Health IoT (HIoT) software offers thorny and complex security, privacy and safeguarding (SPS) problems and requirements, with huge potential impact. The HIPSTER project aims to help development teams in the Small-to-Medium Enterprise community, incorporating background information from cyber threat and risk intelligence to create a cost-effective intervention to support decision making around such threats and requirements.

This report outlines the approach we plan to use and explores the academic ‘state of the art’ literature around the project. It concludes that the areas of novelty for the project are in finding ways to make risk data meaningful and palatable for software development teams; and in finding objective sources of such security and privacy information for this domain.

To support readers in using the literature referenced, all citations and bibliography entries in this document have hyperlinks to the corresponding sources.