This website has been mostly translated automatically from the original version. We apologize for any translation errors.

Risk analysis

This area is currently under construction.

The risk analysis was/is performed according to BSI standard 200-3 1. In designing the system, the following elementary hazards were essentially considered 2:

  • Listening [G 0.15]
  • Theft of equipment, data carriers or documents [G 0.16]
  • Loss of equipment, data carriers or documents [G 0.17]
  • Misplanning or lack of adaptation [G 0.18]
  • Disclosure of sensitive information [G 0.19]
  • Information or products from unreliable source [G 0.20]
  • Manipulation of hardware or software [G 0.21]
  • Unauthorised intrusion into IT systems [G 0.23]
  • Destruction of equipment or data carriers [G 0.24]
  • Failure of equipment or systems [G 0.25]
  • Malfunction of devices or systems [G 0.26]
  • Resource management [G 0.27]
  • Software vulnerabilities or bugs [G 0.28]
  • Violation of laws or regulations [G 0.29]
  • Unauthorised use or administration of devices and systems [G 0.30]
  • Incorrect use or administration of devices and systems [G 0.31]
  • Misuse of authorizations [G 0.32]
  • Staff absence [G 0.33]
  • Identity theft [G 0.36]
  • Denial of actions [G 0.37]
  • Misuse of personal data [G 0.38]
  • Malicious programs [G 0.39]
  • Prevention of services [G 0.40]
  • Sabotage [G 0.41]
  • Social Engineering [G 0.42]
  • Importing messages [G 0.43]
  • Data loss [G 0.45]
  • Loss of integrity of information to be protected [G 0.46]
  • Harmful side effects of IT-based attacks [G 0.47]

Assets

The following assets were considered for risk analysis:

  • Data of users, doctors, mediators, data of appointments and bookings as well as relevant auxiliary data (e.g. postcode information).
  • Non-public information for appointment switching, especially secrets (e.g. cryptographic keys, TLS certificates, ...)

Threat scenarios

The following threat scenarios

Risk assessment

Outstanding.

Description of measures

Outstanding.

Unforeseen risks

Outstanding.

Literature