Abstract
Shared terminology and understanding are vital for effective cybersecurity risk management for connected medical and in vitro diagnostic device systems, given that such processes are collaborative and require cross-domain expertise particularly, e.g., in the areas of patient safety, cyber-physical security, and privacy. However, fostering effective, interdisciplinary risk communication can be challenging — especially where, e.g., different terms are used with the same meaning, or the same risk management terms are interpreted differently across domains. In this paper, we focus on the systematisation of security risk knowledge across different domains related to the cybersecurity of connected medical and in vitro diagnostic device systems. This work relates to knowledge base extensions for a specified cybersecurity risk assessment tool—Spyderisk—as part of the NEMECYS project.