Introduction to the MedISA Catalogue

The MedISA Catalog summarizes key findings of the MedISA project aimed at promoting information security awareness in medical institutions. It combines practice-oriented measures and well-founded tools for evaluation, developed in close collaboration with various professional groups – including physicians, nursing staff, and information security officers.

Measures

• General nudges to promote security-compliant behavior
• Anti-phishing nudges

Assessment Tools

• sHAIS-Q (short Human Aspects of Information Security Questionnaire)
• eHAIS-Q (extended version of the HAIS-Q)
• Objective KPIs for behavior and impact measurement

Important Notes

The measures presented here are not to be understood as universally applicable solutions. Their effectiveness is context-dependent and requires individual adaptation to the specific organizational framework. To achieve a sustainable improvement in information security awareness, continuous evaluation is also necessary – for example, by embedding the measures into appropriate study designs.

Concerning assessment tools is important to note that only aggregated indicators should be used, and no individual performance monitoring or control should take place.