Information security, cyber crime, and infrastructure protection : information security management within Australian healthcare organisations

Information security is now recognised as critical factor within the healthcare industry. With the gradual move from paper -based to electronic information there is an even greater need for protection. However, financial and operational constraints often exist which influence the practicality of developing a secure system. A new baseline security standard, the Health Information Security Management Implementation Guide, has been drafted which applies specifically to the unique information security requirements of the healthcare industry. The aim of this paper is to look at the effectiveness of the health information security standard and the development of information security within the Australian healthcare industry.

A review of critical information infrastructure protection within IT security guidelines

This research takes the form of a review and looks at the current advisories offered to informationl security professionals in Ihe area of critical information infrastructure protection A critical information infrastructure protection mode! is also presented along with a critical review of some of lhe recent formal guidance that has been offered. The Critical lnformation Infrastructure Protection - Risk Analysis-Methodology (CIlP-RAM) is then offered as a solution to the lack of information and advice.

CIIP-RAM - a step-wise security risk analysis methodology for critical information infrastructure protection

Wilh the protection of critical information infrastructure becoming a priority for all levels of management. there is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. The fourth generation security risk analysis melhod which copes wilh the shift from computer/information security to critical information iinfrastructure protectionl is lhe next step toward handling security risk at all levels. The paper will present the methodology of
fourth generation models and their application to critical information infrastructure protection and the associated advantagess of this methodology.

A risk analysis approach to critical information infrastructure protection

Critical Information Infrastructure (CII) has become a priority for all levels of management, It is one of the key components of efficient business and business continuity plans. There is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. Critical Information Infrastructure Protection - Risk Analysis Methodology
(ClIP-RAM), is a new security risk analysis method which copes with the shift from computer/information security to critical information infrastructure protection. This type of methodology is the next step toward handling information technology security risk at all levels from upper management information security down to firewall configurations. The paper will present the methodology of the new techniques and their application to critical information infrastructure protection. The associated advantages of this methodology will also be discussed.

Critical infrastructure protection, modelling and management: an Australian commercial case study

This research extends upon the previous work of Pye and Warren (2005) and presents a refinement of the previously proposed critical infrastructure model to enhance further our understanding and apprecication of where the likely inter-play and existance of dependency relationships between infrastructures coexist.

These associations are presented as a number of linkages that exist within each sector of Australia'a critical infrastructure, which is then extended further to the modelling of dependency inter-relationships that exist between critical infrastructures itilising Petri Nets.  The recognition and identification of such reliance relationships between critical infrastructures is necessary to allow both infrastructure owners and the government to identify and effectively manage and maintain the security, stability and availability of their particular critical infrastructure against potential scenario driven effects.  These issues are reflected within a case study as modelled using the Petri Net approach to encapsulate the issues of reliance relationships by drawing upon an Australian commercial case study.

Commercial critical systems and critical infrastructure protection : a future research agenda

Secure management of Australia’s commercial critical infrastructure presents ongoing challenges to owners and the government. Although it is currently managed through high-level information sharing via collaboration, but does this suit the commercial sector. One of the issues facing Australia is that the majority of critical infrastructure resides under the control of the business sector and certain aspects such of the critical infrastructure such as Supply Chain Management (SCM) systems are distributed entities and not a single entity. The paper focuses upon the security issues associated with SCM systems and critical infrastructure protection.

Supply chain management security : the weak link of Australian critical infrastructure protection

Secure management of Australia’s commercial Critical Infrastructure presents ongoing challenges to both the owners of this infrastructure as well as to the Australian Federal government. The security management process is currently managed through high-level information sharing via collaboration, but does this situation suit the commercial sector? One of the issues facing Australia is that the majority of critical infrastructure resides under the control of the business sector and certain aspects such of the critical infrastructure such as Supply Chain Management (SCM) systems are distributed entities that span a number of commercial organisations. Another issue is that these SCM systems can be used for the transportation of varied items, such as retail items or food. This paper will explore the security issue related to food SCM systems and their relationship to critical infrastructure. The paper will focuses upon the security and risk issues associated with SCM system protection within the realms of critical infrastructure protection. The paper will review the security standard ISO 28000 - Supply Chain Security Management Standard. The paper will propose a new conceptual security risk analysis approach that will form the basis of a future Security Risk Analysis approach. This new approach will be aimed at protecting SCM systems.

Australian critical infrastructure protection : a case of two tales

The protection of critical irifrastructures and the choices made in terms of priorities and cost, all impact upon the planning, precautions and security aspects of protecting these important systems. Often the when choices made is difficult to assess at the time the decision is taken and it is only after an incident that the truth of the choices made become fit!ly evident. The paper focllses on two recent examples of Australian Critical Infrastructure protection and the issues that related to those examples.

Critical supply chain systems and critical infrastructure protection

Secure management of Australia's commercial critical infrastructure presents ongoing challenges to both the owners of this infrastructure as well as to the government. It is currently managed through high-level information sharing via collaboration but does this situation suit the commercial sector? One of the issues facing Australia is that the majority of critical infrastructure resides under the control of the business sector and certain aspects such of the critical infrastructure such as supply chain management (SCM) systems are distributed across a number of entities. The paper focuses upon the security and risk issues associated with SCM systems within the realms of critical infrastructure protection.

Australian national critical infrastructure protection : a case study

Australia has developed sophisticated national security policies and physical security agencies to protect against current and future security threats associated with critical infrastructure protection and cyber warfare protection. This paper will discuss some of the common security risks that face Australia and how their government policies and strategies have been developed and changed over time, for example, the proposed Australian Homeland Security department. This paper will discuss the different steps that Australia has undertaken in relation to developing national policies to deal with critical infrastructure protection.

Australian commercial-critical infrastructure management protection

Secure management of Australia's commercial critical infrastructure presents ongoing challenges to owners and the government. Although managed via a high-level information sharing collaboration of government and business, critical infrastructure protection is further complicated by the lack of a lower-level scalable model exhibiting its various levels, sectors and sub-sectors. This research builds on the work of Marasea (2003) to establish a descriptive critical infrastructure model and also considers the influence and proposed modelling of critical infrastructure dependency inter-relationships.