Assessing Cyber Risk: Look At The Scale And Severity Of The Impact To The Patients, Not The CVSS Score | Redefining Security With Dr. Saif Abed


Manage episode 290891734 series 1535672
由Player FM以及我们的用户群所搜索的ITSPmagazine Podcast — 版权由出版商所拥有,而不是Player FM,音频直接从出版商的伺服器串流. 点击订阅按钮以查看Player FM更新,或粘贴收取点链接到其他播客应用程序里。

Perspective and priority matters. If you use CVSS or an equivalent technical metric alone as the core data point for vulnerability ranking in a hospital setting, up to 80% of the vulnerabilities identified might be inappropriately prioritized.

Specific examples include network infrastructure being under and clinical devices being over ranked at scale once clinical workflow context is factored in. When analyzing risk and taking mitigating action, what's the difference between an insulin pump in/on a patient, an imaging system in the emergency room department, and a networking device sitting in a lab closet? What you think matters may be up for discussion — so might be the health ecosystem and the patients that utilize it.

Put simply, the consequences of perspectives can have profound impacts on healthcare CISOs and the executive-level perception of risk status and the effectiveness of purely technically based vulnerability management programs.

The consequences of decisions made could have an even more profound impact on the patients' wellbeing on a grander scale.

When assessing cyber risk, perspective and priority matter — a lot.

Dr. Saif Abed, Medical Doctor | Cybersecurity Expert | Director of Cybersecurity Services, The AbedGraham Group | European Commission | World Health Organisation (@Saif_Abed on Twitter)

This Episode’s Sponsors




Inspiration for this conversation:

To see and hear more Redefining Security content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?