🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BS EN ISO/IEEE 11073-40101:2022

BS EN ISO/IEEE 11073-40101:2022

$198.66

Health informatics. Device interoperability – Foundational. Cybersecurity. Processes for vulnerability assessment

Published By Publication Date Number of Pages
BSI 2022 58
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Categories: ,

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Within the context of secure plug-and-play interoperability, cybersecurity is the process and capability of preventing unauthorized access or modification, misuse, denial of use, or the unauthorized use of information that is stored on, accessed from, or transferred to and from a PHD/PoCD. The process part of cybersecurity is risk analysis of use cases specific to a PHD/PoCD. For PHDs/PoCDs, this standard defines an iterative, systematic, scalable, and auditable approach to identification of cybersecurity vulnerabilities and estimation of risk. This iterative vulnerability assessment uses the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) classification scheme and the embedded Common Vulnerability Scoring System (eCVSS). The assessment includes system context, system decomposition, pre-mitigation scoring, mitigation, and post-mitigation scoring and iterates until the remaining vulnerabilities are reduced to an acceptable level of risk.

PDF Catalog

PDF Pages PDF Title
2 undefined
5 European foreword
Endorsement notice
8 Blank Page
9 Title page
11 Important Notices and Disclaimers Concerning IEEE Standards Documents
14 Participants
17 Introduction
18 Contents
19 1. Overview
1.1 General
20 1.2 Scope
1.3 Purpose
1.4 Word usage
21 2. Definitions, acronyms, and abbreviations
2.1 Definitions
2.2 Acronyms and abbreviations
3. Risk management
22 4. Software of unknown provenance
5. Multi-component system vulnerability assessment
6. Threat modeling
6.1 General
23 6.2 Data flow diagram
6.3 STRIDE classification scheme
7. Scoring system
7.1 General
7.2 CVSS
24 7.3 eCVSS
25 8. Process for vulnerability assessment
8.1 Iterative vulnerability assessment
8.2 System context
8.2.1 Use case description
26 8.2.2 Actors
28 8.2.3 Assets
8.2.4 Mapping actors to assets
8.3 System decomposition
8.3.1 General
8.3.2 Trust boundaries
8.3.3 Threat model
29 8.3.4 Vulnerability list
30 8.4 Scoring
8.4.1 General
8.4.2 eCVSS metric guidelines
31 8.4.3 Suggested collateral damage
32 8.4.4 System-wide metrics
8.4.5 Risk level thresholds
8.5 Mitigation
8.6 Iteration
33 Annex A (informative) Bibliography
34 Annex B (informative) STRIDE
38 Annex C (informative) embedded Common Vulnerability Scoring System
45 Annex D (informative) Microsoft TMT2Excel Macro
48 Annex E (informative) Example insulin delivery device vulnerability assessment

Related products

BS EN ISO/IEEE 11073-40101:2022
$198.66