An information security governance encounter for Australian primary care health providers
CSREA Press, USA
Faculty of Computing, Health and Science
School of Computer & Security Science/Security Research Centre (secAU)
The competitive nature of business and society means that the protection of information, and governance of the information security function, is increasingly important. This paper illustrates how a governance framework for information security for health providers might be utilized within a meeting to discuss and report on information security governance in a small Australian medical general practice. It uses the idea of an IT Balanced Scorecard as a process for use in governing information security for primary care health providers (general practices), where IT and security skills may be limited. The challenge is that any governance framework needs to be understandable to the target audience so that they can participate in the decisions to be taken at a meeting where governance is reviewed. This paper addresses that challenge by demonstrating how a meeting might unfold by taking typical breaches and showing how governance issues could be resolved and improved.