Medical device cybersecurity for engineers and manufacturers
Cybersecurity for medical devices is no longer optional. We must not allow sensationalism or headlines to drive the discussion… Nevertheless, we must proceed with urgency. In the end, this is about preventing patient harm and preserving patient trust. A comprehensive guide to m...
Clasificación: | Libro Electrónico |
---|---|
Autores principales: | , , |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Norwood, MA
Artech House
[2020]
|
Colección: | Artech House information security and privacy series.
|
Temas: | |
Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Intro
- Foreword
- Why Secure Medical Devices?
- 1.1 The Inspiration for This Book
- 1.2 The Evolution of Cybersecurity in Health Care
- 1.3 The Unique Role of Medical Devices
- 1.4 Regulatory Environment
- 1.5 Looking Ahead
- References
- Establishing a Cybersecurity Focus
- 2.1 Security Governance
- 2.1.1 Effective Oversight
- 2.2 Building a Security-Capable Organization
- 2.2.1 Strong Governance
- 2.2.2 Ongoing Testing
- 2.2.3 Coordinated Vulnerability Disclosure
- 2.2.4 BOM: Commercial and Open-Source Software Governance
- 2.2.5 Maturity Road Map
- 2.2.6 Security Designed In
- 2.2.7 Section Summary
- 2.3 Regulations and Standards
- 2.3.1 Regulatory Considerations
- 2.3.2 Standards
- 2.4 Security and Lifecycle Management: High-Level Overview
- 2.4.1 Coordination between the Four Lifecycles
- 2.5 Regular Review of Security Maturity
- References
- Supply Chain Management
- 3.1 Upstream Supply Chain Management
- 3.1.1 Counterfeit Electronic Components
- 3.1.2 Third-Party Software Components
- 3.2 Security Criteria for Approved Supplier Lists
- 3.3 Downstream Supply Chain Management
- References
- Medical Device Manufacturers' Development Cycle
- 4.1 Introduction
- 4.2 Secure Lifecycle Diagram Overview
- 4.3 Threats vs. Vulnerabilities
- 4.4 Development Lifecycle: Concept Phase
- 4.4.1 Incremental Improvements and Secure Development
- 4.5 Development Lifecycle: Planning Phase
- 4.5.1 Security Goals
- 4.6 Development Lifecycle: Requirements Phase
- 4.6.1 Safe Harbor vs Full Encryption
- 4.7 Development Lifecycle: Design Phase
- 4.7.1 Design Phase Activities
- 4.7.2 Introduction to Vulnerability Scoring
- 4.7.3 Mitigations
- 4.7.4 Vulnerability Scoring
- 4.7.5 Scoring Rubrics
- 4.7.6 Alternative Approaches to Scoring
- 4.7.7 Informal Approaches to Vulnerability Assessment
- 4.8 Development Lifecycle: Implementation Phase
- 4.9 Development Lifecycle: Verification and Validation Phase
- 4.10 Development Lifecycle: Release Phase/Transfer to Production
- 4.10.1 Three Different Transfer Models
- 4.11 Development Lifecycle: Sales Phase
- 4.12 Development Lifecycle: End of Life Phase
- References
- Secure Production and Sales for Medical Device Manufacturers
- 5.1 Production
- 5.1.1 Production Line Functionality Left Enabled in a Shipped Device
- 5.1.2 Factory Service and Rework
- 5.1.3 Securing Production Infrastructure
- 5.2 Security Considerations in the Sales Process
- 5.2.1 MDS2
- 5.3 Cybersecurity in Contracts
- 5.4 Managing End of Life
- References
- Medical Device Manufacturer Postmarket Lifecycle
- 6.1 Understanding FDA Expectations
- 6.2 Postmarket Surveillance and Related Activities
- 6.2.1 Monitoring TPSC Vulnerabilities
- 6.2.2 Coordinated Vulnerability Disclosures
- 6.2.3 Engagement with End-Users
- 6.2.4 ISAO
- 6.3 Updating Devices in the Field
- 6.4 Product Recalls
- References
- HDO Lifecycle