Clinical Information Systems Security
Clinical Information Systems (CIS) are computerized systems that have data that allows access to the most current data of patients related to the medication history, clinical notes, and laboratory reports channeled either directly or across data networks. Developed for the healthcare industry, the adoption of CIS dates back to the 1960s when it was purely used for hospital accounting systems. However, in the 1970s applications used in the CIS mutated to communication and patients’ results reviews (Grandia, 2017). The CIS model involves a variety of networking technology, electronic medical records, clinical databases, and related clinical informatics research that is necessary for the management of patient conditions.
As the first tools in primary care, the CIS is used for recording and managing patient information efficiently. Secondly, it supports the process of organizing patients’ information according to specified demographic and clinical data. Thirdly, it ensures that the process of data storage and manipulation is associated with proper patient care. The other characteristic is that it helps reduce prescription errors, unnecessary testing, and hospitalizations. Another characteristic is that it supports meaningful treatment of patients and improves safety, productivity, and outcomes of healthcare (Islam, Poly & Li, 2018).
Features of the Model
Health practitioners have access to all information and services in a centralized place and have both direct and remote access to immediate updates of patients’ medical data. Furthermore, it has led to improved quality and analysis of patients’ data aligned with the knowledge of the physician and decisions on patients are guided by clinical evidence and best practice. There is also a quick turnaround of diagnosis of patients. Along with that, it has led to the utilization of a standard format of communication with different clinical information systems and enhanced communications between and among different health practitioners.
Application to Citi Bank Security Model
Considering that the clinical information system was designed for hospital settings, it is hard to apply this model to Citi Bank security system.
Noninterference Security Model
The model was developed by Goguen and Mesguer in 1982 and updated in 1984. Basically, it was designed to ensure that subjects and objects within different security levels do not interfere with those belonging to other levels. Here, objects are either data bits, processes, documents, or programs; while subjects are basically networks, system users, applications, or processes.
In Non-interference security, a computer is viewed as a device that has both inputs and outputs, whereby they are both classified as either low sensitivity (unclassified information) or high sensitivity (unable to be viewed by users or resources without relevant clearance). Conversely, inputs with low sensitivity produce a proportionate output of low sensitivity, despite whether any high-level inputs may exist (Finjan Cyber Security, 2017).
The core function of the model is a strict separation of different security levels, done to prevent or minimize any leaks or breaches that are likely to occur through covert channels. This zoning function prevents any security bypass. Secondly, each attempt of data movement through a system does not rely on all others, and data is restricted from crossing its defined boundaries. This is important because security segregation at the different levels prevent access to shared resources or event likelihood of inference attacks. Finally, the non-interference model creates a very strict security regime that is effective for the use in the Commercial industry.
Application of the Non-interference Model to Citi Bank
Considering the strictness of the non-interference security model, this model is applicable to Citi Bank security system. However, it is important to note that unlike other models such as the Bell-LaPadula model, only a few commercial computer systems comply with the demands of this specific model.
Deducibility Security Model
Designed by David Sutherland, deducibility security model entails achieving a level whereby any set of possible observations in the view is consistent with any possible sequence of hidden inputs. The model quantifies what it means information to flow from a user to another. In security terms, information flow is dependent on a high level of activity consistent with each possible low level observed (Zakithinos, 1996).
One key characteristic of deducibility security is that it prevents any kind of leaks as a result of Trojan Horses. A deducibility secure system is one that has no classification of information through the system in it, then no unauthorized user of that system will ever learn any classified information through the system. This means that any system, which permits unlawful information flow through it is not deducibility secure.
Application of the Deducibility Security Model
The deducibility system prevents any kind of leaks and ensures that no unauthorized users access classified information through the system. Due to its strict security system, the deducibility security model is well suited for Citi Bank security system.
This is a computer security model that was introduced by Graham Denning in 1972 and demonstrates how objects and subjects can be securely created and deleted. Secondly, it also addresses the process of assigning specific access rights. The model is majorly employed in access control mechanisms for distributed systems (CISSP, 2012).
It consists of three main components: a set of subjects, a set of objects, and a set of eight rules. Here, a subject can either be a user or a process that makes a request to be able to access a resource. An object is a resource that a user or process wants to access.
The model addresses the security issues associated with how to define a set of basic rights on how specific subjects can execute security functions on an object. The model has eight basic protection rules (actions) that outline: how to securely create and delete object; how to securely create and delete a subject; how to securely provide the read access right; how to securely provide the grant access right; how to securely provide the delete access right; how to securely provide the transfer access right.
In this model, each object has an owner with specific rights, and at the same time, each subject has a controller with specific rights on it. This model adopts the Access-Control-Matrix.
Application of Graham-Denning Model to Citi Bank\z
This model can be applicable to enhancing the security of customer bank accounts. The model is preferred based on its eight basic protection rules that define how specific subjects (bank employees) can execute security systems on an object (customer accounts).
CIISP (2012). Security Architecture and Design Domain. CIB, January 2012.
Finjan Cybersecurity (2017). The Non-Interference Model. Retrieved from https://blog.finjan.com/the-non-interference-model/
Grandia, L. (2017). Health Information Systems: A Look at the Past, Present, and Future. HealthCatalyst. Retrieved from http://www.healthcatalyst.com/wp-content/uploads/2014/05/A-Look-at-the-Past-Present-and-Future-Healthcare-Information-Systems.pdf
Islam, M. M., Poly, T. N., & Li, Y.-C. (August 01, 2018). Recent Advancement of Clinical Information Systems: Opportunities and Challenges. Yearbook of Medical Informatics, 27(1), 83-90.
Zakinthinos, A. (1996). On the composition of security properties. Ottawa: National Library of Canada = BibliothèqueNationalee du Canada.
The clinical security model was designed in 1960s for use in hospital accounting systems. It was used to ensure the security of patient data related to medication history, clinical notes, and lab reports among others.
The non-interference security model was developed by Goguen and Mesguer in 1982 and later updated in 1984. The model was designed to offer strict security and works only on a few select computer systems.
The Deducibility security model was developed by David Sutherland to prevent security leaks caused by Trojan Horses. The system also ensures that no unauthorized user access classified information through the system.The Graham-Denning Model was created by Graham Denning in 1972 and demonstrates the way objects and subjects can be securely created and deleted. It also provides the ability to assign specific access rights.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more