A Process Assessment Model for Security Assurance of Networked Medical Devices
暂无分享,去创建一个
The recent introduction of networked medical devices has posed many benefits for both the healthcare industry and improved patient care. However, because of the complexity of these devices, in particular the advanced communication ability of these devices, security is becoming an increasing concern. This paper presents work to develop a framework to assure the security of medical devices being incorporated into an IT network. It begins by looking at the development processes and the assurance of these through the use of a Process Assessment Model with a major focus on the security risk management processes. With the inclusion of a set of specific security controls, both the Healthcare Delivery Organisations and the Medical Device Manufacturers work together to establish fundamental security requirements. The Medical Device Manufacturer reports the achieved security assurance level of their device through the development of a security assurance case. The purpose of this approach is to increase awareness of security vulnerabilities, risks and controls among Medical Device Manufacturers and Healthcare Delivery Organisations with the aim of increasing the overall security capability of medical devices.
[1] J. Initiative. SP 800-53 Rev. 3. Recommended Security Controls for Federal Information Systems and Organizations , 2009 .
[2] Fergal McCaffery,et al. Development of a Process Assessment Model for Assessing Security of IT Networks Incorporating Medical Devices against ISO/IEC 15026-4 , 2013, HEALTHINF.
[3] T. Ngqondi,et al. The ISO/IEC 27002 and ISO/IEC 27799 information security management standards : a comparative analysis from a healthcare perspective , 2009 .