Please use this identifier to cite or link to this item:
MedDevRisk: Risk Analysis Methodology for Networked Medical Devices
|Title:||MedDevRisk: Risk Analysis Methodology for Networked Medical Devices|
|Keywords:||Security and Privacy Challenges for Healthcare|
Risk assessment, medical devices, health IT, vulnerabilities, threats
|Issue Date:||03 Jan 2018|
|Abstract:||The prolific integration of technology into medical environments is continuously generating new attack vectors. This continuous amalgamation of technology into the medical field prompted the idea that risk assessment models can be utilized to identify cyber security vulnerabilities in medical settings. This research presents an initial investigation into the application of risk assessment frame works, i.e., STRIDE, Common Vulnerabilities and Exposures, and a Common Vulnerability Scoring System to identified networked medical devices that are currently employed in an operational medical simulation lab. The contribution of this research is twofold and culminates in a novel proof-of-concept system known as MedDevRisk. First, it demonstrates an approach to incorporating existing threat models into a relational database schema based on Threat-Vulnerability-Asset (TVA) relationships. Second, it provides an initial empirical analysis of the risk associated with networked medical devices along with providing the foundation for future research.|
|Rights:||Attribution-NonCommercial-NoDerivatives 4.0 International|
|Appears in Collections:||Security and Privacy Challenges for Healthcare|
Please contact firstname.lastname@example.org if you need this content in an ADA compliant alternative format.
Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.