Document Type

Conference Proceeding


SRI Security Research Institute, Edith Cowan University, Perth, Western Australia


1st Australian eHealth Informatics and Security Conference, held on the 3rd-5th December, 2012 at Novotel Langley Hotel, Perth, Western Australia


General medical practices’ in Australia are vulnerable to information security threats and insecure practices. It is becoming well accepted in the healthcare environment that information security is both a technical and a human endeavour, and that the human behaviours, particularly around integration with healthcare workflow, are key barriers to good information security practice. This paper develops a holistic capability approach to information security by completing a preliminary iteration of mapping operational capabilities to governance capabilities. Using an operational backup capability matrix exemplar, the approach is analysed against the governance policy capability matrix. The resultant mapping between the operational and governance capability frameworks demonstrates that resilience can be promoted through sound governance. This implies that improved security performance and compliance contributes to measurement and oversight of the governance processes thereby making the organisations demonstrably more resilient to security threats. This paper proposes the need for a holistic capability approach to information security