Manualshelf

User's Manual

ManualsBrandsSTRATEC ManualsElectronicsIn-vitro diagnostic analyzer system
21222324252627282930
1-20 KleeYa - User Manual - Version 2
INTRODUCTION
CYBERSECURITY
1.7.3 USER TRAINING AND EDUCATION
Only trained and authorized end-users shall operate the KleeYa System, since these
users are supposed to follow the intended use of the KleeYa System. Trained and
authorized end-users are responsible for information security.
In order to minimize the risks, users need to be trained on a regular basis on
Cybersecurity best practices.STRATEC recommends to provide security awareness
trainings for employees that operate the KleeYa System and to make background
checks prior to authorizing access to key personnel. This shall include in detail:
1. Create awareness and deepen the understanding of Cybersecurity for all
users.
2. Ensure that all personnel understand their roles and responsibilities with
regard to Cybersecurity.
3. Users must not install unauthorized applications (further details see sections
below).
4. Users must not use any unauthorized media or device.
5. Ensure that all personnel strictly follows the security recommendations.
This policy applies to all employees, contractors, and anyone who has permanent or
temporary access to the KleeYa System (including software and hardware).
1.7.4 IDENTIFICATION OF THREATS AND
HAZARDS
This chapter explains the impact of different threats and hazards to cybersecurity
according to NIST Special Publication 800-30 Revision 1, Guide for Conducting Risk
Assessments, September 2012, pp. 6-7 and Appendix D-2.
A threat is any circumstance or event with the potential to adversely affect
organizational operations and assets, individuals, other organizations, or the Nation
through an information system via unauthorized access, destruction, disclosure, or
modification of information, and/or denial of service.
A threat source is an actor (causal agent) with the intent and method targeted at the
exploitation of a vulnerability or a situation and method that may accidentally
exploit a vulnerability. In general, types of threat sources include: (i) hostile cyber/
physical attacks; (ii) human errors of omission or commission; (iii) structural failures
of organization-controlled resources (e.g., hardware, software, environmental
controls); and (iv) natural and man-made disasters, accidents, and failures beyond
the control of the organization.