IT Security Analysis for Home Use Product

loading

Challenge

Task
  • Identification of risks and threats for a home-use medical device
Objective
  • Creation of a reliable risk assessment of the IT security of the product
  • Identification of efficient measures to minimize risk
  • Integration of a secure software update mechanism
Constraints
  • Safety class C software system in accordance with IEC 62304
  • Product with connection to smartphone app
loading

Approach

  • Identification of the security context of the product
  • Identification of assets
  • Threat risk analysis
  • Definition of and risk assessment of incident scenarios
  • Identification of risk control measures
loading

Technologies & Methods

Standards
  • IEC 81001-5-1 Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle
  • AAMI TIR57 Principles for Medical Device Security - Risk Management
  • FDA Guidance: Content of Premarket Submissions for Management of Cybersecurity in Medical Devices
Tools
  • Common Vulnerability Scoring System (CVSS)
  • STRIDE
  • Microsoft Threat Modeling Tool