Case Study: eHealth Environment Threat and Risk Assessment

Business Aspect was initially engaged to refine and redevelop the eHealth information security framework. The purpose of the framework was to provide a consistent and standards-based approach to information security controls for eHealth related systems and environments in Australia.

Following on from Business Aspect’s work in defining the eHealth information security framework a further engagement was undertaken to perform a threat and risk assessment (TRA) for a significant national repository which would become a key component of the federal eHealth infrastructure. The risk assessment had a number of complexities and stringent compliance drivers. A detailed compliance assessment was also undertaken against the Commonwealth Government Information Security Manual (ISM) controls, supplemented with the eHealth information security framework controls where appropriate.