Measuring information security governance within general medical practice

Document Type

Conference Proceeding


Faculty of Computing, Health and Science


School of Computer and Security Science / Centre for Security Research




Mahncke, R., McDermid, D., & Williams, P. (2009). Measuring Information Security Governance Within General Medical Practice. Proceedings of the 7th Australian Information Security Management Conference, (pp. 63--71). Perth, Western Australia. : SECAU _ Security Research Centre, ECU. Available here


Information security is becoming increasingly important within the Australian general medical practice environment as legal and accreditation compliance is being enforced. Using a literature review, approaches to measuring information security governance were analysed for their potential suitability and use within General Practice for the effective protection of confidential information. The models, frameworks and guidelines selected were analysed to evaluate if they were Key Performance Indicator (KPI), or process driven; whether the approach taken was strategic, tactical or operational; and if governance or management assessment tools were presented. To measure information security governance, and be both effective and practical, the approach to be utilised within General Practice would need to function at an operational level and be KPI driven. Eight of the 29 approaches identified, were deemed to be applicable for measuring information security governance within the General Practice environment. However, further analysis indicated that these measurement approaches were either too complex to be directly implemented into General Practice, or collected self-assessment security data rather than actual security measurements. The literature review presented in this paper establishes the need for further research to develop an approach for measuring information security governance within General Practice.



Access Rights




Link to publisher version (DOI)