User's Manual

ManualsBrandsQUOTIENT SUISSE ManualsElectronicsIn-vitro diagnostic analyzer system

151

152

153

154

155

156

157

158

159

160

CYBERSECURITY / DEFINITION

158

MosaiQ 125 - User Manual - November 2020 - Reference n°: MMSURM.0010.02

14.1 DEFINITION

Cybersecurity is variously deﬁned but can be thought of as the protection of information

systems, computers and other hardware, and the software and data that runs on these

devices.

Most cyber risk issues will fall into one of these categories, which are made for better

understanding of why a particular technical control or process has been implemented.

Confidentiality prevents sensitive data from being seen or accessed by the wrong people

while ensuring that those that have legitimate need to access the data can do so.

Integrity means ensuring that data remains accurate and consistent for its life cycle.

Availability refers to the importance of keeping computer systems available and

accessible when required by the activity.

14.2 USER TRAINING AND EDUCATION

The users are responsible for information security.

The risks can be limited by regularly educating MosaiQ 125 users on cybersecurity best

practices.

 Make cybersecurity training and awareness mandatory for all personnel.

 Ensure that all personnel understand their roles and responsibilities with regard to

cybersecurity.

 Users must not install unauthorized applications.

 Users must not use any unauthorized media or device.

 Strictly follow the security recommendations.

NOTICE

This policy applies to all employees, contractors, and anyone

who has permanent or temporary access to this systems and

hardware.

14.3 IDENTIFICATION OF THREATS AND HAZARDS

This section identiﬁes the different threats and hazards that impact the cybersecurity.

Type of threat Source Description

ADVERSE

• Individual

• Group

• Organizational

• Nation-State

Individuals, groups, organizations or states that seek to exploit the

organization’s dependence on cyber resources.

• Infection: A malware (virus, worm, etc.) is introduced in the system

causing unexpected behavior ranging from benign to critical.

• Corruption: Executable ﬁles, Data ﬁles or Database ﬁles are modiﬁed

in such a way that they cannot be used normally and create a

unexpected behavior, an error or a software crash. This include

access rights, read only mode, name change, extension change, etc.

ACCIDENTAL

• User

• Privileged User/

Administrator

Erroneous actions taken by individuals in the course of executing their

everyday responsibilities.

• Deletion: The ﬁle is deleted or moved to another location.

• Data manipulation: Data inside a ﬁle are changed or deleted in such

a way that the ﬁle will be used normally causing the system to use

wrong data.

• Copy: Critical ﬁles are copied. Can be analytical data ﬁles or system

data ﬁles.

STRUCTURAL

• IT Equipment

• Environmental Controls

• Software

• Failure: equipment, environmental controls, or software due to aging,

resource depletion, or other circumstances which exceed expected

operating parameters.

• OS Updates: Uncontrolled OS updates can cause operation of the

system in a non-validated conﬁguration.

ENVIRONMENT

• Natural or man-made

disaster

• Unusual Natural Event

(e.g. sunspots)

• Infrastructure Failure/

power outage

Natural disasters and failures of critical infrastructures on which the

organization depends, but which are outside of the control of the

organization.