Modelo de madurez de seguridad de aplicaciones web ante ciberataques para clínicas de nivel 2 / Security maturity model of web applications for cyber attacks for level 2 clinics

Muedas Higginson, Ana Cristina, Rojas Velásquez, Renato Germán

30 October 2019

La creciente competitividad del mercado, genera una dificultad cada vez mayor en las organizaciones para alcanzar el éxito en sus proyectos. Tal hecho busca priorizar criterios económicos, tiempo, costo, calidad y alcance, ocasionando falta de controles que resultan en brechas de seguridad en la compañía. De esa forma se deja en segundo plano procedimientos de seguridad como por ejemplo el testeo de aplicaciones web. Estas poseen vulnerabilidades que podrían proporcionar los medios para que usuarios finales maliciosos violen mecanismos de protección de un sistema y obtengan acceso a información privada o recursos de la empresa. Los pronósticos referentes a la violación de datos indican que la industria de salud será el blanco más buscado para los ataques cibernéticos en 2017 ya que el alto valor de los registros de salud electrónicos (EHRs) llama cada vez más la atención de los cibercriminales. Dichos registros representan una fuente de ganancias mayor a la que si se accediera a información de tarjetas o cuentas bancarias. El presente proyecto propone un modelo de madurez de seguridad de aplicaciones web ante ciberataques para clínicas de nivel 2 bajo la norma técnica del MINSA, orientada a mostrar las debilidades de las aplicaciones web y las mejoras que se puedan realizar en aspectos de seguridad. El proyecto permitió la implementación de mejoras por parte de las empresas clientes en sus plataformas web mediante la recomendación propuesta por la guía de mejora luego de haber realizado el pentesting propuesto. / Bearing in mind that the projections made for the area of information security point to an increase in attacks on the health sector, added to the lack or little diffusion of security maturity models that allow organizations to know the status of their website in terms of security and that the existing models lack a post-evaluation monitoring, it is necessary to propose a model of security maturity of web applications against cyber-attacks, oriented to the health sector, which is simple to apply. The maturity model proposes to offer the user a portfolio of tools that asks them to apply tests and obtain their results, interpret them and place them at a level of maturity before cyberattacks, then proposing controls to improve the security of the web. This model will be based on the International Professional Practice Framework methodology and will include the main vulnerabilities published by the Open Web Application Security Project to propose attacks that identify the weakness of the evaluated web system, so that the client company has the possibility to reinforce its weaknesses. Guides will also be proposed to select strategies to improve critical points from a security perspective. Because of the validation, it was found that, of the 14 tests applied, five were approved, positioning the web at level 3 of maturity, which means that there are validations in the structure of the web; however, they are partial or inefficient. / Tesis

Seguridad informática

Aplicaciones informáticas

Ciberseguridad

Informatic security

Computer applications

Cybersecurity

The computational modelling of the spinal cord neurons involved in the pain process

Prince, Karen

January 2006

Pain is a personal subjective experience with physiological and psychological components and involves many complex processes. In 1965 Melzack and Wall proposed the influential gate control theory (GCT) of pain and, in general, this has been supported by subsequent research. This theory postulates that cells in the substantia gelatinosa, located within the spinal cord, act like a gate mechanism that modulates the flow of information through the spinal cord to the brain and thus impacts on the pain experience. The abundance of literature and experimental data that is available from pain research supports the development and testing of computational models for the simulation and exploration of the pain process. Despite the fact that pain is an ideal candidate for modeling, it is an area that has received little attention. One of the few published models (Britton and Skevington, 1989; Britton et al., 1996) translated the explicitness of the GCT and its well-defined architecture into a basic mathematical model. The aim of this research is to develop a biologically appropriate computational model of pain, capable of modelling both acute and chronic pain states, and describe applications and simulations appropriate to such a model. Therefore this research firstly replicates a mathematical model of pain (Britton and Skevington, 1989; Britton et al., 1996) to explore its adequacy and to assess its potential for further development. The original model is then developed and extended to produce a more biologically plausible representation of the pain processes involved in the Gate Control mechanism. The improvements in the computational model have enabled a clinically plausible simulation of a pain modulatory technique, transcutaneous electrical nerve stimulation (TENS), which validates the model’s representation of the GCT and provides insight into how pain modulation can occur. Other developments to this model show its unique ability to represent symptoms of chronic pain, such as allodynia and hyperalgesia, which are associated with pathological pain states developed through the loss of inhibition and glial cell activation

600

From metaphors to intelligent patterns : milestones on the road to code re-use / Robert Lemke

Lemke, Robert William

January 2007

Computer applications can be described as largely rigid structures within which an information seeker must navigate in search of information - each screen, each transaction having underlying unique code. The larger the application, the higher the number of lines of code and the larger the size of the application executable. This study suggests an alternative pattern based approach, an approach driven by the information seeker. This alternative approach makes use of value embedded in intelligent patterns to assemble rules and logic constituents, numerous patterns aggregating to form a "virtual screen" based on the need of the information seeker. Once the information need is satisfied, the atomic rules and logic constituents dissipate and return to a base state. These same constituents are available, are reassembled and form the succeeding "virtual screen" to satisfy the following request. Metaphors are used to introduce current information solutions, where events are initiated and driven by physical constructs built using monolithic instruction sets. The metaphor approach is then expanded, illustrating how metaphors can be used to communicate an understanding between two likeminded intellects - this illustrates how spatial artifacts are used to carry intellectual value across the intellectual divide, from the one (intellectual source) to the other (intellectual target). At this point, the pattern based concept is introduced. This is where value, an intellectual appreciation hidden within spatiality, can be exploited towards the delivery of information. The pattern based approach makes use of multiple pattern "instances" to deliver functionality - each pattern instance has a specific embedded value. Numbers of these patterns aggregate to drive the formation of a "virtual screen" built using patterns, each pattern referencing and associating (physical) atomic logic and spatial constituents. This is analogous to painting a picture using removable dots. The dots can be used to describe a fish, and then, once appreciation has been completed, the image is destroyed and the dots are returned to the palette. These same dots can later be reapplied to present the picture of a dog, if that is requested by the information seeker. In both pictures the same "dots" are applied and reused. The form of the fish and dog are retained as value embedded within the patterns, the dots are building blocks aligned using instructions within the patterns. This study classifies existing application solutions as belonging to the Artifact-Pattern-Artifact (APA) group, and the pattern based approach belonging to the Pattern-Artifact-Pattern (PAP) group. An overview and the characteristics of each are presented. The document concludes by presenting the results obtained when using a prototype developed using the PAP approach. / Thesis (M.Sc. (Information Technology))--North-West University, Vaal Triangle Campus, 2008.

Metaphors

Intelligent patterns

Milestones

Code re - use

Information solutions

Computer applications

Alternative pattern based approach

Desenvolvimento de um programa computacional para avaliação postural de código aberto e gratuito

Noriega, Carlos Enrique López

16 April 2012

O uso de ferramentas computacionais para avaliação postural tem sido de grande valia na detecção das alterações posturais, porém a utilização destes programas exige estruturas de hardware complexas e implica em custos elevados para pesquisadores da fisioterapia, educação física e da comunidade científica. No ano 2005 foi criado o Software de Avaliação Postural (SAPO) que é uma opção gratuita para os mesmos fins, amplamente utilizada pela comunidade científica e profissional com ótimos resultados documentados. Apesar do sucesso do SAPO na comunidade científica este programa possui limitações. Neste âmbito a proposta do presente trabalho é desenvolver um software denominado ApLoB (Avaliação Postural do Laboratório de Biofísica) para avaliação postural, tendo como parâmetro de desenvolvimento o SAPO, mas tentando colaborar em relação à superação de suas limitações. Para isso, seu desenvolvimento é baseado nas estruturas e metodologias estabelecidas pela engenharia de software que permitam a continuidade do trabalho e melhorias de suas funcionalidades. O software foi desenvolvido utilizando a linguagem de programação Python, suas extensões científicas como NumPy, a biblioteca de processamento de imagem (PIL), a aplicação para interfaces gráficas (PyQt), além da biblioteca de plotagem de dados em 2D e desenvolvimento de aplicações de processamento de sinais (Guiqwt), dentre outros. O protótipo obtido foi testado e comparado em relação às suas funcionalidades com o software SAPO e foram considerados aceitáveis / The use of computational tools for postural evaluation has been very valuable in the detection of postural changes, however the use of these programs requires complex hardware structures and involves high costs for researchers in physiotherapy, physical education and the scientific community. In 2005, the Postural Assessment Software (SAPO) became to be a free option for the same purpose, widely used by the scientific community and professional with excellent documented results. Despite the success of SAPO in the scientific community, this software has limitations. So, the purpose of this study is to develop a software called ApLoB (Postural Assessment Laboratory of Biophysics) for postural assessment, having as parameter the development SAPO, but trying to collaborate on the overcome of its limitations. For this reason, its development is based on the structures and methods established by the software engineering that allow continuity of work and improved functionality. The software was developed using the Python programming language, scientific and NumPy extensions, the library of image processing (PIL), the application for graphical interfaces (PyQt), as well as data plotting library of 2D and application development signal processing (Guiqwt), among others. The prototype obtained was tested and its functionality was found to be acceptable, compared to SAPO

Aplicações do computador

Basic

Computer applications

Computer assisted diagnosis

Diagnóstico computadorizado

Postura

Posture

The medical device market and its industrial evolution in China

Zhang, Weifan

January 2016

China has attracted increasing amounts of foreign investment since it opened its doors to the world and whilst many researchers have focused on foreign investment in popular areas, little has been written about medical device market. The medical device market is one of the most profitable areas in the global economy. With the development of China's economy, the Chinese medical device market is experiencing significant growth, and has become the second largest market in the world. The research in this thesis extracted foreign direct investment theory and summarized the current situation of the global medical device market and the Chinese medical device market. Analysis of the status of the Chinese medical device market from the perspective of the healthcare industry and its important market drivers, reveals that the medical device market has significant growth potential. The research methods such as: regression analysis; location quotient, which revealed the Chinese medical device market status, provides suggestions for investors who are interested in entering the Chinese market. Investors or companies who want to enter the Chinese market need to understand the regulatory environment, comparison of the medical device regulations with the US and EU regulations provide investors with a clear understanding of the Chinese medical device regulatory regime. The research in this thesis contributes to medical device market investment and regional economy in medical device industry, and make a clear statement of the changing medical device regulations in China, which came into force on 2014. The contribution of this thesis, bridges the research gap between investment theory and medical device market development.

338.4

A standards-based ICT framework to enable a service-oriented approach to clinical decision support

Rodríguez Loya, Salvador

January 2015

This research provides evidence that standards based Clinical Decision Support (CDS) at the point of care is an essential ingredient of electronic healthcare service delivery. A Service Oriented Architecture (SOA) based solution is explored, that serves as a task management system to coordinate complex distributed and disparate IT systems, processes and resources (human and computer) to provide standards based CDS. This research offers a solution to the challenges in implementing computerised CDS such as integration with heterogeneous legacy systems. Reuse of components and services to reduce costs and save time. The benefits of a sharable CDS service that can be reused by different healthcare practitioners to provide collaborative patient care is demonstrated. This solution provides orchestration among different services by extracting data from sources like patient databases, clinical knowledge bases and evidence-based clinical guidelines (CGs) in order to facilitate multiple CDS requests coming from different healthcare settings. This architecture aims to aid users at different levels of Healthcare Delivery Organizations (HCOs) to maintain a CDS repository, along with monitoring and managing services, thus enabling transparency. The research employs the Design Science research methodology (DSRM) combined with The Open Group Architecture Framework (TOGAF), an open source group initiative for Enterprise Architecture Framework (EAF). DSRM's iterative capability addresses the rapidly evolving nature of workflows in healthcare. This SOA based solution uses standards-based open source technologies and platforms, the latest healthcare standards by HL7 and OMG, Decision Support Service (DSS) and Retrieve, Update Locate Service (RLUS) standard. Combining business process management (BPM) technologies, business rules with SOA ensures the HCO's capability to manage its processes. This architectural solution is evaluated by successfully implementing evidence based CGs at the point of care in areas such as; a) Diagnostics (Chronic Obstructive Disease), b) Urgent Referral (Lung Cancer), c) Genome testing and integration with CDS in screening (Lynch's syndrome). In addition to medical care, the CDS solution can benefit organizational processes for collaborative care delivery by connecting patients, physicians and other associated members. This framework facilitates integration of different types of CDS ideal for the different healthcare processes, enabling sharable CDS capabilities within and across organizations.

620

Comparison of Student Success by Course Delivery Methods at an Eastern Tennessee Community College

Cunningham, E. Ann

01 December 2015

The purpose of this study was to compare academic success based on methods of course delivery for students in a computer applications course at an East Tennessee community college. Additionally, the researcher examined demographic relationships of age, gender, and race to student academic performance in the different delivery methods. The researcher used final course grades as a determinant of academic success. The study was focused on students who took the INFS 1010 Computer Applications course during the academic years, 2011-12, 2012-13, and 2013-14 at a southeast Tennessee community college. The population consisted of 1,177 students who took the INFS 1010 Computer Applications course over a 3-year period. The independent variable method of course delivery is generally defined as traditional, online, or blended. The dependent variable academic success is generally defined as final course grade. A student was considered an academically successful completer of the course by attaining a final course grade of A, B, C, or D. It should be noted that if a student is transferring to another institution, the receiving institution may or may not accept the course credit of a student who received a D grade in this course. However, at the studied institution students receiving final course grades of A, B, C, or D in INFS 1010 are considered successful course completers. The research questions in this study were addressed through data analysis with Chi-Square 2-way contingency table analysis testing procedures. When areas of significance were identified, follow-up pairwise comparisons were conducted to evaluate relationships between the proportions. The quantitative findings revealed no significant overall relationships in final course grades among the 3 delivery methods. However, some relationships were noted within delivery methods by demographic characteristics. The findings of the online delivery method indicated significant relationships among all 3 demographic categories (gender, age, and race) studied. Significant grade relationships were identified in the gender and race categories within the blended delivery method. However, within the traditionally delivered sections of this course the only demographic area with significant findings was the age category.

community college

blended learning

online learning

computer applications

Community College Leadership

濃尾平野の地下水状態と地盤沈下に関する研究

佐藤, 健, Sato, Takeshi

25 March 1981

名古屋大学博士学位論文 学位の種類:工学博士(課程) 学位授与年月日:昭和56年3月25日

Consolidation

Well

Settlement

Ground Water

Computer Applications

Permeability

Pumping Test

Finite Element Method

Control

From metaphors to intelligent patterns : milestones on the road to code re-use / Robert Lemke

Lemke, Robert William

January 2007

Computer applications can be described as largely rigid structures within which an information seeker must navigate in search of information - each screen, each transaction having underlying unique code. The larger the application, the higher the number of lines of code and the larger the size of the application executable. This study suggests an alternative pattern based approach, an approach driven by the information seeker. This alternative approach makes use of value embedded in intelligent patterns to assemble rules and logic constituents, numerous patterns aggregating to form a "virtual screen" based on the need of the information seeker. Once the information need is satisfied, the atomic rules and logic constituents dissipate and return to a base state. These same constituents are available, are reassembled and form the succeeding "virtual screen" to satisfy the following request. Metaphors are used to introduce current information solutions, where events are initiated and driven by physical constructs built using monolithic instruction sets. The metaphor approach is then expanded, illustrating how metaphors can be used to communicate an understanding between two likeminded intellects - this illustrates how spatial artifacts are used to carry intellectual value across the intellectual divide, from the one (intellectual source) to the other (intellectual target). At this point, the pattern based concept is introduced. This is where value, an intellectual appreciation hidden within spatiality, can be exploited towards the delivery of information. The pattern based approach makes use of multiple pattern "instances" to deliver functionality - each pattern instance has a specific embedded value. Numbers of these patterns aggregate to drive the formation of a "virtual screen" built using patterns, each pattern referencing and associating (physical) atomic logic and spatial constituents. This is analogous to painting a picture using removable dots. The dots can be used to describe a fish, and then, once appreciation has been completed, the image is destroyed and the dots are returned to the palette. These same dots can later be reapplied to present the picture of a dog, if that is requested by the information seeker. In both pictures the same "dots" are applied and reused. The form of the fish and dog are retained as value embedded within the patterns, the dots are building blocks aligned using instructions within the patterns. This study classifies existing application solutions as belonging to the Artifact-Pattern-Artifact (APA) group, and the pattern based approach belonging to the Pattern-Artifact-Pattern (PAP) group. An overview and the characteristics of each are presented. The document concludes by presenting the results obtained when using a prototype developed using the PAP approach. / Thesis (M.Sc. (Information Technology))--North-West University, Vaal Triangle Campus, 2008.

Metaphors

Intelligent patterns

Milestones

Code re - use

Information solutions

Computer applications

Alternative pattern based approach

New methods for mapping quantitative trait loci /

Carlborg, Örjan,

January 2002

Diss. (sammanfattning) Uppsala : Sveriges lantbruksuniv., 2002. / Härtill 5 uppsatser.