Let's work together

Case study: Healthcare Cybersecurity Awareness (Rise 360 demo)

From pre-course analysis to a scenario-led Rise 360 experience for clinical and admin staff

Self-initiated portfolio project (not commissioned). Shows my end-to-end workflow: audience & risk analysis, behaviour-focused objectives, scenario-based structure, and Rise 360 development for busy, non-technical healthcare learners.

castle, keyboard, padlock, security, secure, protection, shut off, symbols, online, internet, www, web, worldwide, world wide web, communication, computer science, digital, network, networking, seek, social media, social, course, monitor

Instructional Design Case Study Pre-Course Analysis for a Cybersecurity Awareness Programme

This page presents the instructional analysis conducted before designing and developing a cybersecurity awareness training programme for healthcare professionals.

The project was developed within the context of increasing cyber threats targeting healthcare organisations and aligns with the European Commission’s strategic priorities for cybersecurity and digital resilience in healthcare environments.

Before creating any learning content, a structured analysis was carried out to ensure that the training would address real operational risks, human behaviour factors, and organisational constraints, rather than delivering generic or purely technical information.

The purpose of this analysis was to:

  • Understand the learning context and audience profiles

  • Identify behavioural risks and knowledge gaps

  • Define a learning strategy grounded in real workplace situations

  • Ensure alignment between organisational needs, regulatory context, and learning outcomes

This analysis phase directly informed all subsequent instructional design decisions and served as the foundation for the course structure, learning objectives, and delivery format.

The analysis focused on understanding who the learners are, how they work, and where risks actually occur in daily clinical practice.

Key elements of the analysis included:

Audience analysis

  • Healthcare professionals with non-technical backgrounds

  • Diverse roles with different exposure levels to digital systems

  • Limited time availability and high cognitive workload

Behavioural risk identification

  • Reliance on routine and time-pressured decision-making

  • High exposure to phishing and social engineering attempts

  • Assumptions that cybersecurity is an “IT responsibility”

Learning gaps

  • Lack of awareness of how everyday actions contribute to security incidents

  • Difficulty recognising early warning signs of cyber threats

  • Uncertainty about correct actions when incidents occur

Contextual constraints

  • Clinical environments where interruptions are frequent

  • Learning must be concise, practical, and immediately applicable

  • Training must support, not disrupt, existing workflows

This analysis confirmed that the primary challenge was behavioural and procedural, not technical knowledge.

Based on the findings of the analysis, the learning strategy was designed to prioritise behaviour change over information delivery.

The instructional design approach followed a structured process aligned with ADDIE principles, with a strong emphasis on the analysis and design phases.

Key strategic decisions informed by the analysis included:

  • Defining behaviour-focused learning objectives rather than technical objectives

  • Structuring content around realistic workplace scenarios

  • Designing learning for short, self-paced engagement

  • Using clear, jargon-free language suitable for non-technical audiences

  • Embedding decision-making moments that mirror real clinical situations

Several approaches were intentionally excluded, including:

  • Long theoretical explanations

  • Overly technical content

  • One-size-fits-all training formats

The analysis ensured that every design choice served a clear instructional purpose and addressed an identified risk or learning need.

This case study demonstrates why instructional analysis must precede content creation, especially in high-risk, high-pressure environments such as healthcare.

Conducting a structured pre-design analysis:

  • Prevents the creation of irrelevant or overwhelming training

  • Reduces cognitive load for learners

  • Aligns learning with real-world behaviour and workflows

  • Supports measurable, meaningful learning outcomes

Rather than starting with content or tools, the process began with understanding the problem to be solved.

This analysis ensured that the final training addressed real risks and behaviours, not just theoretical knowledge.

Note on methodology

This analysis represents the standard pre-design process I follow before creating any digital learning programme.

This case study provides a structured summary of the key analysis stages. A more detailed, step-by-step version is available right below—download the PDF to see the complete analysis and how it was developed for this course.

Download PDF