Abstract
This paper introduces an assurance framework for networked medical device development. This work is being conducted to address the ever-increasing concerns of medical device security with a specific focus on medical devices to be incorporated into IT networks. The framework utilises a Process Assessment Model and a Process Reference Model to address system development lifecycle processes, security assurance processes and a focused risk management process. There is currently no governance for the development of secure medical devices in place and so, this work sets out to resolve this problem by increasing the awareness of medical device security risks, threats and vulnerabilities among Medical Device Manufacturers, IT vendors and Healthcare Delivery Organisations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO/IEC, 15504-2: 2003 Software Engineering - Process Assessment - Performing an Assessment (2003)
SEI, CMMI-DEV, CMMI for Development (2010)
ISO/IEC, 15504-6:2008 Information technology — Process assessment — An exemplar system life cycle process assessment model (2008)
Finnegan, A., McCaffery, F., Coleman, G.: Development of a process assessment model for assessing security of IT networks incorporating medical devices against ISO/IEC 15026-4. In: Healthinf 2013, Barcelona, Spain, pp. 250–255 (2013)
DHS, Attack Surface: Healthcare and Public Heath Sector (2012)
Rashid, F.Y.: Researchers Uncover Privilege Escalation Bug in Philips Medical Devices (2013), http://www.securityweek.com
GAO, Medical Devices, FDA Should Expland Its Consideration of Information Security for Certain Types of Devices (2012)
ISO/IEC, 15288 - Systems engineering — System life cycle processes (2008)
ISO/IEC, 15026-4: Systems and Software Engineering - Systems and Software Assurance - Assurance in the Life Cycle (2012)
IEC, TR 80001-2-2 - Application of risk management for IT-networks incorporating medical devices - Guidance for the disclosure and communication of medical device security needs, risks and control, International Electrotechnical Committee (2011)
ISO/IEC, 27001 Information Technology - Security Techniques - Information Security Management Systems - Requirements (2005)
ISO, EN ISO 27799:2008 Health informatics. Information security management in health using ISO/IEC 27002 (2008)
ISO/IEC, 15408-1 Information Technology - Security Techniques - Evaluation Criteria for IT Security, in Introduction and General Model (2009)
IEC, 62443-3-3 – Security for industrial automation and control systems - Network and system security – System security requirements and security assurance levels Introductory Note (2011)
NIST, 800-53 Recommended Security Controls for Federal Information Systems and Organisations, U.S.D.o. Commerce, Editor (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Finnegan, A., McCaffery, F., Coleman, G. (2013). Framework to Assist Healthcare Delivery Organisations and Medical Device Manufacturers Establish Security Assurance for Networked Medical Devices. In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2013. Communications in Computer and Information Science, vol 364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39179-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-39179-8_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39178-1
Online ISBN: 978-3-642-39179-8
eBook Packages: Computer ScienceComputer Science (R0)