Carnegie Mellon University
Survivability Requirements for the U.S. Health Care Industry A Thesis Submitted to the Information Networking Institute in Partial Fulfillment of the Requirements for the degree MASTER OF SCIENCE in INFORMATION NETWORKING
by Jose Caldera Pittsburgh, Pennsylvania May 2000 Copyright by Jose Caldera, 2000. All rights reserved
Carnegie Mellon University Information Networking Institute
SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF Master Science in Information Networking
Title Survivability Requirements for the U.S. Health Care Industry Presented by Jose Caldera Accepted by the Information Networking Institute
_________________ Dr. David Fisher
_________________ Dr. Howard Lipson
INI Dept Chairman
_________________ Dr. Richard Stern
Over the last decade, our society has become more and more dependent on Information Systems (IS), and increasingly dependent on highly distributed IS that operate in unbounded networks, such as the Internet. These systems hold the necessary data on which the majority of our essential services rely. There is an increasing risk to the fulfillment of our essential services due to these systems’ vulnerabilities. In the presence of these vulnerabilities and the limited ability of traditional security approaches to protect such systems, there is a pressing need for new ways to develop systems that are able to survive, limit damage, recover, and operate robustly in the presence of attacks that cannot be completely repelled. Survivability is a new field of study that addresses these issues. A survivable system is able to fulfill its mission in a timely manner, in the presence of attacks, failures, or accidents. At the same time there is a critical need for survivable systems to evolve over time to exploit the changing requirements and new opportunities created by changes in its environment and advancing technology. This thesis examines a variety of issues related to survivability in the U.S. health care industry. It also reviews the concepts of survivability, security, unbounded networks, and emergent properties. It focuses on the deployment of a framework for identifying, validating, and applying mission critical requirements. These mission requirements are further refined into system requirements that lead to design and implementation decisions. The system requirements are highly constrained by the environment that surrounds the system. Moreover, requirements must evolve in response to changes in the environment to remain relevant and cost-effective. Thus, it is necessary to frequently upgrade the system so these changes are addressed. Based on the previously mentioned framework, we examine the current structure of the U.S. health care industry, and propose an initial set of mission requirements for the U.S. health care infrastructure. We also apply the framework to a case study involving a U.S. Army medical treatment facility. The case study allowed us to draw some conclusions about the specific facility, and relate them to the ones we drew from the health care industry.
Acknowledgements To my parents… for your wise guidance and great education…I just hope I can do the same for my children… no more and no less… To my brothers… for always being there and sometimes here for me... To David Fisher and Howard Lipson… for their guidance throughout the course of this thesis… To my INI classmates… guys, it has been a heck of a experience sharing with you these two years… To my venezuelan friends… for your support and for the “rumbas” during vacations… To all INI administration personnel: especially Sue Jones, Lisa Currin and Joe Kern. To CERT/SEI administration personnel: especially Annette Welsch
To Jerry for his two choices…
References: 2. Len Bass, Paul Clements, and Rick Kazman. Software Architecture in Practice. SEI series in Software Engineering. Addison Wesley. 1998.
Please join StudyMode to read the full document