Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons’ day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.
Reijo M. Savola, Antti Evesti (VTT), Habtamu Abie (Norwegian Computing Center), Markus Sihvonen (MPY): Risk-driven security metrics development for an e-health IoT application