Published June 12, 2020 | Version v1
Report Open

Minimum Quality Standard For Cybersecurity Training In Healthcare

Creators

  • 1. Fundació Privada Hospital Asil de Granollers

Description

In order to combat cybersecurity attacks in healthcare centres, many organisations invest in security awareness training. However, without a shared feeling of responsibility for cyber risk mitigation throughout the organization and minimum quality standard, this training is likely to fall on deaf ears (BITSIGHT, 2020). Therefore, in order to provide a quality assurance report for future training actions in SecureHospital.eu project (e.g. workshops, webinars and summer school) a minimum quality standard has been developed.

 

References:

Palkmets, et al., “Good Practice Guide on Training Methodologies”, ENISA (2014).

https://www.enisa.europa.eu/publications/good-practice-guide-on-training-methodologies

 

Oomen,    et    al.,    “D4.2.    Trainer    interviews    and    workshops    report”,    EU    H2020 SecureHospitals.eu (2019).

https://project.securehospitals.eu/deliverables/

 

Security Awareness Program Special Interest Group PCI Security Standards Council, “Best practices for implementing a security awareness program”, PCI Data Security Standard (PCI DSS) (2014). https://www.pcisecuritystandards.org/documents/PCI_DSS_V1.0_Best_Practices_for_Im plementing_Security_Awareness_Program.pdf

 

Rajamaki, et al., “Cybersecurity education and training in hospitals: Proactive resilience educational framework (Prosilience EF)”, IEEE Global Engineering Education Conference (EDUCON) (2018).

https://ieeexplore.ieee.org/document/8363488

 

L. Bris, et al., “State of cybersecurity & cyber threats in healthcare organizations: Applied Cybersecurity Strategy for Managers”, Essec Business School, Harvard (2017). https://blogs.harvard.edu/cybersecurity/files/2017/01/risks-and-threats-healthcare- strategic-report.pdf

 

Drougkas, “PROCUREMENT GUIDELINES FOR CYBERSECURITY IN HOSPITALS” ENISA (2020).

 

https://www.enisa.europa.eu/publications/good-practices-for-the-security-of-healthcare- services

 

M. Jofre et al., “Cybersecurity and Privacy Risk Assessment of Point-of-Care Systems in Healthcare—A Use Case Approach”, Appl. Sci., 11, 6699 (2021). doi: 10.3390/app11156699

https://www.mdpi.com/2076-3417/11/15/6699

 

“Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity”, ENISA (2018). https://www.enisa.europa.eu/publications/cybersecurity-culture-guidelines-behavioural- aspects-of-cybersecurity

 

“The Secret to Creating a Cyber Risk-Aware Organization”, Bitsight (2020).

https://info.bitsight.com/secret-to-creating-a-cyber-risk-aware-organization

 

M.S. Jalali, “Cybersecurity in Hospitals: A Systematic, Organizational Perspective”, J Med Internet Res, 20, e10059 (2018).

https://www.jmir.org/2018/5/e10059/

 

Become an L&D Professional”, LinkedIn (2020).

https://www.linkedin.com/learning/paths/become-an-l-d-professional-4

 

Calder, et al., “IT Governance – An International Guide to Data Security and ISO27001/ISO27002”, Kogan Page, Sixth Ed. (2015)

 

“The National Security Plan: Clarification And Examples” EU H2020 SecureHospitals.eu (2019).

https://www.securehospitals.eu/the-national-security-plan-clarification-and-examples/

 

“General Data Protection Regulation”, EU H2020 SecureHospitals.eu (2019). https://www.securehospitals.eu/general-data-protection-regulation/

 

“EU Cybersecurity Act”, EU H2020 SecureHospitals.eu (2019). https://www.securehospitals.eu/eu-cybersecurity-act/

 

“Directive On Security Of Network And Information Systems (NIS Directive)”, EU H2020 SecureHospitals.eu (2019).

https://www.securehospitals.eu/nis-directive/

 

“IEC 80001-1:2010 – Application of risk management for IT-networks incorporating medical devices — Part 1: Roles, responsibilities and activities”, ISO/TC 215 Health informatics (2010).

https://webstore.iec.ch/publication/7482

 

“ISO/IEC 27001 Information Security Management”, ISO/IEC 27000 family (2013).

https://www.iso.org/isoiec-27001-information-security.html

 

“Evaluating Emergency Preparedness Trainings”, Public Health Foundation (PHF) (2020). http://www.phf.org/programs/preparednessresponse/evaluationrepository/Pages/Evaluat ing_Emergency_Preparedness_Trainings.aspx

 

Aumayr, et al., “D5.1. Training Strategy 1”, EU H2020 SecureHospitals.eu (2019). https://project.securehospitals.eu/deliverables/

 

M Curty, M. Jofre et al., “Passive Decoy-State Quantum Key Distribution with Coherent Light”, Entropy, 17, 4064-4082 (2015). doi: 10.3390/e17064064

https://www.mdpi.com/1099-4300/17/6/4064

 

Quigley, “ADDIE: 5 Steps To Effective Training”, Learnupon (2019). https://www.learnupon.com/blog/addie-5-steps/

 

Andriotis, “How to evaluate a training program: The definitive guide to techniques & tools”, Talent LMS (2019).

https://www.talentlms.com/blog/evaluate-employee-training-program/

Ferrel, et al., “Designing learning and assessment in a digital age”, Jisc (2018). https://www.jisc.ac.uk/full-guide/designing-learning-and-assessment-in-a-digital-age

 

“Relevant     standards      for     cybersecurity     for     cybersecurity     risk     management”, Cyberwatching.eu EU H2020 project (2020).

https://www.cyberwatching.eu/relevant-standards-cybersecurity-risk-management

 

J.-P. Quemard, et al., “Guidance and gaps analysis for European standardisation Privacy standards in the information security context”, European Union Agency for Network and Information Security (ENISA) (2018).

https://www.enisa.europa.eu/publications/guidance-and-gaps-analysis-for-european- standardisation

 

WG1: Standardisation, certification and supply chain management, “Overview of existing Cybersecurity standards and certification schemes”, European Cyber Security Organisation (ECSO) (2017).

https://ecs-org.eu/working-groups/wg1-standardisation-certification-and-supply-chain- management

 

“Practical     introductory     guide     to    Technical     Standards     for    Privacy”,    European Telecommunications Standards Institute (ETSI) (2019). https://www.etsi.org/deliver/etsi_tr/103300_103399/103370/01.01.01_60/tr_103370v010101p.pdf

 

“Internal Market, Industry, Entrepreneurship and SMEs”, European Commission (retrieved in 2020).

https://ec.europa.eu/growth/single-market/european-standards/ict-standardisation_en

 

“ISO/IEC 27000 Family”, EU H2020 SecureHospitals.eu (2020).

https://www.securehospitals.eu/iso-iec-27000-family/

 

“ITU-T      Rec.      X.1205      (04/2008)      Overview      of      cybersecurity”,      International Telecommunication Union (ITU) (2020).

https://www.itu.int/rec/dologin_pub.asp?lang=s&id=T-REC-X.1205-200804-I!!PDF-E&type=items

 

“CEN EN ISO 27799:2016”, European Committee for Standardisation (CEN) (2020).

https://www.iso.org/standard/62777.html

 

Files

Minimum Quality Standard For Cybersecurity Training In Healthcare.pdf

Files (298.1 kB)

This site uses cookies. Find out more on how we use cookies