Table.
Summary of security problems and their solutions for accessing Salford diabetes information system via the internet
| Problem | Description | Solution |
|---|---|---|
| User authentication | How does the hospital system know that a remote user's identity is genuine? | Strong user authentication |
| Establishing access rights | Which parts of the database does a known user have access to? | Access controls on the database |
| Unauthorised data capture | How do we ensure that no one can take a copy of data being transferred across the internet from the hospital system to a remote user? | Strong encryption of messages |
| Entry into the hospital network | How do we protect hospital intranet from unwanted traffic entering it while allowing wanted traffic to pass through? | Firewall between the intranet and internet |
| Easy to use interface | How can we develop a simple yet secure interface that most users will be familiar with and will need minimum training to use and that is low cost? | Web browsers |
| Correct data source | How can remote users know they have accessed the genuine hospital system and not a site masquerading as the hospital? | Strong authentication of the hospital system |