Cyberwatching.eu Webinar on Risk Management
This cyberwatching.eu webinar in November 2020 looked at the practical aspects of risk management, tools and the broader scheme, such as how to do it cost effectively and optimising resources while keeping the right level of security.
PANACEA was among the projects developing new risk management solutions giving lightning talks. Fabrizio De Vecchis from RHEA presented “people-centric risk management for healthcare”, thematically focusing on the PANACEA dynamic risk management platform.
Part of the PANACEA cybersecurity toolkit, the DRMP enables the computation of all possible attack paths on multiple layers, spanning the network, access to IT systems and humans, to protect complex hospital IT infrastructure. It quantitatively assesses the current level of risk through a multi-dimensional threat analysis and its business impact. An innovative aspect of DRMP is the multi-dimensional attack model, reflecting the role played by human behaviours in the development of a cyber-attack. The model tries to capture how human users access ICT and medical devices, identifying human vulnerabilities that can be exploited to materialise the most common threats in healthcare organisations.
- Monitoring cyber risks in a complex network in real time.
- Constantly monitoring the network topology enables the detection of any changes that could lead to new risks and vulnerabilities.
- Vulnerabilities on IT assets focus on the business aspects, dynamically computing thousands of potential attack paths, feeding into the risk analysis and showing their impact on business processes.
- Taking into account human vulnerabilities caused by improper behaviour of personnel, such as doctors and nurses, using network assets like connected medical devices.
- Response plans include software patches and human mitigation actions through training or ensuring cyber secure behaviour.
- The customisable visual analytics environment enables users to tailor their computations with notifications of exposure to vulnerabilities or cyber-attacks across all levels.
DRMP is tested at the Gemelli University Hospital and its Laboratory of Systems with connected medical devices (Point of Care Testing) for urgent blood analysis. It is also tested by the Irish Health Service Executive with monitor control systems in hospitals and wireless connected medical devices used by patients.
DRMP is developed by RHEA, RINA and the Sapienza University of Rome. Validation of the tool is starting in Q1-2021.
PANACEA lightning talk on the video recording: 02:36-02:48
Fabrizio De Vecchis, RHEA, People-centric Risk Management for Healthcare
Watch the cyberwatching.eu webinar recording and download slides here.
