Cyber Templates

Cyber templates for cyber risk assessment of vulnerabilities

Cyber Incident Response Exercise

šŸ“œ Worksheet A: Cyber Risk Assessment of Medical Device Vulnerabilities

Participant Name: ____________________
Date: ______________
Device Name & Model: ______________
System Version: ______________

1ļøāƒ£ Asset Identification & Classification

  • Device Type: ____________________
  • Critical Functionality: ____________________
  • Impact Level (šŸ”“ High / šŸŸ” Medium / šŸŸ¢ Low): ____________________

2ļøāƒ£ Threat & Vulnerability Identification

āœ… Source of Vulnerabilities (CVE, CISA, threat intel, static/dynamic scanner, SBOM): ____________________
āœ… Software Components at Risk: ____________________
āœ… Supply Chain Risks: ____________________
āœ… Safety Risks (Patient Harm Potential): ____________________

Processes Impacted by Vulnerabilities

āœ… Threat Intelligence Feed Alerts (CISA, MITRE, ISAO, FDA Notifications): ____________________
āœ… Vulnerability Disclosure & Reporting Mechanisms: ____________________
āœ… Safety / Clinical Risk Assessment Impact: ____________________
āœ… Sources of Vulnerabilities (Firmware, Open-Source Dependencies, Third-Party Components): ____________________

3ļøāƒ£ Risk Evaluation (NIST RMF-Based)

  • Likelihood of Exploitation: šŸ”“ High / šŸŸ” Medium / šŸŸ¢ Low
  • Impact on Device Functionality: šŸ”“ High / šŸŸ” Medium / šŸŸ¢ Low
  • Impact on Patient Safety: šŸ”“ High / šŸŸ” Medium / šŸŸ¢ Low

4ļøāƒ£ Mitigation & Residual Risk Analysis

  • Mitigation Actions: ____________________
  • Risk Level After Mitigation: šŸ”“ High / šŸŸ” Medium / šŸŸ¢ Low
  • Residual Risk Level: šŸ”“ High / šŸŸ” Medium / šŸŸ¢ Low

5ļøāƒ£ Response Plan & Next Steps

  • Required Patch Updates: ____________________
  • Compliance Documentation (FDA, NIST, ISO 14971): ____________________
  • Ongoing Monitoring Measures (contaiment): ____________________
  • Communication - Vulnerabilties Disclosure

5ļøāƒ£ Design Controls and Fix

  • Design input, output, verification, validation, traceability
    • software specifications
    • Traceability
    • verification and validation (test cases / penetration testing)
    • Update security controls (threat modeling , gap analysis, architectural diagram)

šŸšØ Worksheet B: Cyber Incident Response Exercise

Participant Name: ____________________
Date: ______________
Incident Scenario: ____________________

1ļøāƒ£ Identification

  • Source of Attack: (Network, Physical Access, Software Exploit, Insider Threat) ____________________
  • Affected Systems: ____________________
  • Detection Method: (SIEM Logs, IDS/IPS Alerts, User Reports) ____________________
  • Threat Intelligence Feeds Used: (CISA, MITRE ATT&CK, ISAO, FDA Cyber Alerts) ____________________
  • Vulnerability Disclosure & Reporting: ____________________

2ļøāƒ£ Containment

  • Immediate Action Taken: ____________________
  • Devices Isolated: Yes / No
  • Access Revoked: Yes / No

3ļøāƒ£ Eradication & Recovery

  • Root Cause Analysis Findings: ____________________
  • Malware or Exploit Used: ____________________
  • System Patching & Remediation: ____________________
  • Restoration Procedure: ____________________

4ļøāƒ£ Incident Review & Lessons Learned

  • How Could This Have Been Prevented? ____________________
  • Additional Security Measures Required: ____________________
  • Policy Updates Needed? Yes / No
  • Training Improvement Recommendations: ____________________