A Lot Less Likely Than I Thought: Introducing Evidence-Based Security Risk Assessment for Healthcare Software

Weir, Charles and Dyson, Anna and Prince, Daniel (2023) A Lot Less Likely Than I Thought: Introducing Evidence-Based Security Risk Assessment for Healthcare Software. In: Proceedings of the 2023 IEEE Secure Development Conference (SecDev) :. IEEE, USA.

[thumbnail of A Lot Less Likely Than I Thought]
Text (A Lot Less Likely Than I Thought)
A_Lot_Less_Likely_Than_I_Thought.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (1MB)

Abstract

Security and privacy are particularly important for health applications and health-related devices. So, it is vital that health software developers, especially in small to medium companies, devote their time and resources only to the security and privacy activities that will be most effective for them. Accordingly, this paper describes the creation and development of a facilitated workshop to help developers create risk assessments, using a structured series of activities based on a healthcare industry risk model. The authors found little publicly available information on risk probabilities, requiring our own calculations. The results of six workshop trials showed that cards with stories and probabilities promoted effective risk analysis, and that this was valuable to less experienced development teams. This workshop approach provides a powerful lightweight approach to calculating evidence-based security and privacy loss expectations, allowing better decision making to improve the security of the many healthcare software systems we all depend upon.

Item Type:
Contribution in Book/Report/Proceedings
Uncontrolled Keywords:
Research Output Funding/yes_externally_funded
Subjects:
?? developer centered securitysoftware teamsprivacysoftware developercybersecurityinterventionworkshopdesign based researchsoftware securityyes - externally fundedyes ??
ID Code:
205295
Deposited By:
Deposited On:
05 Oct 2023 15:15
Refereed?:
Yes
Published?:
Published
Last Modified:
23 Dec 2024 01:30