School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
The competitive nature of business and society means that the protection of information, and governance of the information security function, is increasingly important. This paper introduces the notion of a governance framework for information security for health providers. It refines the idea of an IT Balanced Scorecard into a scorecard process for use in governing information security for primary care health providers, where IT and security skills may be limited. The approach amends and justifies the four main elements of the scorecard process. The existence of a governance framework specifically tailored for the needs of primary care practice is a critical success factor if such organizations are to move to a robust level of information security. The challenge is twofold. Firstly, measures for governance need to be understandable to the target audience using the framework. Secondly, the number of measures needs to be controllable otherwise the process will become unviable and unused. This research synthesizes existing models and industry standards to formulate a new governance process that meets these two important criteria. The contribution of this research is in the refinement of governance metrics to make them useful to healthcare providers, specifically in relation to IT and new information communication technologies.