A hospital is planning to deploy networked infusion pumps that automatically administer medication to patients based on programmed parameters. As the CISO, which security measure would be MOST appropriate to mitigate the risks associated with these embedded systems?
Code signing is the most appropriate security measure for embedded medical devices like infusion pumps because it ensures that only authorized firmware and software updates can be installed on the devices. This prevents malicious code execution and unauthorized modifications to the device functionality.
The other options are inadequate or inappropriate for securing embedded medical devices:
Strong passwords alone would not prevent firmware tampering or unauthorized code execution
Physical isolation is impractical for networked medical devices that need to communicate with hospital systems
Daily vulnerability scanning could potentially disrupt the operation of these critical medical devices and many embedded systems lack the computing resources to support continuous scanning
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is code signing and how does it work?
Open an interactive chat with Bash
What are the risks associated with embedded medical devices like infusion pumps?
Open an interactive chat with Bash
Why is physical isolation impractical for networked medical devices?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access