Skip to main content
SpringerLink
Log in

Where There is No CISO

  • Conference paper
  • First Online:
Book cover Freedom and Social Inclusion in a Connected World (ICT4D 2022)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 657))

  • 515 Accesses

Abstract

Globally, health information security and associated topics have received considerable attention from both professionals and the academic community. The literature on the threats and mitigations when it comes to developing countries is scarce, and tends to focus on issues such as cryptographic techniques for secure safe data transmission or patients’ perceptions of data confidentiality. However, investigation of health information threats in relation to the local context has received less attention. In this paper we reflect on a long-term and global action research project that presents different perspectives on information security. Operating in environments of absent or obsolete relevant jurisdiction, poor institutional capacity for adherence and oversight, and limited awareness of appropriate security and confidentiality issues, we note unique security and confidentiality threats “where there is no CISO”. We reflect on mitigations adopted over the years to counter rising threats, and provide recommendations for practice and further research in this regard.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://eur-lex.europa.eu/eli/reg/2016/679/oj.

  2. 2.

    https://www.govinfo.gov/app/details/CRPT-104hrpt736/CRPT-104hrpt736.

  3. 3.

    https://www.fortinet.com/blog/threat-research/critical-apache-log4j-log4shell-vulnerability-what-you-need-to-know.

References

  1. Adu-Gyamfi, E., Nielsen, P., Sæbø, J.: The dynamics of a global health information systems research and implementation project. In: Proceedings of the 17th Scandinavian Conference on Health Informatics, Oslo, Norway, 12–13 November (2019)

    Google Scholar 

  2. Jolliffe, B., Poppe, O., Adaletey, D., Braa, J.: Models for online computing in developing countries: issues and deliberations. Inf. Technol. Dev. 21(1), 151–161 (2015). https://doi.org/10.1080/02681102.2014.902354

    Article  Google Scholar 

  3. Nicholson, B., Nielsen, P., Saebo, J.: Special issue: digital platforms for development. Inf. Syst. J. 31(6), 863–868 (2021). https://doi.org/10.1111/isj.12364

    Article  Google Scholar 

  4. Zuboff, S.: The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. PublicAffairs, New York (2019)

    Google Scholar 

  5. Werner, D., Thuman, C., Maxwell, J.: Where there is no doctor: a village health care handbook. Hesperian Health Guides (2020)

    Google Scholar 

  6. Arksey, H., O’Malley, L.: Scoping studies: towards a methodological framework. Int. J. Soc. Res. Methodol. 8(1), 19–32 (2005). https://doi.org/10.1080/1364557032000119616

    Article  Google Scholar 

  7. Baskerville, R.L.: Distinguishing action research from participative case studies. J. Syst. Info. Tech. 1(1), 24–43 (1997). https://doi.org/10.1108/13287269780000733

    Article  Google Scholar 

  8. Braa, J., Monteiro, E., Sahay, S.: Networks of action: sustainable health information systems across developing countries. MIS Quarterly 28(3), 337 (2004). https://doi.org/10.2307/25148643

    Article  Google Scholar 

  9. Solomon, M.G., Chapple, M.: Information security illuminated. Jones and Bartlett Publishers (2004)

    Google Scholar 

  10. Siponen, M.T.: A conceptual foundation for organizational information security awareness. Inf. Manag. Comput. Secur. 8(1), 31–41 (2000). https://doi.org/10.1108/09685220010371394

    Article  Google Scholar 

  11. Hulkower, R., Penn, M., Schmit, C.: Privacy and confidentiality of public health information. In: Magnuson, J.A., Dixon, B.E. (eds.) Public Health Informatics and Information Systems Health Informatics HI, pp. 147–166. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-41215-9_9

    Chapter  Google Scholar 

  12. Misra, M.K., Chaturvedi, A., Tripathi, S.P., Shukla, V.: A unique key sharing protocol among three users using non-commutative group for electronic health record system. J. Discret. Math. Sci. Cryptogr. 22(8), 1435–1451 (2019). https://doi.org/10.1080/09720529.2019.1692450

    Article  MathSciNet  MATH  Google Scholar 

  13. Kamble, P., Gawade, A.: Digitalization of healthcare with IoT and cryptographic encryption against DOS attacks. In: 2019 International Conference on contemporary Computing and Informatics (IC3I), pp. 69–73 (2019 Dec). https://doi.org/10.1109/IC3I46837.2019.9055531

  14. Sari, P.K., Yazid, S.: Design of blockchain-based electronic health records for indonesian context: narrative Review. https://ieeexplore.ieee.org/abstract/document/9255571?casa_token=aPIf9bowQucAAAAA:JOJd5MYSIOa6l2Hn3ic_i0HgOevIFgCyvVYyzY6I9G8k1eKXijDkYBWkCHvoUEgz_qb7WuZ33A. Accessed 17 Jan 2022

  15. Osebe, S., et al.: Enabling care continuity using a digital health wallet. In: 2019 IEEE International Conference on Healthcare Informatics (ICHI), pp. 1–7 (Jun 2019). https://doi.org/10.1109/ICHI.2019.8904625

  16. Jack, C., Singh, Y., Mars, M.: Pitfalls in computer housekeeping by doctors and nurses in KwaZulu-Natal: no malicious intent. BMC Med. Ethics 14(Suppl 1), S8 (2013). https://doi.org/10.1186/1472-6939-14-S1-S8

    Article  Google Scholar 

  17. Tissera, S.R., Silva, S.N.: Attitude towards health information privacy and electronic health records among urban sri lankan adults. Nursing Informatics 2016, 1003–1004 (2016). https://doi.org/10.3233/978-1-61499-658-3-1003

    Article  Google Scholar 

  18. Forster, M., et al.: Electronic medical record systems, data quality and loss to follow-up: survey of antiretroviral therapy programmes in resource-limited settings. Bull World Health Organ 86(12), 939–947 (2008). https://doi.org/10.2471/BLT.07.049908

    Article  Google Scholar 

  19. Gesicho, M.B., Moon, T.D., Heitman, E., Were, M.C.: Ethical issues in implementing national-level health data warehouses in developing countries. MEDINFO 2017: Precision Healthcare Through Informatics, pp. 718–722 (2017). https://doi.org/10.3233/978-1-61499-830-3-718

  20. Namara, M., Wilkinson, D., Lowens, B.M., Knijnenburg, B.P., Orji, R., Sekou, R.L.: Cross-cultural perspectives on eHealth privacy in Africa. In: Proceedings of the Second African Conference for Human Computer Interaction: Thriving Communities, New York, NY, USA, pp. 1–11 (Dec 2018). https://doi.org/10.1145/3283458.3283472

  21. Antonio, C.A.T., Patdu, I.D., Marcelo, A.B.: Health information privacy in the philippines: trends and challenges in policy and practice. Acta Med. Philipp. 50(4) (Dec 2016). https://doi.org/10.47895/amp.v50i4.760

  22. Gerson, N., Shava, F.B.: A review of security system assessment tools - ProQuest. https://www.proquest.com/docview/2455896172/fulltextPDF/237C474A4684F42PQ/1. Accessed 17 Jan 2022

  23. Zainudin, A., Sudarsono, A., Prakoso, B.M.: An implementation of secure medical data delivery for rural areas through delay tolerant network. In: 2016 International Electronics Symposium (IES), pp. 414–419 (Sep 2016). https://doi.org/10.1109/ELECSYM.2016.7861042

  24. Pankomera, R., van Greunen, D.: Mitigating vulnerabilities and threats for patient-centric healthcare systems in low income developing countries. In: 2017 IST-Africa Week Conference (IST-Africa), pp. 1–11 (May 2017). https://doi.org/10.23919/ISTAFRICA.2017.8102384

  25. Koivu, A., Mavengere, N., Ruohonen, M.J., Hederman, L., Grimson, J.: Exploring the information and ICT skills of health professionals in low- and middle-income countries. In: Brinda, T., Mavengere, N., Haukijärvi, I., Lewin, C., Passey, D. (eds.) SaITE 2016. IAICT, vol. 493, pp. 152–162. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-54687-2_15

    Chapter  Google Scholar 

  26. Hai, N.K., Lawpoolsri, S., Jittamala, P., Huong, P.T.T., Kaewkungwal, J.: Practices in security and confidentiality of HIV/AIDS patients’ information: a national survey among staff at HIV outpatient clinics in Vietnam. PLoS One 12(11), e0188160 (2017). https://doi.org/10.1371/journal.pone.0188160

    Article  Google Scholar 

  27. Khan, S.I., Hoque, A.S.Md.L.: Health data integration with secured record linkage: a practical solution for bangladesh and other developing countries. In: 2017 International Conference on Networking, Systems and Security (NSysS), pp. 156–161 (Jan 2017). https://doi.org/10.1109/NSysS.2017.7885818

  28. Roland, L.K., Sanner, T., Sæbø, J.I., Monteiro, E.: P for Platform. Architectures of large-scale participatory design. Scand. J. Inf. Syst. 29(2), (Dec 2017). [Online]. Available: http://aisel.aisnet.org/sjis/vol29/iss2/1

Download references

Author information

Authors and Affiliations

  1. University of Oslo, Oslo, Norway

    Johan Ivar Sæbø, Andre Büttner & Nils Gruschka

  2. HISP Centre, University of Oslo, Oslo, Norway

    Bob Jolliffe & Austin McGee

Authors
  1. Johan Ivar Sæbø
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andre Büttner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nils Gruschka
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bob Jolliffe
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Austin McGee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Johan Ivar Sæbø .

Editor information

Editors and Affiliations

  1. Royal Holloway University of London, Egham, UK

    Yingqin Zheng

  2. The University of Sheffield, Sheffield, UK

    Pamela Abbott

  3. ESAN University, Lima, Peru

    Jose Antonio Robles-Flores

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sæbø, J.I., Büttner, A., Gruschka, N., Jolliffe, B., McGee, A. (2022). Where There is No CISO. In: Zheng, Y., Abbott, P., Robles-Flores, J.A. (eds) Freedom and Social Inclusion in a Connected World. ICT4D 2022. IFIP Advances in Information and Communication Technology, vol 657. Springer, Cham. https://doi.org/10.1007/978-3-031-19429-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-19429-0_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-19428-3

  • Online ISBN: 978-3-031-19429-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation