Abstract
This paper presents work for the development of a framework to assure the security of networked medical devices being incorporated. The paper focuses on one component of the framework, which addresses system development processes, and the assurance of these through the use of a Process Assessment Model with a major focus on the security risk management process. With the inclusion of a set of specific security controls and assurance processes, the purpose is to increase awareness of security vulnerabilities, risks and controls among Medical Device Manufacturers with the aim of increasing the overall security capability of medical devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
DHS, Attack Surface: Healthcare and Public Heath Sector (2012)
Radcliffe, J.: Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System (2011)
Infosecurity Magazine, Pacemaker virus could lead to mass murder (2012)
Goldman, J.: Security Flaws Found in Philips Xper Hospital Management System (2013), http://www.esecurityplanet.com
GAO, Medical Devices, FDA Should Expland Its Consideration of Information Security for Certain Types of Devices (2012)
Finnegan, A., McCaffery, F., Coleman, G.: Development of a process assessment model for assessing security of IT networks incorporating medical devices against ISO/IEC 15026-4. In: Healthinf 2013, Barcelona, Spain (2013)
ISO/IEC, 15504-2: 2003 Software Engineering - Process Assessment - Performing an Assessment (2003)
ISO/IEC, 15504-6: 2008 Information technology — Process assessment — An exemplar system life cycle process assessment model (2008)
ISO/IEC, 15288 - Systems engineering — System life cycle processes (2008)
ISO/IEC, 15026-4: Systems and Software Engineering - Systems and Software Assurance - Assurance in the Life Cycle (2012)
IEC, TR 80001-2-2 - Guidance for the disclosure and communication of medical device security needs, risks and controls. International Electrotechnical Committee (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Finnegan, A., McCaffery, F., Coleman, G. (2013). A Security Assurance Framework for Networked Medical Devices. In: Heidrich, J., Oivo, M., Jedlitschka, A., Baldassarre, M.T. (eds) Product-Focused Software Process Improvement. PROFES 2013. Lecture Notes in Computer Science, vol 7983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39259-7_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-39259-7_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39258-0
Online ISBN: 978-3-642-39259-7
eBook Packages: Computer ScienceComputer Science (R0)