Vulnerability Management in the Age of IoT: Adapting ISO 27001 for Connected Devices in Healthcare
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V1I1P106Keywords:
Vulnerability Management, ISO 27001, IoT (Internet of Things), Healthcare Cybersecurity, Connected Medical Devices, Information Security Management System (ISMS), Risk Management, Device Security, Patient Data ProtectionAbstract
The rapid adoption of the Internet of Things (IoT) in healthcare has introduced transformative benefits, such as real-time patient monitoring, operational efficiency, and personalized care. However, the proliferation of connected devices also presents significant security challenges, including unauthorized access, data breaches, and ransomware attacks. Given the critical nature of healthcare data and its compliance requirements, traditional information security frameworks require adaptation to address the unique vulnerabilities of IoT systems. ISO/IEC 27001, a widely recognized standard for information security management, offers a structured approach to risk management but does not directly account for the intricacies of IoT. This paper explores how ISO/IEC 27001 can be tailored to enhance vulnerability management in IoT-enabled healthcare environments. By analyzing IoT-specific threats and leveraging case studies, we propose an adapted framework that integrates device authentication, endpoint security, and network segmentation, aligned with regulatory standards such as HIPAA and GDPR. The proposed model aims to provide healthcare organizations with a practical roadmap for mitigating IoT risks while ensuring compliance and patient safety
Downloads
References
[1] Juels, "RFID security and privacy: A research survey," IEEE Journal on Selected Areas in Communications, vol. 24, no. 2, pp. 381–394, Feb. 2006.
[2] L. Atzori, A. Iera, and G. Morabito, "The Internet of Things: A survey," Computer Networks, vol. 54, no. 15, pp. 2787–2805, Oct. 2010.
[3] D. Bormann and R. W. Thomborson, "Secure transport of data in the Internet of Things," in Proc. 11th IEEE High Assurance Systems Engineering Symp. (HASE), pp. 175–182, 2008.
[4] S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, "Security, privacy, and trust in Internet of Things: The road ahead," Computer Networks, vol. 76, pp. 146–164, Jan. 2015.
[5] Y. Yang et al., "A survey on security and privacy issues in Internet-of-Things," IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1250–1258, Oct. 2017.
[6] J. Vaidya, C. Clifton, and M. Zhu, "Privacy-preserving data mining," Applied Cryptography and Network Security, pp. 57–71, 2004.
[7] Camara, "IoT and healthcare: Emerging applications and challenges," Health Informatics Journal, vol. 23, no. 3, pp. 181–189, Sep. 2017.
[8] M. S. Hossain, G. Muhammad, and S. U. Amin, "Security in IoT: Issues, challenges, and future directions," IEEE Access, vol. 5, pp. 12967–12981, Jul. 2017.
[9] S. Roman, "Security vulnerabilities in healthcare IoT," Journal of Medical Systems, vol. 40, no. 5, pp. 120–128, 2016.
[10] J. Habibzadeh et al., "IoT for healthcare: Efficient and secure sensor networks," IEEE Sensors Journal, vol. 17, no. 11, pp. 3639–3650, Jun. 2017.
[11] P. Kumar, M. Saad, and A. Verma, "A framework for secure healthcare IoT using ISO standards," in Proc. IEEE Int. Conf. on IoT and Applications (ICIOT), pp. 91–96, 2018.
[12] Ferrag et al., "Authentication protocols for IoT healthcare: Survey and analysis," Computer Communications, vol. 129, pp. 44–53, Sep. 2018.
[13] E. Barka et al., "Risk-based IoT security management for critical systems," ACM Transactions on Internet Technology, vol. 18, no. 4, pp. 55–72, Nov. 2018.
[14] P. Stankovic, "Challenges of IoT security in healthcare applications," Journal of Embedded Systems, vol. 12, no. 1, pp. 23–34, Apr. 2016.
[15] Rizwan and R. Talha, "Cybersecurity strategies for IoT devices in healthcare," in Proc. IEEE Int. Conf. on Cyber Resilience, pp. 119–124, 2018.
[16] M. W. Fisher et al., "IoT vulnerability assessment for healthcare systems," Security and Communication Networks, vol. 14, no. 3, pp. 276–290, 2017.
[17] S. H. Shen and R. H. Deng, "IoT risk assessment and mitigation strategies," Journal of Information Security and Applications, vol. 33, no. 2, pp. 85–93, May 2017.
[18] L. F. Lopez et al., "Network monitoring tools for IoT security analysis," Journal of Network and Systems Management, vol. 26, no. 4, pp. 912–927, Dec. 2018.
[19] J. Brown et al., "Microsegmentation techniques for securing IoT networks," IEEE Communications Surveys & Tutorials, vol. 19, no. 3, pp. 2315–2332, Aug. 2017.
[20] Shah and M. Gupta, "Lightweight encryption for resource-constrained IoT devices," IEEE Transactions on Information Forensics and Security, vol. 13, no. 2, pp. 217–230, Feb. 2018.
[21] T. Wang and S. Lee, "Incident reporting frameworks in healthcare cybersecurity," Health Policy and Technology, vol. 6, no. 4, pp. 345–356, Oct. 2017.
[22] D. Kaleem et al., "Cost analysis of cybersecurity measures in healthcare IoT," Journal of Health Informatics Research, vol. 9, no. 1, pp. 32–44, Mar. 2018.
[23] F. Mahmoud et al., "Economic challenges of IoT security adoption in healthcare," International Journal of Information Security, vol. 18, no. 4, pp. 567–578, Jul. 2018.
[24] R. Weber et al., "IoT security challenges in critical infrastructure," IEEE Internet Computing, vol. 22, no. 1, pp. 65–72, Jan. 2018.
[25] N. Patel, "IoT in financial services: Security implications," Journal of Cybersecurity Practice and Research, vol. 5, no. 2, pp. 45–62, Jun. 2017.
[26] K. Rehman and A. Qadir, "Automated compliance tools for IoT cybersecurity," Journal of Information Technology Research, vol. 10, no. 3, pp. 210–225, Sep. 2018.
[27] J. Tanaka et al., "Cross-industry collaboration for IoT security standards," IEEE Transactions on Industry Applications, vol. 54, no. 6, pp. 6204–6211, Dec. 2018.
[28] M. D. Adams et al., "Global policy frameworks for IoT security," IEEE Internet Policy Research Journal, vol. 14, no. 4, pp. 123–138, Nov. 2018.
[29] Zhang and J. Wang, "Machine learning in IoT cybersecurity," IEEE Transactions on Neural Networks, vol. 29, no. 5, pp. 1254–1267, May 2018.
[30] E. Del Rio et al., "Metrics for IoT risk assessment: A survey," ACM Computing Surveys, vol. 50, no. 6, pp. 1–29, Dec. 2017.
[31] R. Singh and T. Tiwari, "ISO frameworks for IoT in financial sectors," IEEE Transactions on Financial Technology, vol. 6, no. 2, pp. 202–212, Apr. 2017.
[32] J. Ahmed et al., "Towards resilient healthcare IoT systems," Journal of Cybersecurity Research, vol. 8, no. 2, pp. 145–159, Feb. 2018.
[33] Mohanarajesh Kommineni. Revanth Parvathi. (2013) Risk Analysis for Exploring the Opportunities in Cloud Outsourcing.
