Document Type
Conference Proceeding
Publisher
SRI Security Research Institute, Edith Cowan University, Perth, Western Australia
Faculty
Faculty of Health, Engineering and Science
School
ECU Security Research Institute
RAS ID
14274
Abstract
General medical practices’ in Australia are vulnerable to information security threats and insecure practices. It is becoming well accepted in the healthcare environment that information security is both a technical and a human endeavour, and that the human behaviours, particularly around integration with healthcare workflow, are key barriers to good information security practice. This paper develops a holistic capability approach to information security by completing a preliminary iteration of mapping operational capabilities to governance capabilities. Using an operational backup capability matrix exemplar, the approach is analysed against the governance policy capability matrix. The resultant mapping between the operational and governance capability frameworks demonstrates that resilience can be promoted through sound governance. This implies that improved security performance and compliance contributes to measurement and oversight of the governance processes thereby making the organisations demonstrably more resilient to security threats. This paper proposes the need for a holistic capability approach to information security
Access Rights
free_to_read
Comments
Originally published in the Proceedings of the 1st Australian eHealth Informatics and Security Conference, held on the 3rd-5th December, 2012 at Novotel Langley Hotel, Perth, Western Australia