Risk-Driven Security Metrics Development for an e-Health IoT Application

  • Reijo M. Savola
  • Antti Evesti Savolainen
  • Habtamu Abie
  • Markus Sihvonen


  • Del av: Proceedings of the 2015 Information Security for South Africa (ISSA 2015) (IEEE Press, 2015)
  • Sider: 6
  • År: 2015
  • Lenke:

Security and privacy for e-health Internet-of-Things
applications is a challenge arising due to the novelty and
openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons’ day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.