Step 2: Define critical assets

To identify the critical assets, we suggest a brainstorming on hospital areas/functions (care or technical units) by physicians, nurses and engineers which are more likely to be exposed to a terrorist threat and which have more impact on the hospital activity. This brainstorming is supported by an “as-is” model of the hospital which maps the potential critical assets and their environment. Our IDEFØ model is used for the critical asset identification and location.

To evaluate the criticality of the hospital area/function (called critical asset), the criteria below can be selected: the number of people involved (P), the added value (remuneration of economic activity or chargeback) to hospital (V), and the ease of access i.e. the context (C). The asset severity ranking will also be measured through a weighted sum and be equal to Ar (Asset severity Ranking) = b1 * P + b2 * V + b3 * C with b1 + b2 + b3 = 1 and V, P, C belong to {1, 2, 3, 4, 5}.

The following table is shown as an example of how we summarize the information specifying the objective of a potential attack and the related critical assets