The Cyber Security Risk Assessment Maturity of Hospitals
MetadataShow full item record
As cyber security becomes more important at hospitals, the components of cyber security should be improved as well. Cyber security risk assessment (CSRA) is one of these important components of cyber security. This research develops a Hospital Cybersecurity Risk Assessment Maturity Model (HCRAMM) to enable hospitals to measure the maturity of their CSRA process. The research starts with a systematic literature research and a comparison analysis of CSRA related methods to identify important concepts and requirements for the HCRAMM. The HCRAMM is then further iteratively improved by 17 expert interviews, of which four were used to validate final results, among security officers of hospitals and other cyber security experts in the health-care sector. The developed HCRAMM is translated into a survey, which in turn is distributed among hospitals in the Netherlands. From this thesis research it is concluded that the HCRAMM is a useful tool to measure the maturity of CSRA. Also hospitals have large opportunities to improve their CSRA by increasing the awareness and skills of human capital related to the risk assessment as well as the improvement of process structures, which then could enable the use of more tools and quantification as to improve the maturity. Finally a more sophisticated form of iterative improvement could be obtained from the use of centralized information storage and retrieval considering the data needed and processed during the CSRA process.