ARIS2 - Advanced Research on Information Systems Security https://aris-journal.com/aris/index.php/journal <p>Welcome, colleague.</p> <p>The <em><strong>ARIS<sup>2</sup> - Advanced Research on Information Systems Security, an</strong></em><em><strong> International Journal,</strong> </em>focuses on the original research and practice-driven applications with relevance to Information Security and Data Protection, published by <strong>LAPI2S- Laboratory of Privacy and Information Systems Security</strong>, based in Porto, Portugal, edited by Prof. Dr. Nuno Mateus-Coelho, and supported by COPLEABS - Universidade Lusófona.</p> <p><strong><em>ARIS<sup>2</sup></em></strong> provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view of modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions.</p> <p>Submitted articles are published immediately after the process of submission, review, and camera-ready. All articles are included in editions, and these are published biannually in a volume.</p> <p><strong><em>ARIS<sup>2</sup></em></strong> issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.</p> <p>We have the pleasure of extending a warm welcome to everyone planning to submit to <strong>ARIS<sup>2</sup> – Advanced Research on Information Systems Security.</strong></p> <p><strong>Online ISSN: 2795-4560</strong></p> <p><strong>Print ISSN: </strong><strong>2795-4609</strong></p> <p>Best Regards,</p> <p>Editorial Team</p> en-US secretariat@aris-journal.com (Prof. Dr. Nuno Mateus-Coelho) andre.costa@aris-journal.com (Dr. André Costa) Mon, 15 Apr 2024 00:00:00 +0000 OJS 3.3.0.13 http://blogs.law.harvard.edu/tech/rss 60 The Editorial - ARIS - Advanced Research on Information Security https://aris-journal.com/aris/index.php/journal/article/view/46 <p>As we delve into this Special Issue on Cybersecurity in Healthcare, part of Volume 4, Issue 1, we find ourselves at a pivotal moment, fully aware of the urgent issues defining cybersecurity in today's era. With each passing day, new vulnerabilities surface, threat actors grow more sophisticated, and the digital frontier extends into uncharted territories. In this landscape, ARIS2 serves as an indispensable guide, steering discussions toward leading-edge research and fostering a deeper comprehension of the unique challenges and opportunities in healthcare and health technologies.</p> Nuno Mateus-Coelho Copyright (c) 2024 Nuno Mateus-Coelho https://creativecommons.org/licenses/by-nc-nd/4.0 https://aris-journal.com/aris/index.php/journal/article/view/46 Mon, 15 Apr 2024 00:00:00 +0000 Ethical and legal aspects of cybersecurity in health https://aris-journal.com/aris/index.php/journal/article/view/45 <div><span lang="EN-US">Background: With the emergence of eHealth and mHealth, the use of mental health apps has increased significantly as an accessible and convenient approach as an adjunct to promoting well-being and mental health. There are several apps available that can assist with mental health monitoring and management, each with specific features to meet different needs. The intersection of mental health and cyber technology presents a number of critical legal and ethical issues. As mental health monitoring apps and devices become more integrated into clinical practice, cybersecurity takes on paramount importance. Objective: To address the ethical and legal aspects of health cybersecurity related to applications in mental health monitoring and management. Methods: We carried out a thematic synthesis of the best scientific evidence. Results: These tools have the potential to significantly improve access to and quality of care for users with mental health conditions, but they also raise substantial concerns about privacy and informed consent.&nbsp; Cybersecurity in mental health is not only a matter of technology, but also of human rights. The protection of sensitive mental health information is critical, and legal and ethical measures to safeguard this information must be implemented in a robust and transparent manner. Conclusion: the use of information technologies and mobile devices is now part of the clinical reality and its future perspectives. It is important to mention that while these apps can be helpful for self-care and mental well-being management, they are not a substitute for the advice and support of a qualified mental health professional (psychologist or psychiatrist). As we move into the digital age, it is imperative that mental health monitoring and management apps are developed and used responsibly, ensuring the safety, dignity, and well-being of users.</span></div> Ana Galvão, Clara Vaz, Marco Pinheiro, Clarisse Pais Copyright (c) 2024 Ana Galvão, Clara Vaz, Marco Pinheiro, Clarisse Pais https://creativecommons.org/licenses/by-nc-nd/4.0 https://aris-journal.com/aris/index.php/journal/article/view/45 Mon, 15 Apr 2024 00:00:00 +0000 Exploring the dynamics between artificial intelligence and cybersecurity in Healthcare https://aris-journal.com/aris/index.php/journal/article/view/44 <p>Technology changed the world over the past decades, reinventing the way we work, communicate, and live. In the healthcare sector, it has contributed to driving innovations in the diagnosis process, treatment, data management, and information access. However, this transformation has been accompanied by an increasing dependence on digital systems and connectivity. Nowadays, concepts such as artificial intelligence and cybersecurity are widely recognized, but organizations just became aware of the benefits and risks involved. In fact, the nature of their relationship it is still under discussion.</p> <p>The central objective of this study is to explore the dynamics of this relationship in healthcare, taken as a sector undergoing constant technological evolution. We propose a dual approach, encompassing both strategic and operational perspectives, which can support the management of this complex interaction, balancing security and innovation.</p> António Tavares, Pedro Sousa, Rita Proença Copyright (c) 2024 António Tavares, Pedro Sousa, Rita Proença https://creativecommons.org/licenses/by-nc-nd/4.0 https://aris-journal.com/aris/index.php/journal/article/view/44 Mon, 15 Apr 2024 00:00:00 +0000 Cyber Threats to Healthcare Technology Services https://aris-journal.com/aris/index.php/journal/article/view/38 <p>Information Technology has become a key component of many sectors in today's world, and healthcare is a prime example. However the increase in IT, particularly among healthcare businesses which are now identified as a major target area, has increased sensitivity to cyber threats. There is a variety of vital data stored in such facilities, including private and possibly financial information about patients. An analysis of the risks and threats to these institutions is presented in this paper. The study is based on the results of a survey involving several healthcare professionals from various healthcare establishments in Portugal. It aims to draw attention to the current state of healthcare cybersecurity and evaluate its possible risks, as well as how best to mitigate them. This in depth analysis, aiming at contributing significantly to the conversation on the cybersecurity of healthcare and eventually improving patient data security and integrity against increasing cyber threats, would be a major step forward.</p> Rodrigo Sousa Copyright (c) 2024 Rodrigo Sousa https://creativecommons.org/licenses/by-nc-nd/4.0 https://aris-journal.com/aris/index.php/journal/article/view/38 Mon, 15 Apr 2024 00:00:00 +0000 Database Decomposition to satisfy the Least Privilege Principle in Healthcare https://aris-journal.com/aris/index.php/journal/article/view/43 <p>The Multilevel Database Decomposition Framework is a cybersecurity strategy to enhance system robustness and minimize the impact of data breaches with a focus on healthcare systems. With respect to more conventional normalization methods, the framework prioritizes robustness against cyber threats over mere data redundancy reduction. The key strategy of the framework is the decomposition of a database into smaller databases to restrict user access and mitigate the impact of successful intrusions by satisfying the least privilege principle in a more complete way. For this purpose, each database the decomposition produces is uniquely associated with a set of users and the decomposition ensures that each user can access all and only the data his/her operations need. This limits the potential impact of threat agents impersonating users to the information a compromised user can access.</p> <p>To prevent the propagation of an intrusion across the databases it produces, the framework can apply alternative allocation strategies by distributing the databases to distinct virtual or physical entities according to the security requirement of the original application. This flexibility in allocation management ultimately reinforces defenses against evolving cyber threats and it is the main advantage of the deposition.</p> <p>As a counterpart of better robustness, some tables will be replicated across the databases the decomposition returns and updates of these tables should be properly replicated to prevent inconsistencies among copies of the same table in distinct databases. The paper includes a performance analysis to evaluate the overheads associated with the alternative allocations. This offers insights into the framework implementation and adaptability to distinct security needs and to evaluate the framework effectiveness for healthcare data systems.</p> Vincenzo Sammartino, Fabrizio Baiardi Copyright (c) 2024 Vincenzo Sammartino, Fabrizio Baiardi https://creativecommons.org/licenses/by-nc-nd/4.0 https://aris-journal.com/aris/index.php/journal/article/view/43 Mon, 15 Apr 2024 00:00:00 +0000