This website has been mostly translated automatically from the original version. We apologize for any translation errors.
✕
Risk analysis
This area is currently under construction.
The risk analysis was/is performed according to BSI standard 200-3 1.
In designing the system, the following elementary hazards were essentially considered 2:
Listening [G 0.15]
Theft of equipment, data carriers or documents [G 0.16]
Loss of equipment, data carriers or documents [G 0.17]
Misplanning or lack of adaptation [G 0.18]
Disclosure of sensitive information [G 0.19]
Information or products from unreliable source [G 0.20]
Manipulation of hardware or software [G 0.21]
Unauthorised intrusion into IT systems [G 0.23]
Destruction of equipment or data carriers [G 0.24]
Failure of equipment or systems [G 0.25]
Malfunction of devices or systems [G 0.26]
Resource management [G 0.27]
Software vulnerabilities or bugs [G 0.28]
Violation of laws or regulations [G 0.29]
Unauthorised use or administration of devices and systems [G 0.30]
Incorrect use or administration of devices and systems [G 0.31]
Misuse of authorizations [G 0.32]
Staff absence [G 0.33]
Identity theft [G 0.36]
Denial of actions [G 0.37]
Misuse of personal data [G 0.38]
Malicious programs [G 0.39]
Prevention of services [G 0.40]
Sabotage [G 0.41]
Social Engineering [G 0.42]
Importing messages [G 0.43]
Data loss [G 0.45]
Loss of integrity of information to be protected [G 0.46]
Harmful side effects of IT-based attacks [G 0.47]
Assets
The following assets were considered for risk analysis:
Data of users, doctors, mediators, data of appointments and bookings as well as relevant auxiliary data (e.g. postcode information).
Non-public information for appointment switching, especially secrets (e.g. cryptographic keys, TLS certificates, ...)
Risk analysis
The risk analysis was/is performed according to BSI standard 200-3 1. In designing the system, the following elementary hazards were essentially considered 2:
Assets
The following assets were considered for risk analysis:
Threat scenarios
The following threat scenarios
Risk assessment
Outstanding.
Description of measures
Outstanding.
Unforeseen risks
Outstanding.
Literature
BSI Standard 200-3 ↩
BSI IT-Grundschutz - Elementary hazards ↩