Systematisation of Security Risk Knowledge Across Different Domains: A Case Study of Security Implications of Medical Devices

Laura Carmichael; Steve Taylor; Samuel Senior; Mike Surridge; Gencer Erdogan; Simeon Tverdal

doi:10.5220/0013306100003899

Systematisation of Security Risk Knowledge Across Different Domains: A Case Study of Security Implications of Medical Devices

Laura Carmichael, Steve Taylor, Samuel Senior, Mike Surridge, Gencer Erdogan, Simeon Tverdal

2025

Abstract

Shared terminology and understanding are vital for effective cybersecurity risk management for connected medical and in vitro diagnostic device systems, given that such processes are collaborative and require cross-domain expertise particularly, e.g., in the areas of patient safety, cyber-physical security, and privacy. However, fostering effective, interdisciplinary risk communication can be challenging — especially where, e.g., different terms are used with the same meaning, or the same risk management terms are interpreted differently across domains. In this paper, we focus on the systematisation of security risk knowledge across different domains related to the cybersecurity of connected medical and in vitro diagnostic device systems. This work relates to knowledge base extensions for a specified cybersecurity risk assessment tool—Spyderisk—as part of the NEMECYS project.

Download

Paper Citation

in Harvard Style

Carmichael L., Taylor S., Senior S., Surridge M., Erdogan G. and Tverdal S. (2025). Systematisation of Security Risk Knowledge Across Different Domains: A Case Study of Security Implications of Medical Devices. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 337-348. DOI: 10.5220/0013306100003899

in Bibtex Style

@conference{icissp25,
author={Laura Carmichael and Steve Taylor and Samuel Senior and Mike Surridge and Gencer Erdogan and Simeon Tverdal},
title={Systematisation of Security Risk Knowledge Across Different Domains: A Case Study of Security Implications of Medical Devices},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2025},
pages={337-348},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013306100003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Systematisation of Security Risk Knowledge Across Different Domains: A Case Study of Security Implications of Medical Devices
SN - 978-989-758-735-1
AU - Carmichael L.
AU - Taylor S.
AU - Senior S.
AU - Surridge M.
AU - Erdogan G.
AU - Tverdal S.
PY - 2025
SP - 337
EP - 348
DO - 10.5220/0013306100003899
PB - SciTePress