Reviewing OWASP /CSA Document for Secure Medical Devices


The OWASP(Open Web Application Security Project) and the CSA(Cloud.Security.Alliance) are both Non-Profit initiatives devoted to various aspects of Cybersecurity with Chapters and
representation globally.

The following document-Secure Medical Devices Deployment came out from a joint collaboration an initiative between both these organizations to look into an area which has seen widespread attacks in the last few years; IoT Medical Devices deployment.

Following are the key recommendations from that Document

Develop a Template for Mock Incidents & an effective Incident Response Plan(which is tested at least once every 6 months).

Do sufficient testing of your Devices via Pentesting, Security testing, OS Hardening, Encrypted Messaging(HLv3).

Physical Security should not be neglected

Compliance Monitoring-should is effective & comprehensive.

Verification and ensure the stability of Update Mechanisms(for Firmware); Keep a Spare copy as Backup for emergency purposes.

Change Default Credentials-to ensure that the easiest way to get into a Document is just not open anymore.

Leave a Reply

Your email address will not be published. Required fields are marked *