Professional Documents
Culture Documents
Dipl Ergasia Am14
Dipl Ergasia Am14
:
:
. .
. .
, 2012
3
. ,
Vidavo .
,
. ,
.
,
2012
.
.
.
.
,
.
.
.
,
.
. ,
.
: ,
, , ,
.
Abstract
The use of information systems is increasing, most organizations now rely for
their operation. Achilles heel of these is safety. This study presents the main issues
concerning the Security of Information Systems, and estimated as an example of a
security company specializing in telemedicine. In the first phase included the concept
of security policy in the wider field of Information Security Management Systems, the
feasibility of developing and implementing a security policy as described and the
basic characteristics. The implementation methodology of the study is given as also
the definition scope of it. Also is described and given the current situation in the
company and the mapping of web services and applications. Next are identifying the
basic principles for the development of Security Policy of Information Systems, is
clarifying the legal framework for the protection of medical data and their privacy.
The next section concerns the application of security policies into the company and
records the necessary steps for successful and effective implementation. Finally,
describe the Contingency plan and Recovery system for disasters and implement a
Risk management plan.
I.
(.),
,
.
:
1
.
2 .
.
3 .
4
. ,
,
. .
5 .
6
.
7 .
8
,
.
9 .
10 .
11 .
..................................................................................................................................... 5
I. ................................................................................................................................. 7
II. ............................................................................................................. 11
III. ..................................................................................... 12
IV. .............................................................................................................................. 13
1. ........................................................................... 17
1.1 .................................................................................................................................. 17
1.2 ...................................................................................... 18
1.3 .. ........................................................................................... 19
1.4 ................................................. 20
1.5
.......................................................................................... 21
1.5.1 .................................................................................. 22
1.5.2 ............................................................................... 23
1.5.3
BPL................................................................................................................ 24
1.6 ................................................................................................................ 24
2
.................................................................................. 26
2.1 1 ........................................................... 26
2.2 2 ............................................................................. 27
2.3 3 .......................................................................................... 29
2.4 4 ..................................................................... 31
2.5 5 ............................................................................... 32
...................................................................................................... 34
................... 36
4.1 ( COMPUTER ROOM & LAB ) 36
4.2 ...................................................................................................... 38
4.2.1 Vida 24 ........................................................................................................... 38
4.2.2 Vidatrack ........................................................................................................ 42
4.2.3 Vida ............................................................................................................. 44
4.2.4 Vidahome........................................................................................................ 47
4.3 .............................................................................................................. 49
4.4 ....................................................... 50
4.4.1 ......................................................................................................................... 50
4.4.2 .............................................................................................. 50
4.4.3 ................................................................................................................ 51
4.4.5 .................................................................................................................... 51
4.4.6 ...................................................................................................... 51
5 ............................................. 52
5.1 ..................................................................................... 52
5.2 .................................. 52
5.3 .................... 53
5.4 ............................... 55
5.5 ................................................. 56
6 ...................... 60
6.1 . ...................... 60
6.2 ................................................................................................................ 63
6.3 .................................................................................. 64
7
............................................................ 65
7.1 ........................................................................................................ 65
7.2 - ...................................................................... 65
7.3 ...................................................................... 68
7.4 ..................................................................................... 69
7.5
............................................................................................................................................. 70
7.6 ............................................................... 76
7.7 ...................................................................... 77
7.8 .............................................................................. 78
8
........... 83
8.1 ......................................................................................... 83
8.2 VIDAVO ..................................................................... 85
8.2 ....................................................................... 89
8.2.1 ................................................................................ 89
8.2.2 ..................................................................... 90
8.2.3 ...................................................................................... 93
8.2.4 ........................................................... 96
................................................................................ 106
9.1 ......................................................................................................... 108
9.2 .................................................................................................... 109
10
............................... 110
11
- ............................................................................................ 114
12
.................................................................................... 115
- ........................................................ 117
10
II.
1. 2004-2011 ........................................ 14
2. DBIR (DATA BREACHES INVESTIGATION REPORTS) .................. 15
3. 2004-2011. ....................................................................... 16
4. . ................................................................................................. 20
5. () ....................................................... 22
6. . ...................................... 23
7. .................................................................................. 37
8. .. VIDAVO .......................................................................................... 38
9. VIDA24 ........................................................................... 39
10. VIDATRACK. ................................................................. 43
11. VIDA . ...................................................................... 45
12. . ................................................................... 48
13. ....................................................................... 57
14. . .......................................................................................................... 67
15. ......................................................................................................... 75
16. . ..................................................................................................... 76
17. . ..................................................................................................... 93
18. . ....................................................................................... 96
19. FIREWALL . ............................................................................. 101
20. DMZ ...................................................................................................................... 104
21. DMZ . .................................................. 104
22. IDPS ......................................................... 105
11
III.
CERT
CRAMM
DAC
DBIR
DMZ
DOS
DPR
DSS
EIS
EMR
EPROM
ERM
ERP
ES, KBS
FTP
FVC
GPS
GSM
HER
HLS
HTTP
ISMS
ISO
ITSEC
MAC
MIS
PDA
RAC
RFID
RPC
SNMP
SSL
TCP/IP
TCSEC
TLS
UPS
URL
/
..
..
IV.
, Internet
.
.
,
.
.
.
(Data Breach Investigations Report, DBIR)
2004, , 2011
.
2011 .
, .
2011 .
, , .
.
Verizon,
,
CERT (Computer Emergency
Response Team), 90%
60%
.
,
Verizon ,
,
,
,
2011 98%
,
, , 4%.
13
1. 2004-2011
.
, hackers,
.
, ,
.
. , .,
.
. , ,
, , .
.
() (malware),
() o hacker
(social),
() (misuse)
() (physical and environmental)
14
() (errors).
(hackers)
(malware).
15
Verizon 2011
hacktivism 87% - 99%
.
,
, .
2011.
3. 2004-2011.
,
16
,
.
,
.
,
, .
, Vidavo.
.
1.
1.1
. Vidavo,
,
.
17
,
,
,
.
:
T .
.
1.2
,
,
.
18
1.3 ..
.., :
(Integrity):
,
, /
. ,
.
(Availability):
,
.
(DOS attack),
, .
. :
Slashdot,
,
, .
(Confidentiality):
.
. :
. 2006
480 80%
.
19
4. .
1.4
,
,
.
, :
.
.
,
.
.
20
, ,
.
1.5
. ,
(Risk Analysis) (standards)
.
:
, ,
.
: ,
.
:
= x
:
. .
:
.
,
.
21
5. ()
1.5.1
, :
()
()
()
()
()
22
6. .
1.5.2
, ,
. SBA (Security By
Analysis), MARION CRAMM (CCTA Risk Analysis and Management
Method). ,
.
,
.
23
,
.
1.5.3 BPL
: B > P * L
BPL :
=
P =
L =
,
.
.
,
BPL.
.
.
.
.
1.6
/
(controls) (countermeasures)},
, ,
,
.
24
4 :
() :
() : ,
() : ,
() :
.
,
- ,
up-to-date
.
,
,
(disaster recovery plan),
(contingency action plan). ( )
.
.
25
, .
2.1 1
, (assets) .
:
(Data assets): ,
DNS server.
(End User Services):
.
.
:
, , ,
.
: ,
(software):
.
,
, .
. ,
26
,
.
2.2 2
(assets)
, .
(..).
, (exposures)
, (vulnerabilities) (threats)
(control).
BPL
,
.
(.. BLP,
Biba, )
.
(Risk Analysis)
:
1:. (threats)
.
.
2.: (vulnerabilities).
.
.
3. (losses).
,
27
, ,
.
4. .
,
.
5. /
(countermeasures) . 3
,
( ).
.
6.
(cost effective) .
,
, , .
.
(Risk analysis) ,
(computer security) , ,
(network security), (physical security)
. ,
(logical infiltration),
(communications infiltration),
(failures of equipment) (physical threats) . ,
.
(logical
infiltration) .
(,
, ..). (database security)
.
28
(communications infiltration),
.
,
. ,
,
.
. ,
,
.
2.3 3
.
.
.
,
, .
(
, ) (,
, , sockets ..),
(roles and responsibilities).
(standards), TCSEC ITSEC.
.
.
.
:
(Assets): , .
29
(rules)
, (
), ,
,
, .
,
,
.
( , .)
.
30
2.4 4
.
:
..
..,
,
..
. ,
..
..
(Application
development and maintenance),
(Vendor support-contracts reliability),
(hardware and software inventory).
,
.
(Classification of data).
31
,
:
, ,
..
. , ,
,
.
.
:
1. .
2. .
.
3. .
.
4. .
,
, .
,
,
. UniPlan
.
2.5 5
,
32
( / )
. : ) )
.
:
.
.
(critical functions and systems) ,
(protection strategy),
,
.
,
,
.
,
(, , , .). ,
,
(disaster recovery facility),
(alternate site).
33
,
.
.
,
.
.
, ,
,
.
:
servers
, Computer room
. servers
(backups) .
Windows server 2000 Red hat
Enterprise Linux.
servers
, Lab,
/ . servers
.
.
,
, :
34
Backup:
.
Vida 24:
.
Vida track:
(, , , )
Vida :
, .
Vida Shop, Vidahome, pmp,
Mobile applications (Vida 24 mobile, Vidahealth mob) Pc Applications
( Bluetooth,
server)
,
. :
.
:
,
:
, /
35
(servers)
, data center
. Windows
2000 Redhat Enterprise Linux.
36
servers , rack ,
(lab)
, / ,
antivirus.
H Vidavo ,
antivirus
.
firewall, antivirus
,
.
7.
37
4.2
,
, .
4.2.1 Vida 24
4.2.1.1
VIDAVO
.
,
. vida24
,
, ,
, .
,
:
8. .. Vidavo
38
4.2.1.2
,
(, , ,
, , ) &
.
Bluetooth
( , Smartphone, H/Y)
, (24 )
.
( )
,
,
.
9. Vida24
39
4.2.1.3
,
.
,
(.. ).
.
,
. modem
&
.
2
.
,
:
email fax
.
4.2.1.4
( , , & ),
,
.
,
,
40
, , , ,
,
,
( )
:
.
,
.
,
.
.
.
.
.
.
.
.
,
.
,
,
.
( )
41
,
,
,
.
. ,
.
4.2.2 Vidatrack
4.2.2.1
VIDAVO
(, , , )
vida24..
vidatrack
Alzheimer ( ) .
4.2.2.2
, (, , ,
, ) ,
GPS GSM ,
. panic
button .
/
.
42
1 (alert button)
,
( SOS) ,
,
( ).
(/,
Smartphone)
SMS
.
2 (location tracking)
Alzheimer( )
GPS Tracker ( ),
() .
,
,
.
10. Vidatrack.
4.2.2.3
Vidatrack
/ ,
, Alzheimer
43
/ .
/
. ,
.
Alzheimer (
), , , - at
risk patients, , .
.
.
4.2.3 Vida
4.2.3.1
Vida
, .
(web-based) ,
, ,
DSM- IV-TR ,
.. ..
:
()
() -
()
44
11. Vida .
,
, .
:
(
),
( / / , /
)
, .
4.2.3.2
1
(
), ( /
/ , / ) .
vida
.
45
,
. ,
.
, .
. ,
, ,
, , ,
,
.
2
, .
(, , )
, .
.
, ,
/ ,
, .
,
, , .
4.2.3.3
Vida ,
/
.
46
,
,
,
,
,
.
, ,
,
,
-
.
4.2.4 Vidahome
4.2.4.1
vidahome
. vidahome
.
4.2.4.2
,
() .
.
,
, ,
.
47
,
.
,
.
12. .
4.2.4.3
Vida home
,
.
. ,
,
.
.
48
4.3
, .
(),
web based ,
. /
,
(/ PDA/ laptop/ netbook/ PC) ,
.
/,
(HL7, ECG-SCP) :
Online
/
49
/ , PDA/laptop/netbook /PC
.
. /,
.
, (
)
-
.
4.4
4.4.1
.
.
, ,
.. -
.
.
4.4.2
.
50
. ,
'
,
.
4.4.3
.
. ,
Vida
.
,
,
.4.4.4
/
,
panic button .
4.4.5
.
. , , ,
, ,
.
4.4.6
, ,
, .
, . ,
51
,
.
5
5.1
()
,
.
, .
,
,
. ,
. ,
, ,
.
, ,
.
, ,
/ ,
,
5.2
1.
52
.
.
2.
.
(www)
SSL (Secure Sockets Layer) ,
S/MIME, PEM (Privacy Enhanced Mail) PGP (Pretty Good Privacy)
SET (Secure
Electronic Transaction).
3.
,
.
,
.
5.3
,
,
.
,
, ,
.
, ,
.
,
.
,
.
53
:
1.
, ,
.
2.
, ,
.
3.
..
.
4.
.
5.
.
6.
, 24 24.
.
7.
.
8.
,
. ,
.
9. ()
.
.
54
10.
,
,
.
11. ,
(, ) ,
.
5.4
.
, :
/
.
/ ,
,
,
. ,
/
. ,
,
.
55
/
,
.
/
(, ,
) (web account),
.
/
,
,
, .
.
5.5
(encryption),
(authentication) ,
.
.
,
,
.
56
,
.
,
.
. ,
, (firewalls),
.
, (servers)
,
/ .
,
.
13. .
57
,
.
.
.
.
,
.
, ,
.
.
.
: RSA, Diffie Helman El Gamal
, 3DES(Data Encryption Standard), AES (Advanced
Encryption Algorithm), Blowfish, CAST .
( , ,
, .),
(user ID), .
. ,
user IDs .
user ID
, ,
.
,
.
.
58
, ,
.
.
, ,
, .
,
,
. ,
.
.
e-mail e-mail scanner.
(memory resident)
. ,
o
.
.
,
.
.
.
59
antivirus
.
. .
.
.
,
, .
.
.
.
6
6.1 .
VIDAVO
.
, ,
.
, . 2472/97 . 2774/99 .
60
.
.
.
,
.
, ,
.
,
,
.
, 95/46/,
. 2472/97 ,
.
, ,
, .
:
1.
:
() ,
()
,
() ,
,
.
61
2.
, :
()
.
.
.
.
()
, , , ,
.
: ,
,
.
.
() ,
.
.
()
().
3. :
()
,
, ,
.
62
()
.
()
.
() .
6.2
371 K
, , .
, ,
.
K
(B.. 25/5/1955). H
47 (6) N.
2071/92
,
.
63
6.3
(TE)
:
(authentication):
.
(Authorisation):
.
(confidentiality): .
(integrity): ,
.
(non-repudiation):
.
(revision / audit):
, .
(accountability):
, .
(transparency):
.
(availability):
.
64
7.1
:
1.
.
2.
.
3.
.
(,
), ( , )
( , ).
4.
.
5. ,
.
,
.
6.
,
, ,
.
7.2 -
,
.
,
.
.
65
. ,
, .
,
. ..
:
(interruption). ,
.
,
,
, .
(interception).
.
,
.
.
,
.
(modification).
, ,
.
.
.
(fabricate).
..
.
,
.
66
14. .
.
,
.
:
(
. , ,
, /, ,
- ).
( .
).
(
, ,
)
(
) .
67
(
,
). [14]
7.3
..
,
, ,
. :
() /. / ,
, :
.
,
(UPS,
Uninterrupted Power Supply) .
/
. ..
(..
) .
, .
,
. , ,
.
() . ..
,
/.,
/
.
68
() .
..,
.
7.4
,
.
,
.
,
.
.
.
:
,
, ,
,
.
,
.
.
.
69
.
.
/
.
7.5
,
.
.
(.. ),
.
,
.
, ,
- .
,
.
,
.
,
:
70
(, , )
. , ,
.
,
.
.
(.. ),
.
(, ,
, , , , ).
,
.
.
.
,
,
.
(rlogin, ftp, ) -
.
, -,
.
, ,
(RPC),
.
( getty-login Unix)
,
.
- (
)
71
.
.
,
. ,
,
.
,
.
,
.
, ,
.
(
), ( , ,
),
(monitoring) . ,
,
(, ).
.
. (boot)
EPROM (remote
boot).
(, ,
, , ),
.
, .
SNMP
, '' (terminal servers).
.
.
, . ,
72
.
, ,
. , ,
.
.
.
.
(, ),
(),
.
,
( ),
,
.
, ,
-
().
:
-
.
-
- .
.
,
.
73
,
.
.
,
.
.
, .
.
.
, .
, ,
, .
.
,
.
,
. ,
, , ,
, .
74
15.
.
:
() .
(,
, ),
.
() .
, .
() .
.
() . ,
.
'' ,
'' .
75
16. .
7.6
,
.
,
:
() ,
() /
,
()
() o
/
,
.
:
76
/
,
.
,
,
,
.
/
,
(, fax, email
).
/
(..
)
.
7.7
. ,
,
.
:
() ( , .. ,
)
77
() ,
, ..
() ,
, , ...
..
7.8
,
.
. ,
,
.
,
. ,
.
:
,
. ,
,
.
, :
,
.
78
,
,
. ,
,
.
.
() .
.
.
, ..
.
:
.
.
, .
.
, .
.
:
.
,
(.. PC),
.
.
. ,
, ,
.
,
. , ,
,
.
79
.
, .
() .
,
.
.
(tokens).
.
:
. /
.
,
.
, ,
.
,
.
.
:
,
. ,
,
.. .
.
.
, ,
.
, ( , ),
.
80
,
,
. ,
,
,
.
.
.
,
, , ,
.
. ,
.
.
. ,
,
.
.
.
,
. .
:
,
.
(ISO).
.
:
.
81
/ .
/.
.
:
.
:
() .
,
.
() . ,
, .. ,
.
,
.
,
. (
),
.
() .
.. .
, ,
,
.
.
.
82
, ,
.
,
,
(..
).
() , ..
, , ...
8.1
, ,
. (high-level statements)
.
,
.
:
(security policy):
, ..
83
(identification):
.
(marking):
.
(accountability):
.
(assurance):
,
.
(continuous protection): ..
.
, :
(Usability).
.
(Generality).
, .
(Effeciency).
, .
(Flexibility).
(Opacity).
.
(Security).
.
(Integrity).
.
(Capacity).
.
84
(Reliability). ,
.
(Serviceability).
.
(Extentability).
, .
(Availability).
.
8.2 Vidavo
,
.
:
(Personnel Security).
.
.
.
.
.
.
.
85
Vidavo
.
, ,
,
,
,
.
,
.
Vidavo, ,
.
Vidavo, .
,
,
.
,
.
1.
Vidavo
, ,
.
,
,
.
,
,
.
86
,
,
,
.
,
,
.
2.
Vidavo
,
.
3.
,
.
4.
,
, .
,
,
Vidavo ,
.
5.
Vidavo
,
87
,
.
6.
.
,
Vidavo.
.
, ,
, ,
.
.
.
7.
,
.
8.
, ,
, .
88
8.2
8.2.1
.
Computer Room
(safety).
,
.
.
, ,
.., ,
. ,
, .
(UPS),
89
8.2.2
8.2.2.1
,
servers
,
,
.
, .
, ,
. .
.
. (smart card) .
, ,
.
,
. O
, ,
.
, .
(smart card reader),
. ,
,
.
90
8.2.2.2
.
,
. .
:
- .
, )
(,
- .
(, , )
- .
.. , ,
, .
,
, .
:
- (Discretionary Access Control - DAC).
,
, (mandatory) .
,
.
,
.
,
.
,
.
91
,
[24].
92
,
.
.,
.
17. .
8.2.3
,
,
,
/.
,
. ,
,
,
.
93
, .
,
.
:
() -.
.
,
.
() .
.
,
.
,
. ,
.
94
() .
.
. ,
( ,
..) ,
.
,
. ,
.
,
.
.
.
.
:
,
, ,
.
.
,
,
.
95
,
. ,
(audits) .
.
8.2.4
.
.
.
.
18. .
96
,
.
HTTPS SSL.
, .
,
Firewall, Web Access Systems, Mail Security Systems, Network IPS/IDS.
End Point Security System,
(Gateway Security)
.
:
Firewall
Antivirus
Antisyare
Antispam
URL Filtering
DMZ (De Military Zone)
Intrusion Detection / Prevention Systems
8.2.4.1
.
.
97
.
SSL
( )
.
TCP/IP
.
HTTP, FTP, telnet
.
SSL :
() server client.
() client server
()
.
SSL
.
:
.
.
bytes
.
SSL,
(
)
.
99
8.2.4.3 Firewall
firewall
. T firewalls Antivirus,
URL Filtering, Antispam .
UTM (Unified
Threat Management)
firewall software hardware,
.
.
. firewall
.
100
19. Firewall .
, firewall
:
(Remote login):
.
.
backdoors (Application backdoors):
.
e-mail (E-mail bombs): -
(mail server e-mail)
.
(Macros):
.
.
101
(Viruses): .
.
.
.
Spam: e-mail, ,
.
.
8.2.4.4 ntivirus
Antivirus
.
, , .
Antivirus :
1. Servers /Y
,
H/Y
2. (mail servers, proxy
servers .)
H/Y
3. Gateways
.
,
.
8.2.4.5 Antispyware
H/Y
. Spyware
(bandwidth) .
102
.
, Antispyware
(Gateway)
(proxy).
, / .
Spyware
sites, Antispyware
URL Filtering .
8.2.4.6 Antispam
To Antispam
emails, spam .
. ,
Antispam firewall.
Antispam
.
Antispam mails .
.
103
20. DMZ
DMZ
. DMZ
.
21. DMZ .
104
22. IDPS
105
H Firewall IPS
, IP
.
(.. Firewalls) / .
, ,
,
.
,
,
.
HID OSSEC (Host-based Introdusion Detective
System).
.
,
, ,
, .
,
,
,
.
, .
, .
.
.
,
,
.
, .
.
, ,
.
, .
107
9.1
, ,
:
: ,
,
.
:
.
EHR.
-:
,
,
.
:
, ,
.
:
,
EHR.
:
,
.
:
:
.
.
108
9.2
, ,
(, , , .).
, ,
, .
,
, ,
, . ,
, , .
,
.
,
. ,
,
, ,
.
.
,
,
,
.
, ,
,
. , ,
.
,
.
,
.
.
109
,
,
().
,
:
cold sites shells.
.
, ,
,
hot sites. ,
,
. , ,
, , ,
. hot site,
,
, ,
.
10
.
,
.
(Enterprise risk management, ERM)
, ,
, .
,
, , .
,
110
.
.
:
1.
2.
3.
4. .
5.
6. /
7.
.
,
, ,
.
,
.
,
, .
,
ISO 27001
(Information Security Management
111
System, ISMS) .
, , . ISO
27001
.
ISO,
(ISO 9001, ISO 14001 .)
.
ISO 27001,
.
, .
ISO 27001
.
.
. :
,
112
Antivirus Backup,
Firewall Hardware Software.
, (Document Control)
, ..
(Disaster Recovery Policy)
- .
,
:
(Plan): ,
,
.
(Do):
(Check):
ISMS (
)
(Act): ,
.
ISM
,
,
,
, .
.
.
113
11 -
.
.
,
,
.
Internet
.
.
.
,
, .
.
.
,
, .
.
.. .
,
, .
.
,
, hardware ,
.
,
, CRAMM.
,
.
114
12
[1] ISO/IEC, 17799 Code of Practice for Information Security Management, Geneva,
Switzerland, 2000.
[2] ISO/IEC/JTC1, TR 13335 Information Technology - Security Techniques Guidelines for the management of IT Security (GMITS), Geneva, Switzerland,
1996.
[3] 2472/97,
, 10-4-97/ 50/ , 1997.
[4] 2474/1999,
.
[5] 3418/2005, .
[6] 1999/93/
13 1999
.
[7] 97/66/ 15
1997
.
[8] . R (99) 5
.
[9] Data Breach Investigation report 2011, Verizon.
[10]Andrew S. Tanenbaum, Computer Networks, 4th Edition, Pearson Education
Inc, 2003.
[11] ., & , ,
2007.
[12] .,
, 2007.
[13] , ,
2005.
[14] .,
, , 2007.
[15] ., .,
, 2002.
[16] ., &
, , 2005.
[17] , . , . , &
: , 2002.
[18] ,
, , 2002.
[19]. , " ", , , 2001
115
[20] . , .,
:
, 2003.
[21] ., ., , , 2001.
[22]. , "", , , 2002
[23]W. Stallings, "Network Security Essentials: Applications and Standards", 2nd
edition, Prentice Hall, USA, 2003
[24]K. Scasfone, P. Mell, "Guide to Intrusion Detection and Prevention Systems
(IDPS)", National Institute of Standards and Technology,2007
[25] Pfleeger, Security in Computing, Prentice-Hall Inc, 1997.
[26] Simson Garfinkel, Gene Spafford, Practical UNIX & Internet Security, 2nd
Edition, O' Reilly & Associates Inc, 1996.
[27]S. Powell, J.P. Shim, "Wireless Technology Application, Management and
Security", Springer, 2009
[28] G. Pangalos, 'Security in Medical Database Systems', EEC, SEISMED Project
Report, 1992.
[29]Siponen M., Policies for Construction of Information Systems Security
Guidelines, Kluwer Academic Publishers, 2000.
[30]Hossein Bidgoli, Handbook of Information Security, John Wiley & Sons,
California 2006.
[31]Rash, Michael et al, Intrusion Prevention and Active Response: Deployment
Network and Host IPS, Syngress, 2005.
[32]Joseph Boyce, Information Assurance: Managing Organizational It Security
Risks, , 2002.
[33] , www.dpa.gr ,
2012.
[34] Inventory of Risk Management /Risk Assessment methods and
tools, http://rm-inv.enisa.europa.eu, 2012.
[35] Information Security Policies and Standards,
http://www.information-security-policies-and-standards.com/, 2012.
[36] Risk World, http://www.riskworld.net/, 2012.
[37] Specialist services and solutions for IT governance,
risk
management,
compliance
and
information
security.
http://www.itgovernance.co.uk/, 2012.
116
-
A
Confidentiality
Alternate site
Vulnerabilities
Opacity
Integrity
Review
Risk Analysis
Countermeasures
Threats
Effeciency
Failures of equipment
Losses
Database security
--
High-level statements
Generality
ssurance
Procedures
Availability
Interruption
117
Security Management
Standards
ccountability
Document Controls
Audit
Access control
Confidentiality
Stakeholders
Servers
Extentability
Risk
Communications Infiltration
Flexibility
Capacity
Usability
Viruses
Rules
Classification of data
Security culture
Logical infiltration
Macros
Security measures
Guidelines
Organisational policy
Security breach
Interception
Security incident
Certification
Fabrication
Security Policy
Standards
Gateway
arking
Protection Strategy
Compliance
119
Serviceability
Recovery Plan
Security Plan
dentification
Modification
Security Officer
Responsibility
Physical security
120