%0 Journal Article %J Technology Innovation Management Review %D 2017 %T A Cybersecurity Risk Assessment Framework that Integrates Value-Sensitive Design %A Aida Alvarenga %A George Tanev %K cybersecurity %K framework %K medical devices %K risk assessment %K value propositions %K value-sensitive design %X Medical devices today are more effective and connected than ever before, saving more patient lives and making healthcare practitioner’s jobs more efficient. But with this interconnectedness comes inherent concerns over increased cybersecurity vulnerabilities. Medical device cybersecurity has become an increasing concern for all relevant stakeholders including: patients, regulators, manufacturers, and healthcare practitioners. Although cybersecurity in medical devices has been covered in the literature, there is a gap in how to address cybersecurity concerns and assess risks in a way that brings value to all relevant stakeholders. In order to maximize the value created from cybersecurity risk mitigations, we review literature on the state of cybersecurity in the medical device industry, on cybersecurity risk management frameworks in the context of medical devices, and on how cybersecurity can be used as a value proposition. We then synthesize the key contributions of the literature into a framework that integrates cybersecurity value considerations for all relevant stakeholders into the risk mitigation process. This framework is subsequently applied to the hypothetical case of an insulin pump. Using this example case, we illustrate how medical device manufacturers can use the framework as a standardized method that can be applicable to medical devices at large. Our ultimate goal is to make cybersecurity risk mitigation an exploitable asset for manufacturers rather than a regulatory obligation. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 32-43 %8 04/2017 %G eng %U http://timreview.ca/article/1069 %N 4 %1 Carleton University Aida Alvarenga Castillo is a Master’s student in the Technology Innovation Management program at Carleton University in Ottawa, Canada. Aida undertook her undergraduate studies at McGill University in Montreal, Canada, with a focus on Economics, Business Management, and Political Science. She has experience in the financial industry for well-established banks, in a business development role for a technology startup, and as an entrepreneur in launching her own family food business. Within the field of technology innovation, Aida’s main interests are in financial technologies (FinTech) and innovation within the financial industry. %2 Carleton University George Tanev is a Master’s student in the Technology Innovation Management program at Carleton University in Ottawa, Canada. George holds a Master’s of Science degree in Medicine and Technology from the Technical University of Denmark and a Bachelor of Engineering in Biomedical and Electrical Engineering from Carleton University. George has experience in the medical device industry and the air navigation services industry. His interests are in technology entrepreneurship, cybersecurity, medical device product development, signal processing, and data modelling. %R http://doi.org/10.22215/timreview/1069 %0 Journal Article %J Technology Innovation Management Review %D 2017 %T Editorial: Cybersecurity (April 2017) %A Chris McPhee %A Michael Weiss %K anomaly detection %K automation %K big data %K cybersecurity %K exploration %K Hypponen’s law %K Internet of Things %K IOT %K legislation %K medical devices %K privacy %K real time %K risk assessment %K security engineering %K smart devices %K value proposition %K vulnerabilities %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 3-4 %8 04/2017 %G eng %U http://timreview.ca/article/1065 %N 4 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa, Canada, and BScH and MSc degrees in Biology from Queen's University in Kingston, Canada. He has nearly 20 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Carleton University Michael Weiss holds a faculty appointment in the Department of Systems and Computer Engineering at Carleton University in Ottawa, Canada, and is a member of the Technology Innovation Management program. His research interests include open source, ecosystems, mashups, patterns, and social network analysis. Michael has published on the evolution of open source business, mashups, platforms, and technology entrepreneurship. %R http://doi.org/10.22215/timreview/1065 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Editorial: Cybersecurity (August 2013) %A Chris McPhee %A Tony Bailetti %K Canada %K cyberattacks %K cybersecurity %K cyberthreats %K information technology %K network security %K research %K risk assessment %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 3-4 %8 08/2013 %G eng %U http://timreview.ca/article/710 %N 8 %1 Technology Innovation Management Review Chris McPhee is Editor-in-Chief of the Technology Innovation Management Review. Chris holds an MASc degree in Technology Innovation Management from Carleton University in Ottawa and BScH and MSc degrees in Biology from Queen's University in Kingston. He has over 15 years of management, design, and content-development experience in Canada and Scotland, primarily in the science, health, and education sectors. As an advisor and editor, he helps entrepreneurs, executives, and researchers develop and express their ideas. %2 Carleton University Tony Bailetti is an Associate Professor in the Sprott School of Business and the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. Professor Bailetti is the Director of Carleton University's Technology Innovation Management (TIM) program. His research, teaching, and community contributions support technology entrepreneurship, regional economic development, and international co-innovation. %R http://doi.org/10.22215/timreview/710 %0 Journal Article %J Technology Innovation Management Review %D 2013 %T Quantitative Metrics and Risk Assessment: The Three Tenets Model of Cybersecurity %A Jeff Hughes %A George Cybenko %K availability %K confidentiality %K integrity %K quantitative cybersecurity %K risk assessment %K vulnerabilities %X Progress in operational cybersecurity has been difficult to demonstrate. In spite of the considerable research and development investments made for more than 30 years, many government, industrial, financial, and consumer information systems continue to be successfully attacked and exploited on a routine basis. One of the main reasons that progress has been so meagre is that most technical cybersecurity solutions that have been proposed to-date have been point solutions that fail to address operational tradeoffs, implementation costs, and consequent adversary adaptations across the full spectrum of vulnerabilities. Furthermore, sound prescriptive security principles previously established, such as the Orange Book, have been difficult to apply given current system complexity and acquisition approaches. To address these issues, the authors have developed threat-based descriptive methodologies to more completely identify system vulnerabilities, to quantify the effectiveness of possible protections against those vulnerabilities, and to evaluate operational consequences and tradeoffs of possible protections. This article begins with a discussion of the tradeoffs among seemingly different system security properties such as confidentiality, integrity, and availability. We develop a quantitative framework for understanding these tradeoffs and the issues that arise when those security properties are all in play within an organization. Once security goals and candidate protections are identified, risk/benefit assessments can be performed using a novel multidisciplinary approach, called “QuERIES.” The article ends with a threat-driven quantitative methodology, called “The Three Tenets”, for identifying vulnerabilities and countermeasures in networked cyber-physical systems. The goal of this article is to offer operational guidance, based on the techniques presented here, for informed decision making about cyber-physical system security. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 3 %P 15-24 %8 08/2013 %G eng %U http://timreview.ca/article/712 %N 8 %1 Tenet 3 Jeff A. Hughes is President of Tenet 3, LLC. Tenet 3 is a cybertechnology company with a focus on autonomous cyber-physical systems, analyzing their trustworthiness, and evaluating economical ways to demonstrably mitigate security risks. Previously, Jeff held various positions in the US Air Force Research Laboratory (AFRL), where he led research into advanced techniques for developing and screening trustworthy microelectronic components and performing complex system vulnerability and risk analysis for cyber-physical systems. Jeff has an MS in Electrical Engineering from the Ohio State University and has completed graduate work towards a PhD at the Air Force Institute of Technology in Ohio, United States. %2 Dartmouth College George Cybenko is the Dorothy and Walter Gramm Professor of Engineering at Dartmouth College in New Hampshire, United States. Professor Cybenko has made multiple research contributions in signal processing, neural computing, information security, and computational behavioural analysis. He was the Founding Editor-in-Chief of both IEEE/AIP Computing in Science and Engineering and IEEE Security & Privacy. He has served on the Defense Science Board (2008-2009), on the US Air Force Scientific Advisory Board (2012-2015), and on review and advisory panels for DARPA, IDA, and Lawrence Livermore National Laboratory. Professor Cybenko is a Fellow of the IEEE and received his BS (Toronto) and PhD (Princeton) degrees in Mathematics. %R http://doi.org/10.22215/timreview/712