Risk analysis

The risk analysis was/is performed according to BSI standard 200-3 ¹. In designing the system, the following elementary hazards were essentially considered ²:

• Listening [G 0.15]
• Theft of equipment, data carriers or documents [G 0.16]
• Loss of equipment, data carriers or documents [G 0.17]
• Misplanning or lack of adaptation [G 0.18]
• Disclosure of sensitive information [G 0.19]
• Information or products from unreliable source [G 0.20]
• Manipulation of hardware or software [G 0.21]
• Unauthorised intrusion into IT systems [G 0.23]
• Destruction of equipment or data carriers [G 0.24]
• Failure of equipment or systems [G 0.25]
• Malfunction of devices or systems [G 0.26]
• Resource management [G 0.27]
• Software vulnerabilities or bugs [G 0.28]
• Violation of laws or regulations [G 0.29]
• Unauthorised use or administration of devices and systems [G 0.30]
• Incorrect use or administration of devices and systems [G 0.31]
• Misuse of authorizations [G 0.32]
• Staff absence [G 0.33]
• Identity theft [G 0.36]
• Denial of actions [G 0.37]
• Misuse of personal data [G 0.38]
• Malicious programs [G 0.39]
• Prevention of services [G 0.40]
• Sabotage [G 0.41]
• Social Engineering [G 0.42]
• Importing messages [G 0.43]
• Data loss [G 0.45]
• Loss of integrity of information to be protected [G 0.46]
• Harmful side effects of IT-based attacks [G 0.47]

Assets

The following assets were considered for risk analysis:

• Data of users, doctors, mediators, data of appointments and bookings as well as relevant auxiliary data (e.g. postcode information).
• Non-public information for appointment switching, especially secrets (e.g. cryptographic keys, TLS certificates, ...)

Threat scenarios

The following threat scenarios

Risk assessment

Outstanding.

Description of measures

Outstanding.

Unforeseen risks

Outstanding.

Literature