including the health belief model, protection motivation theory, theory of p...

Download

Data-Driven Intrusion Detection System for Small and Medium Enterprises

2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), 2019

Download

Implementation of Cluster Detection Mechanism of Syndromic Surveillance System in EDMON

Background Early detection of disease outbreak has become a global challenge because existing dis... more Background Early detection of disease outbreak has become a global challenge because existing disease surveillance systems, ostensibly, appears not to be efficient enough. As a result, there still exists disease outbreaks such as Ebola, heatwaves, malaria and flu with high case fatality rates in some parts of the world. New disease surveillance methods are therefore being explored to enhance the disease outbreak detection capabilities for timely interventions. For this reason, Electronic Disease Monitoring Network (EDMON) was initiated. EDMON is an ongoing research in syndromic surveillance at University of Tromsø, The Arctic University of Norway. The broad goal of this project is to detect the spread of contagious dieses at the earliest possible moment, and potentially before people know that they have been infected thus as early as the incubation stage of infection. The results shall be visualized on real-time maps as well as presented in digital communication. The project uses self-recorded health related data from people with type-1 diabetes as input. The problem is that most syndromic surveillance systems do not detect disease outbreak as early enough. They detect outbreaks during or after visible symptoms stage of the infection which results in higher time lag. Therefore, health management is unable to manage the outbreaks early enough and this often lead to high disease burden. Appropriate algorithms were explored through systematic review towards the implementation of a cluster detection mechanism in EDMON. In this study, a Hybridge of K-nearness Neighbour (KNN) and Cumulative Summation (CUSUM) known as EDMON-Cluster, were proposed and explored to assess the dual combination ability to augment for the gap of loss of power to detect outbreaks in a geographically disaggregated data. Objective The main aim of EDMON-cluster was to implement and assess clustering methods of detecting infectious disease outbreak in EDMON. Specifically, spatial and temporal algorithms were hybridized in the implementation and their performance of detection such as sensitivity, specificity and timeliness were evaluated. Various challenges such as privacy and security, geographical location estimation and visualization were considered. Materials and Methods Synthetic or simulated data was generated to consist of required parameters such as infected Individuals' detections, geolocations and respective time stamp of occurrences. Synthetic dataset of

Download

E-leccions gener@ls 2008: l’ús de les noves tecnologies en la campanya electoral

An Efficient Symmetric Cipher Algorithm for Data Encryption

---------------------------------------------------------------------***-------------------------... more ---------------------------------------------------------------------***-------------------------------------------------------------------Abstract-This paper presents an efficient algorithm for a symmetric cipher named, “YC1” that employs key spaces of varying lengths to encrypt and decrypt a plain text. Information Technology plays a very pivotal role in our businesses such as accomplishing complex tasks, speedy processing and many others but one very challenging concern today has to do with security in data communications. Data security in databases can be maintained by conventional methods even though malicious attackers can intercept the message or information and use them for ill-intentioned purposes. Therefore there is the need to effectively apply encryption and decryption techniques to enhance security in either stored data or data in transition. Cryptographic components are considered to be highly resistant to cryptanalysis if the right techniques or algorithms are employed. “YC1” elegantly employs the principles of bit rotation in its construction process. The bitwise operators (bit shift left, bit shift right and bitwise OR operators), modular and basic arithmetic which are crucial concepts were also employed. The traditional system development life cycle (SDLC) methodology was adopted in developing YC1.

Workflow-based anomaly detection using machine learning on electronic health records’ logs: A Comparative Study

2020 International Conference on Computational Science and Computational Intelligence (CSCI)

Timely access to patients’ healthcare records is very essential. As a result, broad access to EHR... more Timely access to patients’ healthcare records is very essential. As a result, broad access to EHR is mostly provided to users in efforts towards complying with the availability trait of the CIA. However, this opens up the system for abuse and misuse. This paper, therefore, analyzed the workflows of healthcare staff’s security practices in electronic health records (EHR) logs to determine anomalous security practices. Different classification types of machine learning algorithms were used. The EHR logs were simulated based on healthcare workflow scenarios. A number of machine learning algorithms were used to analyze the logs for deviations of accesses from the workflow. Based on the analysis results, all of the machine learning methods generally obtained a very good performance. The best performance on the non-normalized dataset is achieved by the Logistic Regression method with accuracy, precision, recall, and F1 value of 0.998, 0.849, 0.978, and0.909 respectively while Random Forest obtained the best result on Normalized data with accuracy, precision, recall, and F1 value of 0.998, 0.867, 0.836, and 0.851 respectively. It however remains challenging to detect malicious security practice if a malicious actor follows the workflow to access healthcare records with legitimate access right.

Investigating into phishing risk behaviour among healthcare staff: The phish or the patient? (Preprint)

BACKGROUND Through phishing attacks, the memory of the negative impact of security breaches in he... more BACKGROUND Through phishing attacks, the memory of the negative impact of security breaches in healthcare will remain with the inflicted for long. The healthcare sector is mostly associated with time sensitivity and the urgency to access patients’ records, especially during emergency situations. This creates a sense of force for management to opt for a ransom payment. Phishing is one of the less difficult ways to circumvent sophisticated technical security measures and it is used to exploit the psychological and other factors of the healthcare system users to succeed in the ransomware attack. OBJECTIVE Motivated by these, this study empirically examined the phishing susceptibility level among healthcare staff in Ghana. The study seeks to determine phishing appraisal threat levels among healthcare staff as well as their ability to resist phishing baits. Such knowledge would help hospital authorities to adopt better strategies to improve upon the security practice of the healthcare st...

Mapping the Psychosocialcultural Aspects of Healthcare Professionals’ Information Security Practices: Systematic Mapping Study

JMIR Human Factors

Background Data breaches in health care are on the rise, emphasizing the need for a holistic appr... more Background Data breaches in health care are on the rise, emphasizing the need for a holistic approach to mitigation efforts. Objective The purpose of this study was to develop a comprehensive framework for modeling and analyzing health care professionals’ information security practices related to their individual characteristics, such as their psychological, social, and cultural traits. Methods The study area was a hospital setting under an ongoing project called the Healthcare Security Practice Analysis, Modeling, and Incentivization (HSPAMI) project. A literature review was conducted for relevant theories and information security practices. The theories and security practices were used to develop an ontology and a comprehensive framework consisting of psychological, social, cultural, and demographic variables. Results In the review, a number of psychological, social, and cultural theories were identified, including the health belief model, protection motivation theory, theory of p...

Download

A Comprehensive Assessment of Human Factors in Relation to Cyber Security Compliance of Healthcare Staff in a Paperless Hospital

Recent reports have it that over 85\% of data breaches are still caused by the human element, of ... more Recent reports have it that over 85\% of data breaches are still caused by the human element, of which healthcare is one of the suitable organizations mostly targeted by cybercriminals. The work of healthcare staff is often associated with high workloads, high emergency cases, and a broad range of psychological, social, and cultural factors. The significance of these factors could undermine conscious care information security (IS) practice leading to serious violations. This study comprehensively examined the correlation between the psycho-social-cultural factors, work factors with IS and privacy behaviour in a hospital that has fully adopted electronic health records (EHR) management system. The findings are to facilitate the decision-making process towards improving the cyber-security practice in healthcare. A quantitative approach was adopted where we collected responses from 212 healthcare staff through an online questionnaire survey. A broad range of constructs was selected fro...

Download

Assessing the effect of human factors in healthcare cyber security practice: An empirical study

25th Pan-Hellenic Conference on Informatics, 2021

In recent times, the human element plays a major role in the surge of data breaches in healthcare... more In recent times, the human element plays a major role in the surge of data breaches in healthcare. As a result, we hypothesized that there are gaps between the information security (IS) practices of the healthcare staff and the security policies. We further opined that if there are gaps, the causes could be culminating from poor work factors, personality, psychological, social and cultural perception issues. As a result, a survey was conducted with three departments in a typical hospital to assess a broad range of these factors. From the study results, the healthcare staff’ IS knowledge and their self reported IS conscious care behaviour (ISCCB) showed a gap in their security practices. About half of the respondents’ responses were in a higher risk region. In exploring for the reasons for these gaps, Workload showed a negative significant correlation (r=-0.346, p-value= 0.05) with information security-conscious care behaviour(ISCCB) risk and perceived barrier risk (r=-.363, pvalue=0.05). But, the hospital information security culture showed negative significant correlation with perceived vulnerability (r=-0.316, pvalue= 0.05), cues to action (r=-0.508,pvalue=0.01), and punishment severity (r=-0.425, pvalue=0.05). Based on the findings of this study, some intrinsic and extrinsic motivational factors can be explored to improve the security perceptions, and security culture of the hospital if causality is established.

A scoping review of Legal Aspect of Information Security Requirement in healthcare: A Benchmark for Assessing the Security Practice in hospitals (Preprint)

<sec> <title>BACKGROUND</title> The loss of human lives from cyber-att... more <sec> <title>BACKGROUND</title> The loss of human lives from cyber-attacks in healthcare is no longer a probabilistic quantification but a reality which has begun. Additionally, the threat scope has expanded to involve threat of National security among others, resulting in surging data breaches within the healthcare sector. For that matter, there have been provisions of various legislations, regulations, and information security governance tools such as policies, standards and directives towards enhancing healthcare information security conscious care behavior among users. But in a research scenario where these required security practices are needed to be compared with ongoing security practices in healthcare, where can the security requirements pertaining to healthcare be obtained in a comprehensive way? Which of the requirements need more concentration of management, end users or both? </sec> <sec> <title>OBJECTIVE</title> The objective of this paper is therefore to systematically identify, assess and analyze the state-of-the-art information security requirements in healthcare. These requirements were used to develop a framework to serve as a yardstick for measuring the security practice of healthcare staff. </sec> <sec> <title>METHODS</title> A scoping review was adopted to identify the information security requirement sources within healthcare in Norway, Indonesia, and Ghana. A literature search was conducted in Scopus, PubMed, Google scholar, IEEE Explore and other sources such as legal, regulations, directive, policy and code of conduct related databases of Norway/EU, Indonesia and Ghana. The identified sources were reported with a PRISMA diagram in terms of identification, screening eligibility and inclusion. </sec> <sec> <title>RESULTS</title> Out of a total of 180 security and privacy requirement sources which were initially identified, 122 of them were fully read by the authors. Subsequently, 74 of these requirement documents fully met the inclusion criteria which were access and analyzed. A total of 68 security and privacy requirements were identified in this work. The findings were then used to develop a framework to serve as a benchmark for modeling and analyzing healthcare security practice. </sec> <sec> <title>CONCLUSIONS</title> Legal requirements for analyzing healthcare security practice were comprehensively identified and analyzed. The finding was used to develop a framework of which the legal requirement serves as a benchmark for modeling and analyzing healthcare security practice. </sec>

A Framework for Quantum-Classical Cryptographic Translation

International Journal of Theoretical Physics, 2021

Quantum computing is the use of quantum-mechanical phenomena such as superposition and entangleme... more Quantum computing is the use of quantum-mechanical phenomena such as superposition and entanglement to perform computation. Quantum computers are believed to be able to solve certain computational problems , such as integer factorization significantly faster than classical computers. However, a lot of standardization is needed in the field of quantum and post-quantum computing as there is a lot of research ongoing and also due to the fact that NIST is currently reviewing proposed quantum cryptographic algorithms in a selection process. The dawn of quantum algorithms have arrived due to the emergence of quantum computing which could subsequently lead to a deprecation of classical cryptographic algorithms. Nevertheless, classical algorithms are still very useful and there is the need to bridge the gap between classical and quantum computing for the purposes of continuity and easy transfigurations. Reversible computing gives us the option of backtracking and reversibility, thus convincing some researchers as the future of computing. Currently, there is no simple model for converting quantum crypto to classical crypto and vice-versa. This paper proposes a theoretical framework for quantum-classical crypto program translation and vice-versa. The framework draws vital concepts and inspiration from the fields of classical computing, quantum computing and reversible computing. The model is detailed, implementable and is applicable to all quantum or classical programs and is presented for scientific action and examination.

Assessing the Legal Aspects of Information Security Requirements for Health Care in 3 Countries: Scoping Review and Framework Development

JMIR Human Factors, 2021

Background The loss of human lives from cyberattacks in health care is no longer a probabilistic ... more Background The loss of human lives from cyberattacks in health care is no longer a probabilistic quantification but a reality that has begun. In addition, the threat scope is also expanding to involve a threat of national security, among others, resulting in surging data breaches within the health care sector. For that matter, there have been provisions of various legislation, regulations, and information security governance tools such as policies, standards, and directives toward enhancing health care information security–conscious care behavior among users. Meanwhile, in a research scenario, there are no comprehensive required security practices to serve as a yardstick in assessing security practices in health care. Moreover, an analysis of the holistic view of the requirements that need more concentration of management, end users, or both has not been comprehensively developed. Thus, there is a possibility that security practice research will leave out vital requirements. Objecti...

A Systematic Review and Framework of Cluster Detection Mechanisms in Syndromic Surveillance: Towards Developing a Prototype of Cluster Detection Mechanism for EDMON System. (Preprint)

Time lag in detecting disease outbreaks remains a threat to global health security. Currently, ou... more Time lag in detecting disease outbreaks remains a threat to global health security. Currently, our research team is working towards a system called EDMON, which uses blood glucose level and other supporting parameters from people with type 1 diabetes, as indicator variables for outbreak detection. Therefore, this paper aims to pinpoint the state of the art cluster detection mechanism towards developing an efficient framework to be used in EDMON and other similar syndromic surveillance systems. Various challenges such as user mobility, privacy and confidentiality, geographical location estimation and other factors have been considered. To this end, we conducted a systematic review exploring different online scholarly databases. Considering peer reviewed journals and articles, literatures search was conducted between January and March 2018. Relevant literatures were identified using the title, keywords, and abstracts as a preliminary filter with the inclusion criteria and a full text review were done for literatures that were found to be relevant. A total of 28 articles were included in the study. The result indicates that various clustering and aberration detection algorithms have been developed and tested up to the task. In this regard, privacy preserving policies and high computational power requirement were found challenging since it restrict usage of specific locations for syndromic surveillance.

Download

Data-Driven and Artificial Intelligence (AI) Approach for Modelling and Analyzing Healthcare Security Practice: A Systematic Review

Advances in Intelligent Systems and Computing, 2020

Data breaches in healthcare continue to grow exponentially, calling for a rethinking into better ... more Data breaches in healthcare continue to grow exponentially, calling for a rethinking into better approaches of security measures towards mitigating the menace. Traditional approaches including technological measures, have significantly contributed to mitigating data breaches but what is still lacking is the development of the "human firewall," which is the conscious care security practices of the insiders. As a result, the healthcare security practice analysis, modeling and incentivization project (HSPAMI) is geared towards analyzing healthcare staffs' security practices in various scenarios including big data. The intention is to determine the gap between staffs' security practices and required security practices for incentivization measures. To address the state-of-the art, a systematic review was conducted to pinpoint appropriate AI methods and data sources that can be used for effective studies. Out of about 130 articles, which were initially identified in the context of human-generated healthcare data for security measures in healthcare, 15 articles were found to meet the inclusion and exclusion criteria. A thorough assessment and analysis of the included article reveals that, KNN, Bayesian Network and Decision Trees (C4.5) algorithms were mostly applied on Electronic Health Records (EHR) Logs and Network logs with varying input features of healthcare staffs' security practices. What was found challenging is the performance scores of these algorithms which were not sufficiently outlined in the existing studies.

Download

Adopting Vulnerability Principle as the Panacea for Security Policy Monitoring

International Journal of Advanced Computer Science and Applications, 2021

Despite the adoption of information security policies, many industries continue to suffer from th... more Despite the adoption of information security policies, many industries continue to suffer from the harm of noncompliance. Some of these harms include illegal disclosure of customers sensitive data, leakages of business trade secrets, and various kinds of cyber-attacks. The impact of such harm can be enormous.To avert this, monitoring the compliance of information security policies (otherwise known as use policies) have been adopted as a strategy towards enhancing security policy compliance. One of the main essence of use policy monitoring is to enhance security policy compliance so as to prevent harm. Ironically, the consequences of use policy monitoring can be detrimental. While proponents use utilitarianism ethics to argue that the monitoring of use policy is enhancing security policy compliance, the opponents of use policy skewed to deontological ethics to argue against the monitoring of security policy. Deontological ethics is of the view that monitoring of security policy intrudes on employees' privacy and tend to hamper on their work performance. There have not been any clear solution to this discourse. A survey was conducted to understand the extend of security policy monitoring. Vulnerability principle was therefore explored as the panacea towards enhancing the monitoring of use policy to satisfy all the involve stakeholders.

Download

Comparative analysis of machine learning methods for analyzing security practice in electronic health records’ logs

2020 IEEE International Conference on Big Data (Big Data), 2020

Electronic health records (EHR) consists of broad, numerous and erratic accesses through self-aut... more Electronic health records (EHR) consists of broad, numerous and erratic accesses through self-authorizations and "brake the glass" scenarios. This is to fulfil the availability aspect of the the CIA (confidentiality, integrity) due to the time sensitive nature in healthcare especially during health emergency situations. Adversaries can use this as opportunity to illegitimately access patients records, thereby, compromising the entire EHR system.To avert this, a comparative analysis of machine learning classification methods was conducted with simulated EHR logs. The methods which were compared are Multinomial Naive Bayes(multnb), Bernoulli Naive Bayes (bernnb), Support Vector Machine (svm), Neural Network (nn), K-Nearest Neighbours(knn), Logistic Regression (lr), Random Forest (rf), and Decision Tree (dt).The experiment results show that all of the machine learning models used in this work performed very well for the role classification task but, Decision Tree (dt) and Random Forrest (rf) obtained the best result among all of the methods with the same accuracy value of 0.889 on all three datasets. For the anomaly detection task, generally, our proposed approach obtained a high recall and accuracy but low precision and F1-score. Soft Classification approach performed better than the Hard Classification approach. The best performance was achieved with Bernoulli Naive Bayes with none normalised data, with an F1-score of 0.893.

Comparative Analysis of Software Development Methodologies for Security Requirement Analysis: Towards Healthcare Security Practice

Proceedings of the 13 th IADIS International Conference Information Systems 2020, 2020

Reducing time to market (TTM), dynamic requirement changes and increasing profit to service provi... more Reducing time to market (TTM), dynamic requirement changes and increasing profit to service providers are some of the features that are most interesting to software developers, in their look-up for software development methodologies. Security requirement features in system development methodologies are often not the primary concern of developers until now. Due to the increasing rate of data breaches in healthcare, software engineers in healthcare are desiring for suitable methods which have been incorporated with security requirement activities, for effective security requirement analyses. This study surveyed on existing software development methodologies and assessed their suitability for security requirements gathering and analysis towards enhancing information security assurance in healthcare. Security requirement activities were obtained from software security engineering standards and guidelines. The security activities were then assessed in existing software development methods to determine their extend of incorporation towards secure software development in healthcare. In this review, the traditional software development methods, including the Waterfall Model, were realized to have more integration of security requirement capturing activities than the agile methods.

Download

System Security Assurance: A Systematic Literature Review

ArXiv, 2021

Security assurance provides the confidence that security features, practices, procedures, and arc... more Security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We systematically review ...

Download

K-CUSUM: Cluster Detection Mechanism in EDMON

The main goal of the EDMON (Electronic Disease Monitoring Network) project is to detect the sprea... more The main goal of the EDMON (Electronic Disease Monitoring Network) project is to detect the spread of contagious diseases at the earliest possible moment, and potentially before people know that they have been infected. The results shall be visualized on real-time maps as well as presented in digital communication. In this paper, a hybrid of K-nearness Neighbor (KNN) and cumulative sum (CUSUM), known as K-CUSUM, were explored and implemented with a prototype approach. The KNN algorithm, which was implemented in the KCUSUM, recorded 99.52% accuracy when it was tested with simulated dataset containing geolocation coordinates among other features and SckitLearn KNN algorithm achieved an accuracy of 93.81% when it was tested with the same dataset. After injection of spikes of known outbreaks in the simulated data, the CUSUM module was totally specific and sensitive by correctly identifying all outbreaks and non-outbreak clusters. Suitable methods for obtaining a balance point of anonymi...

Download

Prosper Yeng

Uploads

Papers by Prosper Yeng

Log In