. http://www.mddionline.com/blog/devicetalk/difference-between-it-cybersecurity-and-product-cybersecurity-08-18-16

home.aspx
   

article
SHARESHARESHARE
THE DIFFERENCE BETWEEN IT CYBERSECURITY AND PRODUCT CYBERSECURITY
Manufacturers are at various levels of preparedness when it comes to cybersecurity for medical devices, but are sincerely trying to get up to speed. The latest thinking in this space—by regulators, manufacturers, and solution providers—revolves around the difference between IT cybersecurity on the corporate/enterprise level and product cybersecurity While IT security is traditionally focused on compliance and securing enterprise systems such as laptops and servers, medical product cybersecurity is focused on risk management, hardware and software development. Why does that matter? Well, compliance means meeting a minimum bar that is required by a particular standard. In medical products there are no standards, it’s all about risk management. By following a risk management process, it allows manufacturers to iterate over risks, prioritize, and decide on mitigations that best suit their level of acceptable risk. Due to this difference in approaches and knowledge many manufacturers are experiencing growing pains in partnering with their IT departments to address medical product security. But hope is not lost! Taking the time to educate your IT teams on risk management can go a long way to building that relationship. With that said, manufacturers also need to realize IT likely doesn’t possess enough development background to be your full security solutions. READ MORE