Start Date
16-8-2018 12:00 AM
Description
Compromise of confidentiality, integrity and availability (C-I-A) of patient data may lead to tangible as well as intangible losses to a healthcare organization including loss of reputation, compensation, restoring and improving security. Prior work has already mentioned the effect of immediate environment in fostering criminal intent. However, significant literature is absent with regards to socio-economic factors. Our work will help in complete risk management using the CRQ-CRM framework. The first module (CRQ) includes classification of attack-type using attack patterns and socio-economic factors. Our second module (CRM) takes the prediction accuracy, as an input and computes the expected loss and the consequent impact-probability matrix. Using the matrix, we could prescribe further course of action to improve on the prediction model. Our work will aid managers towards effective risk management and further open new avenues of research which includes state-level factors.
Recommended Citation
Pal, Shounak and Mukhopadhyay, Arunabha, "Cyber Risk Quantification and Mitigation Framework for Healthcare using Machine Learning" (2018). AMCIS 2018 Proceedings. 23.
https://aisel.aisnet.org/amcis2018/Security/Presentations/23
Cyber Risk Quantification and Mitigation Framework for Healthcare using Machine Learning
Compromise of confidentiality, integrity and availability (C-I-A) of patient data may lead to tangible as well as intangible losses to a healthcare organization including loss of reputation, compensation, restoring and improving security. Prior work has already mentioned the effect of immediate environment in fostering criminal intent. However, significant literature is absent with regards to socio-economic factors. Our work will help in complete risk management using the CRQ-CRM framework. The first module (CRQ) includes classification of attack-type using attack patterns and socio-economic factors. Our second module (CRM) takes the prediction accuracy, as an input and computes the expected loss and the consequent impact-probability matrix. Using the matrix, we could prescribe further course of action to improve on the prediction model. Our work will aid managers towards effective risk management and further open new avenues of research which includes state-level factors.