IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v21y2019i5d10.1007_s10796-017-9809-4.html
   My bibliography  Save this article

A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETs

Author

Listed:
  • Saini Das

    (Indian Institute of Technology Kharagpur)

  • Arunabha Mukhopadhyay

    (Indian Institute of Management Lucknow)

  • Debashis Saha

    (Indian Institute of Management Calcutta)

  • Samir Sadhukhan

    (Indian Institute of Management Calcutta)

Abstract

Information security breaches are of major concern for healthcare mobile ad-hoc networks (h-MANETs). In this paper, we propose a model that identifies and assesses risk in an h-MANET deployed by a healthcare institution in a disaster-prone region a priori by modeling the possible routes a hacker might follow to compromise a target. Our model proposes a novel method to compute the transition probability of each hop in the h-MANET. Next, it employs Markov theory to compute the maximum and minimum number of hops required to compromise the target for a given source-target pair. It then determines the vulnerability for all the paths comprising minimum to maximum hops only for each pair by computing their overall transition probability. Finally, our model computes the risk associated with each of these paths. Based on the calculated risk level of each path, the management can recommend an appropriate risk mitigation strategy.

Suggested Citation

  • Saini Das & Arunabha Mukhopadhyay & Debashis Saha & Samir Sadhukhan, 2019. "A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETs," Information Systems Frontiers, Springer, vol. 21(5), pages 959-977, October.
    • Handle: RePEc:spr:infosf:v:21:y:2019:i:5:d:10.1007_s10796-017-9809-4
    DOI: 10.1007/s10796-017-9809-4
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-017-9809-4
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-017-9809-4?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Kuo-chung Chang & Chih-ping Wang, 2011. "Information systems resources and information security," Information Systems Frontiers, Springer, vol. 13(4), pages 579-593, September.
    2. Kjell Hausken, 2014. "Returns to information security investment: Endogenizing the expected loss," Information Systems Frontiers, Springer, vol. 16(2), pages 329-336, April.
    3. Pu Li & H. Raghav Rao, 2007. "An examination of private intermediaries’ roles in software vulnerabilities disclosure," Information Systems Frontiers, Springer, vol. 9(5), pages 531-539, November.
    4. Terrence August & Marius Florin Niculescu & Hyoduk Shin, 2014. "Cloud Implications on Software Network Structure and Security Risks," Information Systems Research, INFORMS, vol. 25(3), pages 489-510, September.
    5. Emmanouil A. Panaousis & Christos Politis & Konstantinos Birkos & Christos Papageorgiou & Tasos Dagiuklas, 2012. "Security model for emergency real-time communications in autonomous networks," Information Systems Frontiers, Springer, vol. 14(3), pages 541-553, July.
    6. Karthik Kannan & Rahul Telang, 2005. "Market for Software Vulnerabilities? Think Again," Management Science, INFORMS, vol. 51(5), pages 726-740, May.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Kalpit Sharma & Arunabha Mukhopadhyay, 2023. "Cyber-risk Management Framework for Online Gaming Firms: an Artificial Neural Network Approach," Information Systems Frontiers, Springer, vol. 25(5), pages 1757-1778, October.
    2. Petar Radanliev & David Roure & Max Kleek & Uchenna Ani & Pete Burnap & Eirini Anthi & Jason R. C. Nurse & Omar Santos & Rafael Mantilla Montalvo & La’Treall Maddox, 2021. "Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge," Environment Systems and Decisions, Springer, vol. 41(2), pages 236-247, June.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Chulhwan Chris Bang, 2015. "Information systems frontiers: Keyword analysis and classification," Information Systems Frontiers, Springer, vol. 17(1), pages 217-237, February.
    2. Arora, Ashish & Forman, Chris & Nandkumar, Anand & Telang, Rahul, 2010. "Competition and patching of security vulnerabilities: An empirical analysis," Information Economics and Policy, Elsevier, vol. 22(2), pages 164-177, May.
    3. Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
    4. Nikhil Malik & Manmohan Aseri & Param Vir Singh & Kannan Srinivasan, 2022. "Why Bitcoin Will Fail to Scale?," Management Science, INFORMS, vol. 68(10), pages 7323-7349, October.
    5. Vidyanand Choudhary & Zhe (James) Zhang, 2015. "Research Note—Patching the Cloud: The Impact of SaaS on Patching Strategy and the Timing of Software Release," Information Systems Research, INFORMS, vol. 26(4), pages 845-858, December.
    6. Zan Zhang & Guofang Nan & Yong Tan, 2020. "Cloud Services vs. On-Premises Software: Competition Under Security Risk and Product Customization," Information Systems Research, INFORMS, vol. 31(3), pages 848-864, September.
    7. Ravi Sen & Joobin Choobineh & Subodha Kumar, 2020. "Determinants of Software Vulnerability Disclosure Timing," Production and Operations Management, Production and Operations Management Society, vol. 29(11), pages 2532-2552, November.
    8. Mingwen Yang & Varghese S. Jacob & Srinivasan Raghunathan, 2021. "Cloud Service Model’s Role in Provider and User Security Investment Incentives," Production and Operations Management, Production and Operations Management Society, vol. 30(2), pages 419-437, February.
    9. Debabrata Dey & Atanu Lahiri & Guoying Zhang, 2015. "Optimal Policies for Security Patch Management," INFORMS Journal on Computing, INFORMS, vol. 27(3), pages 462-477, August.
    10. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    11. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    12. Harish Guda & Milind Dawande & Ganesh Janakiraman, 2021. "“Seemingly‐Beneficial” Interventions," Production and Operations Management, Production and Operations Management Society, vol. 30(10), pages 3337-3353, October.
    13. Yonghua Ji & Subodha Kumar & Vijay Mookerjee, 2016. "When Being Hot Is Not Cool: Monitoring Hot Lists for Information Security," Information Systems Research, INFORMS, vol. 27(4), pages 897-918, December.
    14. Tung-Hsien Wu & Shi-Ming Huang & Shaio Yan Huang & David C. Yen, 2017. "The effect of competencies, team problem-solving ability, and computer audit activity on internal audit performance," Information Systems Frontiers, Springer, vol. 19(5), pages 1133-1148, October.
    15. Terrence August & Duy Dao & Kihoon Kim, 2019. "Market Segmentation and Software Security: Pricing Patching Rights," Management Science, INFORMS, vol. 65(10), pages 4575-4597, October.
    16. Fang Fang & Manoj Parameswaran & Xia Zhao & Andrew B. Whinston, 2014. "An economic mechanism to manage operational security risks for inter-organizational information systems," Information Systems Frontiers, Springer, vol. 16(3), pages 399-416, July.
    17. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    18. Xu, Zhuo, 2019. "An empirical study of patients' privacy concerns for health informatics as a service," Technological Forecasting and Social Change, Elsevier, vol. 143(C), pages 297-306.
    19. Mahmud Akhter Shareef & Vinod Kumar & Yogesh K. Dwivedi & Uma Kumar, 2016. "Service delivery through mobile-government (mGov): Driving factors and cultural impacts," Information Systems Frontiers, Springer, vol. 18(2), pages 315-332, April.
    20. Stoel, M. Dale & Muhanna, Waleed A., 2011. "IT internal control weaknesses and firm performance: An organizational liability lens," International Journal of Accounting Information Systems, Elsevier, vol. 12(4), pages 280-304.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:21:y:2019:i:5:d:10.1007_s10796-017-9809-4. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.