Assessing Cyber Risk: Look At The Scale And Severity Of The Impact To The Patients, Not The CVSS Score | Redefining Security With Dr. Saif Abed
Manage episode 290891734 series 1535672
Perspective and priority matters. If you use CVSS or an equivalent technical metric alone as the core data point for vulnerability ranking in a hospital setting, up to 80% of the vulnerabilities identified might be inappropriately prioritized.
Specific examples include network infrastructure being under and clinical devices being over ranked at scale once clinical workflow context is factored in. When analyzing risk and taking mitigating action, what's the difference between an insulin pump in/on a patient, an imaging system in the emergency room department, and a networking device sitting in a lab closet? What you think matters may be up for discussion — so might be the health ecosystem and the patients that utilize it.
Put simply, the consequences of perspectives can have profound impacts on healthcare CISOs and the executive-level perception of risk status and the effectiveness of purely technically based vulnerability management programs.
The consequences of decisions made could have an even more profound impact on the patients' wellbeing on a grander scale.
When assessing cyber risk, perspective and priority matter — a lot.
This Episode’s Sponsors
Inspiration for this conversation: https://www.linkedin.com/posts/activity-6775767919851790336-QjwX
To see and hear more Redefining Security content on ITSPmagazine, visit:
Are you interested in sponsoring an ITSPmagazine Channel?