Risk Assessment for SWOP Telemonitoring System Based on Fuzzy Cognitive Maps

Abstract

For various IT systems security is considered to be a key quality factor. In particular, for health care systems security is of uttermost importance, as it is related to patients' health and safety. Risk assessment is an important activity in security management; it aims at identifying assets, threats and vulnerabilities, analysis of implemented countermeasures and their effectiveness in mitigating risks. This paper discusses a new risk assessment method, in which risk calculation is based on Fuzzy Cognitive Maps (FCMs) approach. FCMs are used to capture dependencies between assets and FCM based reasoning is applied to aggregate risks assigned to lower-level assets (e.g. hardware, software modules, communications, people) to such high level assets as services, maintained data and processes. An application of the method is studied on an example of e-health system providing remote telemonitoring, data storage and teleconsultation services. Lessons learned indicate, that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on effectiveness of security system. © Springer-Verlag Berlin Heidelberg 2013.