`NHS wide networking security architecture`, 3 April 1995, IMG document NWNS/T1.21  Home/Search   Document Not in Database   Summary   Related Articles   Check

....at the request of the intelligence community) I was therefore contacted and asked to speak to the BMA s Information Technology Committee (as it now is) on the 8th March. On looking at the documents that the government had supplied to the BMA on security in the proposed network [50] 51] 52] [53] [54] it was clear that something was wrong. The government assumed that the main additional threat from connecting clinical computer systems together would come from outside hackers a view common enough in the popular press but not held by people with experience of the field. The ....

`NHS wide networking security architecture`, 3 April 1995, IMG document NWNS/T1.21

....spiked at the request of the intelligence community) I was therefore contacted and asked to speak to the BMA s Information Technology Committee (as it now is) on the 8th March. On looking at the documents that the government had supplied to the BMA on security in the proposed network [50] 51] [52] [53] 54] it was clear that something was wrong. The government assumed that the main additional threat from connecting clinical computer systems together would come from outside hackers a view common enough in the popular press but not held by people with experience of the field. The ....

`NHS-wide networking: data security policy', IMG document NWNS/T3.3

....of encryption and signature, will be discussed in section 6 below as it turns out to be closely related with point 6. 2 Threat Model When considering the implications of networking clinical systems together, IMG originally assumed that the main additional threat would be external hackers [53, 54, 55, 56, 57, 58, 59]. The BMA first pointed out in [6] that this was mistaken, and that the great majority of incidents would probably be due to abuse of authorised access by insiders. Further BMA documents discuss the issue in more detail [8, 9, 10] The view that most attacks will be internal rather than external ....

.... initial threat model was wrong, the BMA asked them to issue an amended set of policy documents, starting with the NWN Threats and Vulnerabilities [54] then leading on to a top level information systems security policy to replace [53] a data security policy to replace [55] and so on through [56, 57, 58] to the reference manual [59] However, IMG refused to update their documents. This is unacceptably poor systems engineering practice; it has led to the adoption of a cryptography policy founded on assumptions that officials claim to have abandoned. Under the circumstances, the writers of this ....

`NHS wide networking security architecture`, 3 April 1995, IMG document NWNS/T1.21

....of encryption and signature, will be discussed in section 6 below as it turns out to be closely related with point 6. 2 Threat Model When considering the implications of networking clinical systems together, IMG originally assumed that the main additional threat would be external hackers [53, 54, 55, 56, 57, 58, 59]. The BMA first pointed out in [6] that this was mistaken, and that the great majority of incidents would probably be due to abuse of authorised access by insiders. Further BMA documents discuss the issue in more detail [8, 9, 10] The view that most attacks will be internal rather than external ....

.... IMG accepted that their initial threat model was wrong, the BMA asked them to issue an amended set of policy documents, starting with the NWN Threats and Vulnerabilities [54] then leading on to a top level information systems security policy to replace [53] a data security policy to replace [55], and so on through [56, 57, 58] to the reference manual [59] However, IMG refused to update their documents. This is unacceptably poor systems engineering practice; it has led to the adoption of a cryptography policy founded on assumptions that officials claim to have abandoned. Under the ....

`NHS-wide networking: data security policy', IMG document NWNS/T3.3

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC