The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Systematisation of security risk knowledge across different domains: a case study of security implications of medical devices

Systematisation of security risk knowledge across different domains: a case study of security implications of medical devices
Systematisation of security risk knowledge across different domains: a case study of security implications of medical devices
Shared terminology and understanding are vital for effective cybersecurity risk management for connected medical and in vitro diagnostic device systems, given that such processes are collaborative and require cross-domain expertise particularly, e.g., in the areas of patient safety, cyber-physical security, and privacy. However, fostering effective, interdisciplinary risk communication can be challenging — especially where, e.g., different terms are used with the same meaning, or the same risk management terms are interpreted differently across domains. In this paper, we focus on the systematisation of security risk knowledge across different domains related to the cybersecurity of connected medical and in vitro diagnostic device systems. This work relates to knowledge base extensions for a specified cybersecurity risk assessment tool—Spyderisk—as part of the NEMECYS project.
Connected Medical Devices and In Vitro Diagnostic Devices, cyber security, risk management, systemisation of knowledge, Connected Medical Devices, In Vitro Diagnostic Devices, Systematisation of Knowledge, Cyber security, Risk Management
337-348
SciTePress
Carmichael, Laura
3f71fb73-581b-43c3-a261-a6627994c96e
Taylor, Steve
9ee68548-2096-4d91-a122-bbde65f91efb
Senior, Samuel
d35c4a4d-0dc1-4d84-aed6-358e235e5a3f
Surridge, Mike
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Erdogan, Gencer
ad8964ee-eaba-429d-bddc-2b1db1afe176
Tverdal, Simeon
89a7d44b-b3a4-4f3d-ba86-17f44ab4758f
Di Pietro, Roberto
Renaud, Karen
Mori, Paolo
Carmichael, Laura
3f71fb73-581b-43c3-a261-a6627994c96e
Taylor, Steve
9ee68548-2096-4d91-a122-bbde65f91efb
Senior, Samuel
d35c4a4d-0dc1-4d84-aed6-358e235e5a3f
Surridge, Mike
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Erdogan, Gencer
ad8964ee-eaba-429d-bddc-2b1db1afe176
Tverdal, Simeon
89a7d44b-b3a4-4f3d-ba86-17f44ab4758f
Di Pietro, Roberto
Renaud, Karen
Mori, Paolo

Carmichael, Laura, Taylor, Steve, Senior, Samuel, Surridge, Mike, Erdogan, Gencer and Tverdal, Simeon (2025) Systematisation of security risk knowledge across different domains: a case study of security implications of medical devices. Di Pietro, Roberto, Renaud, Karen and Mori, Paolo (eds.) In Proceedings of the 11th International Conference on Information Systems Security and Privacy. vol. 1, SciTePress. pp. 337-348 . (doi:10.5220/0013306100003899).

Record type: Conference or Workshop Item (Paper)

Abstract

Shared terminology and understanding are vital for effective cybersecurity risk management for connected medical and in vitro diagnostic device systems, given that such processes are collaborative and require cross-domain expertise particularly, e.g., in the areas of patient safety, cyber-physical security, and privacy. However, fostering effective, interdisciplinary risk communication can be challenging — especially where, e.g., different terms are used with the same meaning, or the same risk management terms are interpreted differently across domains. In this paper, we focus on the systematisation of security risk knowledge across different domains related to the cybersecurity of connected medical and in vitro diagnostic device systems. This work relates to knowledge base extensions for a specified cybersecurity risk assessment tool—Spyderisk—as part of the NEMECYS project.

This record has no associated files available for download.

More information

Published date: 3 March 2025
Venue - Dates: 11th International Conference on Information Systems Security and Privacy, , Porto, Portugal, 2025-02-20 - 2025-03-22
Keywords: Connected Medical Devices and In Vitro Diagnostic Devices, cyber security, risk management, systemisation of knowledge, Connected Medical Devices, In Vitro Diagnostic Devices, Systematisation of Knowledge, Cyber security, Risk Management

Identifiers

Local EPrints ID: 500587
URI: http://eprints.soton.ac.uk/id/eprint/500587
DOI: doi:10.5220/0013306100003899
PURE UUID: cfb9f0d1-f967-49ac-9742-176b0ea275fe
ORCID for Laura Carmichael: ORCID iD orcid.org/0000-0001-9391-1310
ORCID for Steve Taylor: ORCID iD orcid.org/0000-0002-9937-1762
ORCID for Samuel Senior: ORCID iD orcid.org/0000-0002-3428-9215
ORCID for Mike Surridge: ORCID iD orcid.org/0000-0003-1485-7024

Catalogue record

Date deposited: 06 May 2025 16:55
Last modified: 03 Sep 2025 02:02

Export record

Altmetrics

Contributors

Author: Laura Carmichael ORCID iD
Author: Steve Taylor ORCID iD
Author: Samuel Senior ORCID iD
Author: Mike Surridge ORCID iD
Author: Gencer Erdogan
Author: Simeon Tverdal
Editor: Roberto Di Pietro
Editor: Karen Renaud
Editor: Paolo Mori

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×