Securing Products with Threat Modeling

The security of JiveX products is upheld through what we call Threat Modeling. To spread the knowledge about our recently improved method throughout our organization, 50 more of our colleagues were trained in security matters at the turn of the year.

Security has two equally important dimensions: cybersecurity and patient safety. The interplay between these dimensions is evident, as Hendrik Ewerlin, Cyber Security Architect, points out: "It’s conceivable that manipulated patient data, initially a cybersecurity issue, could lead to misguided treatment, harming patients' health. Similarly, if mission-critical systems become unavailable, urgent, vital treatment could be delayed, as well."

Risk Management with Threat Modeling at VISUS

To identify, classify, and develop defense strategies against risks in both domains, we rely on the so-called Threat Modeling process. "Threat Modeling is about bringing threats to light in the first place, which then initiates discussions about them. Consequently, we devise and implement effective protective measures to mitigate these threats," clarifies Hendrik, who leads our internal training on systematic risk detection and management.

In our application of Threat Modeling, we have identified the cybersecurity areas most critical to VISUS. These include:

1. Ensuring the confidentiality of personal patient data
2. Ensuring the confidentiality of data belonging to health facility employees
3. Maintaining the availability of mission-critical systems

Working alongside the risk management team for patient safety, led by Stefan Sangal, we are developing an approach comprising a mix of measures to ensure that JiveX meets its objectives. To achieve this, we first identify real threats using a standardized probability/impact matrix. Subsequently, we conduct a measures-compliant assessment to ensure the adequacy of the proposed protective measures in managing the threats. Unacceptable risks are continually mitigated through the so-called Cyber Security Risk Control Measures until the residual risk is deemed acceptable.

Security Starts in Development

A key insight in software development is that security, in all its dimensions, must be a primary consideration from the outset: "Insecure Design is ranked fourth among the well-known OWASP Top 10 Cyber Security Risks. Neglecting security in the design phase can indeed have grave consequences. Hence, our drive to involve in Threat Modeling as many team members as possible, ensuring JiveX is intrinsically secure by design. This approach lays the foundation for meeting all further security requirements in both domains – cybersecurity and patient safety," says Hendrik. The importance of this matter at our company is further highlighted by our plan to significantly increase training sessions in the new year. The VISUS Security Group plays a crucial role here, bringing together particularly skilled employees to discuss wide-ranging topics and share experiences.