Risk Assessment Methodologies for the Internet of Medical Things: A Survey and Comparative Appraisal

Abstract: The Internet of Medical Things (IoMT) has revolutionized health care services by providing significant benefits in terms of patient well being and relevant costs. Traditional risk assessment methodologies, however, cannot be effectively applied in the IoMT context since IoMT devices form part of a distributed and trustless environment and naturally support functionalities that favor reliability and usability instead of security. In this work we present a survey of risk assessment and mitigation methodologies f… Show more

“…Our proposed system calculates the resilience metrics of all configurations satisfying predefined requirements. However, the decision on which configuration to apply is left to the stakeholders, who may consider arbitrary additional criteria, such as user comfort or economic losses given by the reconfiguration, which are influenced by the field of application 6 . Nevertheless, the recommendation considers the cybersecurity perspective comprehensively, even for non‐technical decision‐makers.…”

“…However, the decision on which configuration to apply is left to the stakeholders, who may consider arbitrary additional criteria, such as user comfort or economic losses given by the reconfiguration, which are influenced by the field of application. 6 Nevertheless, the recommendation considers the cybersecurity perspective comprehensively, even for non-technical decision-makers. The proposed decision support system uses a mission decomposition model to map enterprise missions to hosts and services in the network and sets its functional and security requirements.…”

“…It is also worth noting that the medical domain is distinctive in terms of cybersecurity risk assessment as it often favors reliability and usability over security. We kindly refer the readers interested in this topic to a survey by Malamas et al 6 …”

“…We show how a vulnerability of a local machine or a reported breach of a remote service jeopardizes the resilience of the whole infrastructure. The requirements for confidentiality, integrity, and availability in medical information systems are high, but so are the operational requirements posed by the medical staff 6 . Thus, we may illustrate the issues of decision‐making in scenarios in which the most resilient configuration (from the cybersecurity perspective) is incompatible with the demands of the users.…”

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

“…Our proposed system calculates the resilience metrics of all configurations satisfying predefined requirements. However, the decision on which configuration to apply is left to the stakeholders, who may consider arbitrary additional criteria, such as user comfort or economic losses given by the reconfiguration, which are influenced by the field of application 6 . Nevertheless, the recommendation considers the cybersecurity perspective comprehensively, even for non‐technical decision‐makers.…”

“…However, the decision on which configuration to apply is left to the stakeholders, who may consider arbitrary additional criteria, such as user comfort or economic losses given by the reconfiguration, which are influenced by the field of application. 6 Nevertheless, the recommendation considers the cybersecurity perspective comprehensively, even for non-technical decision-makers. The proposed decision support system uses a mission decomposition model to map enterprise missions to hosts and services in the network and sets its functional and security requirements.…”

“…It is also worth noting that the medical domain is distinctive in terms of cybersecurity risk assessment as it often favors reliability and usability over security. We kindly refer the readers interested in this topic to a survey by Malamas et al 6 …”

“…We show how a vulnerability of a local machine or a reported breach of a remote service jeopardizes the resilience of the whole infrastructure. The requirements for confidentiality, integrity, and availability in medical information systems are high, but so are the operational requirements posed by the medical staff 6 . Thus, we may illustrate the issues of decision‐making in scenarios in which the most resilient configuration (from the cybersecurity perspective) is incompatible with the demands of the users.…”

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

“…Malamas et al analyzed and compared current IoMT risk assessment methodologies to identify common theme and implementation gaps. Based on their analysis, they provided security controls that can be used to mitigate those risks[58]. Koutras et al surveyed and classified IoT communication protocols based on their applicability to IoMT domain while examining security characteristics and limitation of these protocols.…”

A survey on security issues in modern Implantable Devices: Solutions and future issues

Blockchain Based Secure Interoperable Framework for the Internet of Medical Things