Development of a Process Assessment Model for Assessing Security of IT Networks Incorporating Medical Devices against ISO/IEC 15026-4

Anita Finnegan; Fergal Mc Caffery; Gerry Coleman

doi:10.5220/0004327502500255

Development of a Process Assessment Model for Assessing Security of IT Networks Incorporating Medical Devices against ISO/IEC 15026-4

Anita Finnegan, Fergal Mc Caffery, Gerry Coleman

2013

Abstract

Advancements in medical device design over the last number of years have allowed medical device manufacturers to add more complex functionality particularly through the use of software. Such advancements include the ability for devices to communicate wirelessly across networks, from device to device and over the Internet. However, with such advancements comes additional risks; these are security risks, vulnerabilities and threats. In the past twelve months, concern within the medical device community has led to the US Government calling upon the FDA to take responsibility of medical device security. In support of this, this position paper details a research proposal to address medical device security issues through the development of a Process Reference Model (PRM) and a Process Assessment Model (PAM) to assess the capability of the processes used to develop medical devices intended to be incorporated onto healthcare networks and also determine the product security capability through the development of security assurance cases created following the lifecycle process. Further, in support of IEC 80001-2-2, the output from this PRM will be an assurance case with a security assurance level, which will be used to communicate the security capabilities of the product between Medical Device Manufacturers (MDMs) and Healthcare Delivery Organisations (HDOs). The intent is to build a better awareness of vulnerability types, threats and related risks to assist in reducing the likelihood of harm resulting from a security risk.

Download

Paper Citation

in Harvard Style

Finnegan A., Mc Caffery F. and Coleman G. (2013). Development of a Process Assessment Model for Assessing Security of IT Networks Incorporating Medical Devices against ISO/IEC 15026-4 . In Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013) ISBN 978-989-8565-37-2, pages 250-255. DOI: 10.5220/0004327502500255

in Bibtex Style

@conference{healthinf13,
author={Anita Finnegan and Fergal Mc Caffery and Gerry Coleman},
title={Development of a Process Assessment Model for Assessing Security of IT Networks Incorporating Medical Devices against ISO/IEC 15026-4},
booktitle={Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)},
year={2013},
pages={250-255},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004327502500255},
isbn={978-989-8565-37-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)
TI - Development of a Process Assessment Model for Assessing Security of IT Networks Incorporating Medical Devices against ISO/IEC 15026-4
SN - 978-989-8565-37-2
AU - Finnegan A.
AU - Mc Caffery F.
AU - Coleman G.
PY - 2013
SP - 250
EP - 255
DO - 10.5220/0004327502500255