Icient privacy PK 11195 Epigenetic Reader Domain protection Insecure communication Insecure data storage Insecure information storageProcessingDenial
Icient privacy protection Insecure communication Insecure data storage Insecure data storageProcessingDenial of Service Command injectionMemory Net ServiceBuffer overflow attack Denial of ServiceServer resourcesI/O Replay attackAttacks on privacy Storage Modification of information Data/Sensitive information leakage Physical attacksLack of physical hardeningAppl. Syst. Innov. 2021, four,35 ofTable A1. Cont.Asset Name Asset Sub-Category Application software program Threat Name Blind SQL injection SQL Injection Data or merchandise from an unreliable supply Denial of Service Vulnerabilities Input validation vulnerability Input validation vulnerability Lack of access handle Insecure authorization Input validation vulnerability Lack of intrusion detection Database access abuse Input validation vulnerability Lack of intrusion detection Database access abuse Insecure data Storage Insecure communication Lack of physical hardening Insecure communication Insecure communication Insecure communication Session management vulnerability Insecure communication Lack of access control Insecure authorization Insufficient cryptography Insecure communication Security Controls Input validation Query parameterization Input validation Access handle Authorization Access control Session management Firewall Access control Session management Firewall Encryption Authorization Information anonymization Physical protection Client platform safety Encryption Authentication Encryption Encryption Authentication Input validation Session management Encryption Access manage Authorization Encryption EncryptionProcessingMemory Database Server resources I/ODenial of ServiceStorageData/Sensitive information and facts leakage Physical attacks Communication protocol hijacking Interception of info EavesdroppingWireless communicationMan-in-the-middle attackMasquerading attack Sniffing attackAppendix B Sample implementation guideline for security controls. Appendix B.1. Auditing and Accountability In WBAN applications, it can be necessary to preserve track of every single activity performed by an authorized and/or unauthorized user. Auditing may be the method that will keep track of distinct forms of event including password adjustments; failed log-on, key management, query parameters and file access. This audit record can be utilised make a user accountable. Source: NIST 800-53 r5: AU-2, AU-3, AU-5, AU-6, AU-7, AU-8, AU-9, AU-5 ISO IEC 27002/ISO 27799: 12.four.1, 12.4.2 Suggestions:Define the list of parameters that can be captured as portion of audit records and use a centralized platform to configure and handle these list of parameters (AU-3, 12.four.1) user IDs. technique activities. dates, times and information of key events, e.g., log-on and log-off. device identity or place if probable and system identifier. records of productive and rejected technique and other resource access attempts. alterations to system configuration. use of privileges. use of program utilities and applications.Appl. Syst. Innov. 2021, 4,36 offiles accessed and the kind of access. network addresses and protocols. alarms raised by the access handle system. activation and de-activation of protection systems, like anti-virus systems and intrusion detection systems. records of UCB-5307 Purity & Documentation transactions executed by users in applications.Limit the capturing of PHI and/or PHR data in audit records to decrease the privacy threat. If expected anonymize the PHI and/or PHR information records ahead of capturing within the audit log (AU-3, 12.four.1). Present a warning to respective roles or owner.
