The Cybersecurity Governance Model includes the HealthCare Cybersecurity Governance Tool, the Healthcare Cybersecurity Organisation Model, and the Multi-Dimensional Financial Model.

  • The purpose of the Healthcare Cybersecurity Governance Tool (HCG-Tool) is to evaluate the Information Security Management System (ISMS) of healthcare organisations as a standard entity for cybersecurity management. The HCG-Tool enables the assessment of “Level of Gaps” in relation to diverse cybersecurity standards (ISO 27001, NIST SP800-53 and TOGAF-O-ISMS3), which are combined into a set of “Security Controls” that take into consideration also specific security aspects of the Healthcare domain. The tool assesses the ISMS status and identifies ISMS functions gaps that need to be improved, according to the cyber risk assessment and mitigation actions list.
  • The Healthcare Cybersecurity Organisation  Model manages, deploys and improves the Information Security Management System (ISMS) of healthcare organisations. The model comprises a set of guidelines for designing an IT security structure, enabling any healthcare organisation to identify and implement actions or countermeasures.
  • The Cybersecurity Multi-Dimensional Financial Model supports decision-makers on investments in cybersecurity, to mitigate risk in a sustainable context and optimises insurance purchases, hedging residual risks.



The Cybersecurity Governance Model help hospitals to set-up a security governance assessment capability, with  guided  analysis, organisation  design  with  training  on  how  to  use  the controls’ list and the financial tool. It is designed for:

  • Information  Technology  Managers
  • Information Security Officers
  • Risk Managers
  • Data Protection Officers
  • Hospital (and other Healthcare providers) Top Managers
  • Public Health Managers and Authorities




Watch the video and learn more about the Resilience Governance Tool & Financial Viability Multi-dimensional Model!