A threat model for medical devices should document how certain systems are intended to function, justify trade-offs made in the design process, identify remaining threats to the systems, and more, just to name a few critical elements, say the authors of the Playbook for Threat Modeling Medical Devices.

When applying threat modeling for medical devices, it is important for manufacturers to take on the approach early in the design stages of their products, say MITRE medical device cybersecurity experts Margie Zuk and Penny Chase, co-authors of the recently released Playbook for Threat Modeling Medical Devices.

“It’s thinking about the design from the beginning: What can go wrong? What are we going to do about it? Applying more methodologies to make it more of a practice and sharing tips for what the problem areas are,” says Zuk, senior principal cybersecurity engineer at MITRE.

“We’re hoping to see a lot more of that happening” among medical device manufacturers, she says in a video interview with Information Security Media Group.

Read the full article at Gov. Info Security.