RESUMEN
The MedSecurance project focus on identifying new challenges in cyber security with focus on hardware and software medical devices in the context of emerging healthcare architectures. In addition, the project will review best practice and identify gaps in the guidance, particularly the guidance stipulated by the medical device regulation and directives. Finally, the project will develop comprehensive methodology and tooling for the engineering of trustworthy networks of inter-operating medical devices, that shall have security-for-safety by design, with a strategy for device certification and certifiable dynamic network composition, ensuring that patient safety is safeguarded from malicious cyber actors and technology "accidents".
Asunto(s)
Certificación , Seguridad Computacional , Humanos , Ingeniería , Instituciones de Salud , Legislación de Dispositivos MédicosRESUMEN
The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR's promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains.
