From: Risk management-based security evaluation model for telemedicine systems
Security objective | Potential impact | Description |
---|---|---|
Confidentiality | High | Should be available internally to authorized persons only; unauthorized exposure can result in harm to individual privacy and/or fatal damage to telemedicine system |
Moderate | Can be disclosed internally but in case of external exposure may cause significant problems with respect to individual privacy and/or telemedicine system | |
Low | If exposed to external persons, will have negligible effect on individual privacy and telemedicine system | |
Integrity | High | Accidental or intentional changes may result in extreme harm to individual privacy or telemedicine system |
Moderate | Accidental or intentional changes may cause significant damage to individual privacy or telemedicine system | |
Low | Accidental or intentional changes will have negligible effect on individual privacy or telemedicine system | |
Availability | High | Service interruption may cause fatal damage to operation of telemedicine system |
Moderate | Service interruption may result in significant damage to telemedicine system | |
Low | Service interruption will cause negligible damage to telemedicine system | |
Asset Contribution | High | Asset is essential to telemedicine system services |
Moderate | Asset is partially necessary for telemedicine system services | |
Low | Asset plays a supporting role in telemedicine system services |