The purpose of the HEEL project is to improve management of information security risks in the health sector. In collaboration with analysis laboratories, radiology departments and accident and emergency services, researchers from LIST are working on the development of a national model. Available to all through a shared platform, this model will help stakeholders in the sector to identify, evaluate and manage their risks.
For over a decade, researchers at the Luxembourg Institute of Science and Technology (LIST), in partnership with the Smile Economic Interest Group (GIE Smile), have taken a close interest in the management of information security risks. It is in this context that the HEEL project came about with the goal of outlining a framework for the management of information shared between multiple stakeholders in the health sector. "The basic idea is simple. So as to best deal with risks, it is essential to provide companies with models which guide them in identifying, evaluating and managing their risks", explains Sébastien Pineau.
Companies from any given commercial sector have many similarities in their organisation and, for the most part, face the same risks. On the basis of this observation, the HEEL project aims to prove that the creation of a model for each business sector will contribute to improving the risk management of individual companies and to improving the overall quality of services provided. "So as to be conclusive, we decided to focus on the health sector, which stands out from others due to its complexity", continues Sébastien Pineau. "There is wide diversity in terms of professions, and a great deal of IT and sensitive information being disclosed". For this project, three sub-stakeholders were identified: analysis laboratories, radiology departments and accident and emergency services.
Jointly funded by the ERDF and GIE Smile, the HEEL project is coordinated by LIST whose aim is to establish a national model for the health sector. GIE Smile is providing the tool, named MONARC, which allows for integration of the sector-specific model, making it available to each stakeholder in SaaS (Software as a Service) mode.
Based on an enterprise architecture network approach, the models developed by LIST researchers, in close collaboration with stakeholders, are unique. "Based on the use of languages and tools taken from the field of enterprise architecture, these models are hugely complex. They identify the services, processes, activities, functions, infrastructure and different types of information, and go so far as to integrate risks and their management. In the end, they offer a unique representation in companies", notes Sébastien Pineau.
Sharing and enriching these models in an accessible SaaS risk management tool completes the innovative aspect of the approach, just as the approach of GIE Smile favours the integration and re-use of "objects" between users. This allows for enormous time savings.
Through the development of a shared knowledge base in a given commercial sector, the HEEL project creates value through models which illustrate the regulations and best practices in Luxembourg.
Thanks to the MONARC tool and the models developed upstream, stakeholders in the health sector will save precious time in analysing and managing risks pertaining to their activities. "The quality of analysis is also improved. They will work faster and better", summarises the project manager. "Use of shared models in a shared platform will increase the analytical and benchmarking capability of each of the stakeholders. They will have comparable data".
In addition, the HEEL project will contribute to the increased awareness and training of stakeholders in managing information security risks.