Curriculum Wizard

1. Organisational level

Digital (health) technologies in the organisation

The healthcare organisation makes use of
Mobile technologies (non-medical)
Mobile technologies (medical)
Desktop technologies
Bring Your Own Device
Bring Your Own Software
The healthcare organisation makes use of technologies that run on legacy software
Yes
No
I am not sure
The healthcare organisation maintains its IT (regularly/according to guidelines/best practices)
Yes
No
I am not sure
Employees have to (be able to) use a variety of digital (health) technologies and applications as part of their work
Yes
No
I am not sure
The healthcare organisation makes the necessary resources available for cybersecurity protection and upkeep
Yes
No
I am not sure

Organisational policies

Employees are able to find the organisation’s security policies (including guidelines, rules and procedures)
1
2
3
4
5
There are no such policies or directives
Employees know how to respond to (suspected) data breaches in line with the healthcare organisation’s policies (e.g. they know who to contact in case they think a data breach occurred)
1
2
3
4
5
Employees know how they can access work files remotely
1
2
3
4
5
This is not possible for this healthcare organisation
Employees know how they can access shared work files securely
1
2
3
4
5
This is not possible for this healthcare organisation
Employees are aware of the rules surrounding their use of social media in relation to their work
1
2
3
4
5
Employees are familiar with the healthcare organisation’s policies regarding passwords, their access credentials and/or other tokens/badges
1
2
3
4
5

Security culture

The healthcare organisation promotes/communicates cybersecurity as a key objective to its staff members, patients, suppliers
1
2
3
4
5
Management level employees are active supporters of cybersecurity
1
2
3
4
5
Cybersecurity is communicated as a shared responsibility for all employees
1
2
3
4
5
Employees are encouraged to give feedback on cybersecurity concerns to colleagues - including to those in a higher position
1
2
3
4
5
Most employees accept (new) cybersecurity-related interventions/measures in the healthcare organisation
1
2
3
4
5
Employees are free to point out possible cybersecurity risks in the healthcare organisation to management or IT/security personnel
1
2
3
4
5

Training and education strategy by the healthcare organisation

Employees receive dedicated training on working with (new) digital health technologies
Yes
No
Sometimes
Employees receive regular training on cybersecurity and/or privacy topics
Yearly
Monthly
Independent learning options
Never

2. Employee level

Skills, knowledge and awareness of cybersecurity (risks)

Most employees are aware of their own role/responsibility surrounding topics of cybersecurity
1
2
3
4
5
Most employees are aware of the risks that may result from incorrect use of digital healthcare technologies
1
2
3
4
5
Most employees have a basic level of digital literacy*
1
2
3
4
5
Most employees know about cybersecure digital (health) technologies
1
2
3
4
5
Employees are aware of the rules surrounding their use of social media in relation to their work
1
2
3
4
5
Employees are familiar with the risks linked to a bad/incorrect use of passwords, access credentials and/or tokens or badges
1
2
3
4
5

Beliefs and attitude towards digital (health) technology and cybersecurity

Most employees believe that digital (health) technologies are a positive development in healthcare
1
2
3
4
5
Most employees believe that cybersecurity is an important topic for healthcare organisations
1
2
3
4
5
Most employees feel confident in using digital (health) technologies
1
2
3
4
5
Most employees believe that they can contribute to organisational cybersecurity protection
1
2
3
4
5
Most employees believe that they can protect their personal devices etc in the context of cybersecurity
1
2
3
4
5

Cybersecurity behaviour

Most employees comply with the healthcare organisation’s policies regarding passwords (e.g. update passwords, do not share their access credentials and/or other tokens/badges with others)
1
2
3
4
5
Employees have found ways around policies that they see as blocking normal work or creating unnecessary work
1
2
3
4
5
Employees openly address security risks (if/when they become aware of them), such as unlocked computers or devices, leaving confidential information in plain sight, etc.
1
2
3
4
5
Employees discuss non-cybersecure behaviour with colleagues
1
2
3
4
5
Employees ask questions about cybersecurity-related topics
1
2
3
4
5
Employees actively respond to cybersecurity advice
1
2
3
4
5

3. Training aspects

Training group composition

Training participants have had limited to no real life experience with cybercrime or data breaches
1
2
3
4
5
The training participants have no extensive knowledge on IT
1
2
3
4
5
The training participants have no extensive knowledge on cybersecurity
1
2
3
4
5
Training participants within one group are likely to have different levels of experience/expertise with digital (health) technologies
1
2
3
4
5

Training content and structure

The training participants have access to
Personal data (patients)
Medical data (patients)
IT/Infrastructure data
Personnel data
Financial data
The group will likely consist of [x] people per session
1-10
11-25
26 or more
Not decided yet
The group wil consist of
Management level staff
Medical staff
IT staff
Support staff
Board members
Other staff groups or a mix of different staff groups
The training's purpose is to
Refresh existing knowledge
Raise awareness
Teach new skills/knowledge
Other
The training will focus on a preselected topic
Yes
No
I need inspiration!
The trainer will make use of preexisting materials
Yes
No
I need inspiration!
The training will use tools that the organisation already has available
Yes
No
I need inspiration!
The training will make use of a predetermined training.instruction method
Yes
No
I need inspiration!
The training will take place at an
Internal location
External location
Not decided yet
The training will consist of multiple sessions
Yes
No
Maybe
The training will have an online component
Yes
No
Maybe
The organisation will use the services of an external trainer/training developer
Yes
No
Maybe

Assessment

Training participants will be assessed
Yes
No
Maybe
Assessment will occurr with predetermined methods
Yes
No
I need inspiration!
A positive assessment result will result in a reward
Yes, a certificate
Yes, accreditation points
Yes, other forms of recognition
No reward

Evaluation

The training will be evaluated
Yes
No
Maybe