A Risk Assessment of the Hungarian Eid Card

The aim of the present study is to provide an insight to a comprehensive risk assessment of the Hungarian eID card utilizing the ISO/IEC 27005:2022 standard. Unfortunately, the functions of the eID are nowhere near widespread among the Hungarian population. That is why it is time to carry out a risk assessment, which can help to introduce the functions efficiently, and improve the overall security of the eID card. Using the concepts and steps of the international standard ISO/IEC 27005:2022, the external and internal context of the Hungarian eID was determined, and after the asset-based risk identification, the risks that arose were evaluated. A comprehensive risk analysis can greatly help the effective introduction and operation of eGovernment services. The risks identified during the risk assessment, based on the ISO/IEC 27005:2022, performed on the Hungarian eID card can serve as a basis for the planning and development of appropriate IT security best practices and training materials. Previously, no risk analysis of the Hungarian eID was published based on the ISO/IEC 27005:2022. The results can contribute to making existing use cases safer, but it can also be used to create new use cases keeping IT security in mind.