The Threat Nets Approach to Information Systems Security Risk Analysis
The Authors:
Drake Patrick Mirembe
Publication Type: Book
Year of Publication: 2015
Abstract
Informationmanagementsystemslike Remote Patient Monitoring Systems(RPMS) provide capabilities of collecting, analyzing and disseminating vital patient data to healthcare service providers. The timely availability of reliable patient data enables healthcare service providers to deliver services to remote patients, hence; lowering cost of services, improving compliance to prescription, and improving monitoring of recovering patients. Clearly, healthcare information systems like RPMS have a potential to address the growing demand for healthcare services due to the increasing and aging world population. However, utilization of RPMS in such mission critical situations raises concerns about the impact of their failures on the patient and the hospital. Thus, identifying RPMS vulnerabilities, associated threats, evaluating threat likelihood and impact are crucial tasks in the RPMS adaption decision process. Furthermore, senior management in hospitals is always concerned with finding optimal investment options. In that regard, the assessment of the cost-effectiveness of information system threat mitigation strategies is key in the IT adaption decision process. It is evident that assessing threat likelihood, evaluating the threat business impact and determining a cost-effective threat mitigation strategy requires a pragmaticapproach to guide the execution of the different activities.
Consequently, currentinformation systemthreat analysisapproaches were analyzed in order to determine existing gaps, establish requirements of an ideal threat analysis approach and define parameters of evaluating the utility of a threat analysis approach. It was established that current threat analysis approaches do not provide sound techniques of incorporating knowledge of system characteristics in the assessment of threat likelihood. Furthermore, current approaches do not provide a logical techniqueof quantifying threat business impact. The lack of logical techniques of linking system characteristics and discoverability of vulnerabilities to the likelihood of threats and computation of threat business impact often results into subjective conclusions on threat likelihood and impact, which do not add value on how best to managethreats.
Accordingly, the Threat Nets Approach is proposed to enhance threat analysis in information systems like RPMS. The approach offers systematic guidelines on how to analyze threats in a logical manner. The approach is organized into 4 service recipes: the threat likelihood assessment service, threat impact evaluation service, ROI on threat mitigation controls assessment service and coordination management. The threat likelihood assessment service offers recipes of incorporating system vulnerabilities and threat agents’ knowledge in the determination of threat likelihood. The approach also offers a techniques of computing threat business impact and evaluating the cost-effectiveness of threat
mitigation controls. Unlike the current approaches that rely only on security experts to analyze threats, the approach proposes that analysis of threats to information systems be done by both security experts and business analysts. It was observed from the exploratory study that most security analysts are ill-equipped to make authoritative judgment on the impactof threats tothe business given their lack of knowledge on business value.
The Threat Nets Approach requires one or more security experts to assess the threat likelihood before business analysts can evaluate the threat impact. The line of reasoning is adopted to minimize limitations associated with the natural bias of experts. The approach proposes that threat analysis of information systems like RPMS should be conducted following 3 sequential activities: threat likelihood assessment, threat business impact evaluation and ROI assessment of proposed threat mitigation strategies. The threat likelihood step is concerned with the identification of system vulnerabilities, threat agents and evaluation of threat likelihood. The step involves the assessment of likelihood of vulnerability discovery and exploitation by threat agents. The threat likelihood service offers recipes of incorporating expert knowledge on system vulnerabilities in the computation of threat likelihood. The threat business impact analysis step focuses on evaluating the impact of the threat on the hospital based on assessment of lost productivity, brand damage, and system restoration costs (recovery cost).The third step, the ROI assessment of threat mitigation controls offersrecipes of determining the most cost-effective threat mitigation strategies based on assessment of return on investment and effectiveness rank of a given strategy.
To facilitate the use of the approach, the ThreNet tool was implemented. The web-based tool facilitates coordination of activities among actors during the threat analysis process. The tool implements techniques of computing threat likelihood, threat impact and return on investments on threat mitigation controls.
In order to ascertain the extent to which the approach enhances threat analysis process of healthcare information management systems, completeness, usefulness and usability were selected as appropriate parameters. Accordingly, two case studies were conducted at Case Hospital Kampala and Mengo Hospital. The case studies were setup in such a way that experts (security experts and business analysts) use the approach to analyze threats to the ClinicMaster healthcare information system at the selected hospitals. After which participants were asked by use of a questionnaire to express their appreciation of the usefulness, usability and completeness of the approach. In order to establish the utility of the approach, the outcome of expert evaluation of the case study were analyzed to establish the sensitivity of results. Furthermore, responses of the survey questionnaire were analyzed to
establish the expert’s appreciation of the usefulness, usability and completeness of the approach. The results of expert evaluation indicate that indeed, the approach provides complete, usable and useful recipes for assessment of threat likelihood, threat business impact and cost-effectiveness of threat mitigation controls. The results further reveal that the recipes provided for coordinationmanagement,do enhance coordination of activities among actors during the threat analysis process.Case study results reveal thatthe most potent threat to ClinicMaster system at both Case Hospital and Mengo is the unintended disclosure of patient information mainly due to the lack of sound information access policies and patient authentication services. The analysis of the recommended threat mitigation controls for unintended disclosure of patient data revealed that: there is need to train doctors, nurses and lab technologiststo be more security conscious when handling patient data.