https://aris-journal.com/aris/index.php/journal/issue/feed ARIS2 - Advanced Research on Information Systems Security 2024-04-16T11:55:42+00:00 Prof. Dr. Nuno Mateus-Coelho secretariat@aris-journal.com Open Journal Systems <p>Welcome, colleague.</p> <p>The <em><strong>ARIS<sup>2</sup> - Advanced Research on Information Systems Security, an</strong></em><em><strong> International Journal,</strong> </em>focuses on the original research and practice-driven applications with relevance to Information Security and Data Protection, published by <strong>LAPI2S- Laboratory of Privacy and Information Systems Security</strong>, based in Porto, Portugal, edited by Prof. Dr. Nuno Mateus-Coelho, and supported by COPLEABS - Universidade Lusófona.</p> <p><strong><em>ARIS<sup>2</sup></em></strong> provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view of modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions.</p> <p>Submitted articles are published immediately after the process of submission, review, and camera-ready. All articles are included in editions, and these are published biannually in a volume.</p> <p><strong><em>ARIS<sup>2</sup></em></strong> issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.</p> <p>We have the pleasure of extending a warm welcome to everyone planning to submit to <strong>ARIS<sup>2</sup> – Advanced Research on Information Systems Security.</strong></p> <p><strong>Online ISSN: 2795-4560</strong></p> <p><strong>Print ISSN: </strong><strong>2795-4609</strong></p> <p>Best Regards,</p> <p>Editorial Team</p> https://aris-journal.com/aris/index.php/journal/article/view/46 The Editorial - ARIS - Advanced Research on Information Security 2024-04-16T11:55:42+00:00 Nuno Mateus-Coelho nuno.coelho@ulusofona.pt <p>As we delve into this Special Issue on Cybersecurity in Healthcare, part of Volume 4, Issue 1, we find ourselves at a pivotal moment, fully aware of the urgent issues defining cybersecurity in today's era. With each passing day, new vulnerabilities surface, threat actors grow more sophisticated, and the digital frontier extends into uncharted territories. In this landscape, ARIS2 serves as an indispensable guide, steering discussions toward leading-edge research and fostering a deeper comprehension of the unique challenges and opportunities in healthcare and health technologies.</p> 2024-04-15T00:00:00+00:00 Copyright (c) 2024 Nuno Mateus-Coelho https://aris-journal.com/aris/index.php/journal/article/view/45 Ethical and legal aspects of cybersecurity in health 2024-04-16T11:42:40+00:00 Ana Galvão anagalvao@ipb.pt Clara Vaz clvaz@ipb.pt Marco Pinheiro marco.paulo.pinheiro@iscte-iul.pt Clarisse Pais clarisse@ipb.pt <div><span lang="EN-US">Background: With the emergence of eHealth and mHealth, the use of mental health apps has increased significantly as an accessible and convenient approach as an adjunct to promoting well-being and mental health. There are several apps available that can assist with mental health monitoring and management, each with specific features to meet different needs. The intersection of mental health and cyber technology presents a number of critical legal and ethical issues. As mental health monitoring apps and devices become more integrated into clinical practice, cybersecurity takes on paramount importance. Objective: To address the ethical and legal aspects of health cybersecurity related to applications in mental health monitoring and management. Methods: We carried out a thematic synthesis of the best scientific evidence. Results: These tools have the potential to significantly improve access to and quality of care for users with mental health conditions, but they also raise substantial concerns about privacy and informed consent.&nbsp; Cybersecurity in mental health is not only a matter of technology, but also of human rights. The protection of sensitive mental health information is critical, and legal and ethical measures to safeguard this information must be implemented in a robust and transparent manner. Conclusion: the use of information technologies and mobile devices is now part of the clinical reality and its future perspectives. It is important to mention that while these apps can be helpful for self-care and mental well-being management, they are not a substitute for the advice and support of a qualified mental health professional (psychologist or psychiatrist). As we move into the digital age, it is imperative that mental health monitoring and management apps are developed and used responsibly, ensuring the safety, dignity, and well-being of users.</span></div> 2024-04-15T00:00:00+00:00 Copyright (c) 2024 Ana Galvão, Clara Vaz, Marco Pinheiro, Clarisse Pais https://aris-journal.com/aris/index.php/journal/article/view/44 Exploring the dynamics between artificial intelligence and cybersecurity in Healthcare 2024-04-16T11:42:44+00:00 António Tavares tavares.aml@gmail.com Pedro Sousa pedro.sousa@scmp.pt Rita Proença rita.proenca@scmp.pt <p>Technology changed the world over the past decades, reinventing the way we work, communicate, and live. In the healthcare sector, it has contributed to driving innovations in the diagnosis process, treatment, data management, and information access. However, this transformation has been accompanied by an increasing dependence on digital systems and connectivity. Nowadays, concepts such as artificial intelligence and cybersecurity are widely recognized, but organizations just became aware of the benefits and risks involved. In fact, the nature of their relationship it is still under discussion.</p> <p>The central objective of this study is to explore the dynamics of this relationship in healthcare, taken as a sector undergoing constant technological evolution. We propose a dual approach, encompassing both strategic and operational perspectives, which can support the management of this complex interaction, balancing security and innovation.</p> 2024-04-15T00:00:00+00:00 Copyright (c) 2024 António Tavares, Pedro Sousa, Rita Proença https://aris-journal.com/aris/index.php/journal/article/view/38 Cyber Threats to Healthcare Technology Services 2024-04-16T11:42:51+00:00 Rodrigo Sousa rodrigosousa1105@gmail.com <p>Information Technology has become a key component of many sectors in today's world, and healthcare is a prime example. However the increase in IT, particularly among healthcare businesses which are now identified as a major target area, has increased sensitivity to cyber threats. There is a variety of vital data stored in such facilities, including private and possibly financial information about patients. An analysis of the risks and threats to these institutions is presented in this paper. The study is based on the results of a survey involving several healthcare professionals from various healthcare establishments in Portugal. It aims to draw attention to the current state of healthcare cybersecurity and evaluate its possible risks, as well as how best to mitigate them. This in depth analysis, aiming at contributing significantly to the conversation on the cybersecurity of healthcare and eventually improving patient data security and integrity against increasing cyber threats, would be a major step forward.</p> 2024-04-15T00:00:00+00:00 Copyright (c) 2024 Rodrigo Sousa https://aris-journal.com/aris/index.php/journal/article/view/43 Database Decomposition to satisfy the Least Privilege Principle in Healthcare 2024-04-16T11:42:48+00:00 Vincenzo Sammartino vincesammartino@gmail.com Fabrizio Baiardi fabrizio.baiardi@unipi.it <p>The Multilevel Database Decomposition Framework is a cybersecurity strategy to enhance system robustness and minimize the impact of data breaches with a focus on healthcare systems. With respect to more conventional normalization methods, the framework prioritizes robustness against cyber threats over mere data redundancy reduction. The key strategy of the framework is the decomposition of a database into smaller databases to restrict user access and mitigate the impact of successful intrusions by satisfying the least privilege principle in a more complete way. For this purpose, each database the decomposition produces is uniquely associated with a set of users and the decomposition ensures that each user can access all and only the data his/her operations need. This limits the potential impact of threat agents impersonating users to the information a compromised user can access.</p> <p>To prevent the propagation of an intrusion across the databases it produces, the framework can apply alternative allocation strategies by distributing the databases to distinct virtual or physical entities according to the security requirement of the original application. This flexibility in allocation management ultimately reinforces defenses against evolving cyber threats and it is the main advantage of the deposition.</p> <p>As a counterpart of better robustness, some tables will be replicated across the databases the decomposition returns and updates of these tables should be properly replicated to prevent inconsistencies among copies of the same table in distinct databases. The paper includes a performance analysis to evaluate the overheads associated with the alternative allocations. This offers insights into the framework implementation and adaptability to distinct security needs and to evaluate the framework effectiveness for healthcare data systems.</p> 2024-04-15T00:00:00+00:00 Copyright (c) 2024 Vincenzo Sammartino, Fabrizio Baiardi