Modifying Without a Trace: High-level Audit Guidelines are Inadequate for Electronic Health Record Audit Mechanisms: Difference between revisions

← Older edit Newer edit →

Revision as of 18:49, 5 January 2014 view source Programsam (talk \| contribs) Bureaucrats, Administrators 807 edits →2. Background ← Older edit		Revision as of 18:49, 5 January 2014 view source Programsam (talk \| contribs) Bureaucrats, Administrators 807 edits →2. Background Newer edit →
Line 40:		Line 40:

	One motivation for implementing EHR audit mechanisms for user-based non-repudiation involves the mitigation of insider attack. An ''insider attack'' occurs when employees of an organization with legitimate access to their organizations' information systems use these systems to sabotage their organizations' IT infrastructure or commit fraud<sup>[9]</sup>. Researchers at the Software Engineering Institute at Carnegie Mellon University released a comprehensive study on insider threats that reviewed 49 cases of Insider IT Sabotage between 1996 and 2002<sup>[9]</sup>. According to the study:		One motivation for implementing EHR audit mechanisms for user-based non-repudiation involves the mitigation of insider attack. An ''insider attack'' occurs when employees of an organization with legitimate access to their organizations' information systems use these systems to sabotage their organizations' IT infrastructure or commit fraud<sup>[9]</sup>. Researchers at the Software Engineering Institute at Carnegie Mellon University released a comprehensive study on insider threats that reviewed 49 cases of Insider IT Sabotage between 1996 and 2002<sup>[9]</sup>. According to the study:


	* 90% of insider attackers were given administrative or high-level privileges to the target system.		* 90% of insider attackers were given administrative or high-level privileges to the target system.