SPHINX Functional Requirements and Guidelines: PART II

Continue from PART I.

SPHINX shall protect against known cyber-attacks.

The SPHINX Platform shall integrate the knowledge of how to protect against the most common cyber threats, how to respond to known cyber-attacks and which are the associated consequences of the proposed response, in order to facilitate the users’ decision-making process and to support business continuity. This knowledge should be well formulated and freely available on a central knowledge base, clearly marked it is already known and validated.

IT Domain: Applications

Cyber Security Management Cycle: Protect, Respond

SPHINX shall provide a personalised data security management tool.

The SPHINX Platform shall deliver a personalised data security management tool, allowing the users to set up and configure the specific tools required by the underlying IT ecosystem. The ecosystem should be customisable matching the variances of the different Health Organisations. It should allow for different tools to turn on and off on demand per installation. This should provide a degree of freedom to integrate with 3rd parties through the properly specified APIs.

IT Domain: IT Hardware Infrastructure, Networking, Applications, Security/Privacy

Cyber Security Management Cycle: Identify, Protect, Detect, Respond, Recover

SPHINX shall provide a cybersecurity inspection, discovery and decision toolset (cybersecurity toolkit).

The SPHINX Platform shall deliver a cybersecurity toolkit, comprising a set of available security services, that are capable of providing users with a wide range of options, such as inspection, discovery, monitoring, analysis, decision support and protection including distributed denial of service (DDoS) protection, advanced threat intelligence and identity and access management. The users are able to select the security services that meet their needs when designing the security strategies and defining a clear and actionable roadmap towards enhancing the level of protection of the healthcare organisation’s assets.

IT Domain: Applications,

Cyber Security Management Cycle: Identify, Protect, Detect, Respond

SPHINX shall be able to handle and process data originated by a large number of devices and services.

The SPHINX Platform shall have the capability to handle and process the data produced by a large number of devices and services, maintaining an adequate quality of service (this capability cannot affect the normal operations of devices and services). The SPHINX Platform shall provide a comprehensive overview of the collected data to the users, to facilitate the users’ awareness and decision-making processes. The SPHINX platform must be robust and stable, and data shall be coherently overviewed and presented to the users. It should be able to process within a reasonable time, the massive volumes of information collected from all devices and services already deployed.

IT Domain: IT Hardware Infrastructure, Networking, Applications,

Cyber Security Management Cycle: Protect, Detect

SPHINX shall provide cybersecurity vulnerability assessments.

The SPHINX Platform shall perform continuous assessments of the IT ecosystem to identify and assess existing cyber vulnerabilities, based on the information collected on the underlying IT ecosystem. The cybersecurity vulnerability assessments shall be based on the Common Vulnerability Scoring System CVSS 3.0 assessment model and consider the compliance with the ISO/IEC 27001 standard. The SPHINX Platform shall report the results of the cybersecurity vulnerability assessments, ascertaining their potential impact and presenting the information to the user for decision-making purposes. The assets and devices to be scanned should be configurable by the end-users, as well as the type and safety of the scans. It should be possible to schedule multiple scans, with different frequencies and scan profiles.

IT Domain: IT Hardware Infrastructure, Networking, Applications

Cyber Security Management Cycle: Identify, Detect

SPHINX shall enable the vulnerability assessment of devices to be connected to the organisation’s IT ecosystem.

The SPHINX Platform shall perform continuous assessments of medical and IoT-based devices in the network against patches and operating systems’ versions. Newly added devices, including Bring Your Own Device (BYOD), shall be first scanned for vulnerabilities, considering the categories based on the Common Vulnerability Scoring System CVSS 3.0 assessment model. The SPHINX Platform shall also consider the compliance with the ISO/IEC 27001 standard and the NIST 800-X family standard and future amendments. The SPHINX Platform shall report the results of the cybersecurity vulnerability assessments performed on the network’s devices.

IT Domain: Hardware Infrastructure, Networking

Cyber Security Management Cycle: Identify, Protect, Detect

More information about the Functional Requirements and Guidelines of SPHINX can be found in Deliverable 2.8 that is publicly available here.