IT Security Analysis for Home Use Product
Challenge
- Identification of risks and threats for a home-use medical device
- Creation of a reliable risk assessment of the IT security of the product
- Identification of efficient measures to minimize risk
- Integration of a secure software update mechanism
- Safety class C software system in accordance with IEC 62304
- Product with connection to smartphone app
Approach
- Identification of the security context of the product
- Identification of assets
- Threat risk analysis
- Definition of and risk assessment of incident scenarios
- Identification of risk control measures
Technologies & Methods
- IEC 81001-5-1 Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle
- AAMI TIR57 Principles for Medical Device Security - Risk Management
- FDA Guidance: Content of Premarket Submissions for Management of Cybersecurity in Medical Devices
- Common Vulnerability Scoring System (CVSS)
- STRIDE
- Microsoft Threat Modeling Tool