References

Allen, C. (2012). In Healthcare industry CIOs, CSOs must improve security. Retrieved March 8, 2012 from http://ithealthcare.computerworld.com/health-
care/42988/healthcare-industry-cios-csos-must-improve-security.

Australian Flexible Learning Framework. (2006). Developing an e­learning strategy: BECTRA Matrix. Retrieved April 10, 2012 from http://designing.flexiblelearning.net.au/tours/documents/becta_matrix.pdf

Beveridge, C. (2008). Information governance. Measures for preserving stakeholder confidence. Retrieved February 22, 2009, from http://www.colin-beveridge.com/index.php/downloads/

Committee of Sponsoring organisations of the Treadway Commission (COSO). (2005). Putting COSO theory into practice. Retrieved June 2, 2009, from http://www.coso.org/resources.htm

Department of Health. (1999). Clinical governance baseline assessment tool. Retrieved February 16, 2006 from http://www.health.gov.au/internet/main/publishing.nsf/Content/publications-C

Department of Health. (2005). Clinical Governance Standards for Western Australian Health Services. Retrieved July 31, 2012 from http://www.safetyandquality.health.wa.gov.au/initiatives/clinical_governance.cfm

Department of Health and Ageing. Government of Western Australia. (2005). Clinical Governance Standards for Western Australian Health Services. Retrieved April 10, 2012 from http://www.safetyandquality.health.wa.gov.au/docs/clinical_gov/1.4%20Clinical%20Governance%20Standards.pdf

General Practice Computing Group (GPCG). (2004). Security guidelines for general practitioners. Retrieved June 22, 2009 from http://www.gpcg.org.au/index.php?option=com_content&task=view&id=128&Itemid=38

Hertzog, P. (2010). Open Source Security Testing Methodology Manual (OSSTMM3). Retrieved April 20, 2012 from http://www.isecom.org/research/osstmm.html

ISACA. (2004). CobiT 4. Retrieved July 31, 2012 from http://www.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx

IsecT Ltd. (2012). ISO/IEC 27014 Information technology – Security techniques- Governance of information security (DIS). Retrieved July 31, 2012 from http://www.iso27001security.com/html/27014.html

ISM3 Consortium. (2007). Information security management maturity model. Compared to ISO27001. Version 2.22. Retrieved June 13, 2009 from http://www.ism3.com/index.php?option=com_docman&task=cat_view&gid=1&Itemid=9

International Standards organisation (ISO). (2005). ISO/IEC 27001-2005 International standard - Information technology - Security techniques - Information security management systems - Requirements. Retrieved May 15, 2009 from http://www.iso.org/iso/iso_catalogue/catalogue_ics.htm

International Standards organisation (ISO). (2005). ISO/IEC 27002-2005 International standard - Information technology - Security techniques - Code of practice for information security management. Retrieved May 15, 2009 from http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=42103 uis.georgetown.edu/departments/eets/dw/GLOSSARY0816.html

International Standards organisation (ISO). (2008). ISO 27799-2008 Health informatics — Information security management in health using ISO/IEC 27002. Retrieved June 15, 2009 from http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=41298

International Standards organisation (ISO). (2012). ISO/IEC 27014 Information technology – Security techniques- Governance of information security (DIS). Retrieved July 31, 2012 from http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43754

IT Governance Institute. (2007). CobiT 4.1 Excerpt. Retrieved March 20, 2009, from http://www.itgi.org/Template_ITGI.cfm?Section=Recent_Publications&Template=/ContentManagement/ContentDisplay.cfm&ContentID=45948

Mahncke, R. J., & Williams, P. A. H. (2011). Australian primary care health check: Who is accountable for information security? Proceedings of the 9th Australian Information Security Management Conference, (pp.48-54), SECAU Security Research Centre, Edith Cowan University, Perth, WA.

National Institute of Science and Technology (NIST). (2003). Security Metrics Guide for Information Technology Systems. Special Publication 800-55. Retrieved April 10, 2012 from http://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CCoQFjAA&url=http%3A%2F%2Fcsrc.nist.gov%2Fpublications%2Fnistpubs%2F800-55-Rev1%2FSP800-55-rev1.pdf&ei=RA6ET_npCaSfiAfbu6nLBw&usg=AFQjCNFfHWxb-AEHEGjXfzVIUfdzwitdFw&sig2=ppNBx2DueMxHaDdgyXbwLg

Ponemon Institute. (2009). Electronic Health Information at Risk. Retrieved July 31, 2012 from http://www.ponemon.org/data-security

Poole, V. (2006). Why information security governance is critical to wider corporate governance demands – a European perspective. Retrieved February 22, 2009, http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=30681&TEMPLATE=/ContentManagement/ContentDisplay.cfm

Software Engineering Institute. (2009). Capability Maturity Model for Software (CMM). Retrieved March 12, 2009, from http://www.sei.cmu.edu/cmm/

Standards Australia E-Health. (2003). Information security management: Implementation guide for the healthcare sector. Retrieved June 2, 2009, from http://infostore.saiglobal.com/store/Details.aspx?DocN=AS974265969956

The Royal Australian College of General Practitioners (RACGP). (2010). Computer Security Guidelines (3rd edition). A self assessment guide and checklist for general practice. Retrieved April 10, 2012 from http://www.racgp.org.au/content/navigationmenu/clinicalresources/ehealth/computersecurityguidelines/computersecurityguidelines.pdf

Williams, P. A. H. (2007a). An investigation into information security in general medical practice. PhD. Edith Cowan University, Faculty of Computing,
Health and Science, School of Computer and Information Science. Perth, Western Australia.

Williams, P. A. H. (2007b). A holistic perspective on models for medical information security. In H.R. Arabnia & S. Aissi (Eds.) Proceedings of the 2007, World Congress in Computer Science, Computer Engineering, and Applied Computing - SAM'07 - The 2007 International Conference on Security & Management, 510-519. USA: CSREA Press.

Williams, P. A. H. (2008). The application of CMM to practical medical security capability. Journal: Information Management & Computer Security. 16(1),58 – 73. DOI: 10.1108/09685220810862751. Retrieved June 22, 2009, from Emerald Database.