Open Access. Powered by Scholars. Published by Universities.®
- Discipline
Articles 1 - 22 of 22
Full-Text Articles in Computer Sciences
Security Readiness Evaluation Framework For Tonga E-Government Initiatives, Raymond Lutui, Semisi Hopoi, Siaosi Maeakafa
Security Readiness Evaluation Framework For Tonga E-Government Initiatives, Raymond Lutui, Semisi Hopoi, Siaosi Maeakafa
Australian Information Security Management Conference
The rapid expansion of the Information and Communication Technologies (ICTs) in the Pacific have reached the Kingdom of Tonga. The submarine fibre-optic cable which connects Tonga to Fiji and onward to a hub in Sydney went live 2013. Now the people of Tonga experience the high-speed impact of digital communication, fast international access, and social changes such as the government is implementing a digital society through e-government services. This study focuses on identifying the factors that will later become a vulnerability and a risk to the security of Tonga government e-government initiatives. Data was collected through interviews with three government …
Literature-Based Analysis Of The Influences Of The New Forces On Isms: A Conceptual Framework, Zahir Al-Rashdi, Martin Dick, Ian Storey
Literature-Based Analysis Of The Influences Of The New Forces On Isms: A Conceptual Framework, Zahir Al-Rashdi, Martin Dick, Ian Storey
Australian Information Security Management Conference
This paper presents an analysis that arose from a comprehensive review of the academic and professional literature of two areas – information security management systems (ISMS) and information resources – and their relationship with information security. It analyzes the role of ISMS in protecting an organization’s information environment and infrastructure. It has identified four key areas that strongly influence the safety of information resources: cloud computing; social media/networking; mobility; and information management/big data. Commonly referred to as ‘new forces’, these four aspects are all growing exponentially and are not easily controlled by IT. Another key finding of the paper is …
The Application Of An Agile Approach To It Security Risk Management For Smes, Damien Hutchinson, Chris Armitt, Dean Edwards-Lear
The Application Of An Agile Approach To It Security Risk Management For Smes, Damien Hutchinson, Chris Armitt, Dean Edwards-Lear
Australian Information Security Management Conference
This paper demonstrates the application of an agile risk management approach to perform asset-based risk analysis to meet the information security requirements of SMEs (Small and Medium-sized Enterprises). This approach is proposed as an alternative to traditional methods that are cumbersome, resource intensive and costly, often hindering their value and use by SMEs. The organisation being studied is an Aged Care Facility (ACF) with legal and ethical responsibilities. Within the business there is little knowledge regarding potential information technology threats that could impact on these responsibilities. The ACF maintains a system containing client personal and medical records, network communications, as …
The Mobile Execution Environment: A Secure And Non-Intrusive Approach To Implement A Bring You Own Device Policy For Laptops, Peter James, Don Griffiths
The Mobile Execution Environment: A Secure And Non-Intrusive Approach To Implement A Bring You Own Device Policy For Laptops, Peter James, Don Griffiths
Australian Information Security Management Conference
Bring Your Own Device (BYOD) has become an established business practice, however the practice can increase an organisation’s information security risks. The implementation of a BYOD policy for laptops must consider how the information security risks can be mitigated or managed. The selection of an appropriate secure laptop software configuration is an important part of the information security risk mitigation/management strategy. This paper considers how a secure laptop software configuration, the Mobile Execution Environment (MEE) can be used to minimise risks when a BYOD policy for laptops is implemented. In this paper the security and business risks associated with the …
Understanding The Management Of Information Security Controls In Practice, Daniel Bachlechner, Ronald Maier, Frank Innerhofer-Oberperfler, Lukas Demetz
Understanding The Management Of Information Security Controls In Practice, Daniel Bachlechner, Ronald Maier, Frank Innerhofer-Oberperfler, Lukas Demetz
Australian Information Security Management Conference
The ever greater reliance on complex information technology environments together with dynamically changing threat scenarios and increasing compliance requirements make an efficient and effective management of information security controls a key concern for most organizations. Good practice collections such as COBIT and ITIL as well as related standards such as the ones belonging to the ISO/IEC 27000 family provide useful starting points for control management. However, neither good practice collections and standards nor scholarly literature explain how the management of controls actually is performed in organizations or how the current state-of-practice can be improved. A series of interviews with information …
Help Or Hindrance: The Practicality Of Applying Security Standards In Healthcare, Patricia A H Williams
Help Or Hindrance: The Practicality Of Applying Security Standards In Healthcare, Patricia A H Williams
Australian Information Security Management Conference
The protection of patient information is now more important as a national e-health system approaches reality in Australia. The major challenge for health care providers is to understand the importance information security whilst also incorporating effective protection into established workflow and daily activity. Why then, when it is difficult for IT and security professionals to navigate through and apply the myriad of information security standards, do we expect small enterprises such as primary health care providers to also be able to do this. This is an onerous and impractical task without significant assistance. In the development of the new Computer …
Are Existing Security Models Suitable For Teleworking?, Peter James
Are Existing Security Models Suitable For Teleworking?, Peter James
Australian Information Security Management Conference
The availability of high performance broadband services from the home will allow a growing number of organisations to offer teleworking as an employee work practice. Teleworking delivers cost savings, improved productivity and provides a recruitment policy to attract and retain personnel. Information security is one of the management considerations necessary before an effective organisational teleworking policy can be implemented. The teleworking computing environment presents a different set of security threats to those present in an office environment. Teleworking requires a security model to provide security policy enforcement to counter the set of security threats present in the teleworking computing environment. …
An Information Security Governance Framework For Australian Primary Care Health Providers, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A H Williams
An Information Security Governance Framework For Australian Primary Care Health Providers, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A H Williams
Australian Information Security Management Conference
The competitive nature of business and society means that the protection of information, and governance of the information security function, is increasingly important. This paper introduces the notion of a governance framework for information security for health providers. It refines the idea of an IT Balanced Scorecard into a scorecard process for use in governing information security for primary care health providers, where IT and security skills may be limited. The approach amends and justifies the four main elements of the scorecard process. The existence of a governance framework specifically tailored for the needs of primary care practice is a …
An Analytical Study Of It Security Governance And Its Adoption On Australian Organisations, Tanveer A. Zia
An Analytical Study Of It Security Governance And Its Adoption On Australian Organisations, Tanveer A. Zia
Australian Information Security Management Conference
Contemporary organisations are at infancy stages of adopting IT governance processes in Australia. Organisations who have adopted these processes underestimate the security processes within the governance framework. If the security processes are designed, they are often flawed with operational level implementation. This study investigates IT security governance broadly and in Australian organisations specifically. The objective of this study is to bring the local organisations in alignment with international standards and frameworks in terms of integration of information security, IT audits, risks and control measures. A survey of selected organisations is completed and results are presented in this paper identifying the …
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Electronic-Supply Chain Information Security: A Framework For Information, Alizera Bolhari
Australian Information Security Management Conference
Over the last few years, the materials and distribution management has developed into a broader strategic approach known as electronic supply chain management by means of information technology. This paper attempts to visibly describe supply chain management information security concepts which are necessary for managers to know about. So, the depth of information presented in this paper is calibrated for managers, not technical security employees or agents. Global supply chains are exposed to diverse types of risks that rise along with increasing globalization. Electronic supply chains will be more vulnerable from information security (IS) aspect among other types of supply …
Challenges In Improving Information Security Practice In Australian General Practice, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A. Williams
Challenges In Improving Information Security Practice In Australian General Practice, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A. Williams
Australian Information Security Management Conference
The status of information security in Australian medical general practice is discussed together with a review of the challenges facing small practices that often lack the technical knowledge and skill to secure patient information by themselves. It is proposed that an information security governance framework is required to assist practices in identifying weaknesses and gaps and then to plan and implement how to overcome their shortcomings through policies, training and changes to processes and management structure.
Measuring Information Security Governance Within General Medical Practice, Rachel J. Mahncke, Donald C. Mcdermid, Patricia A. Williams
Measuring Information Security Governance Within General Medical Practice, Rachel J. Mahncke, Donald C. Mcdermid, Patricia A. Williams
Australian Information Security Management Conference
Information security is becoming increasingly important within the Australian general medical practice environment as legal and accreditation compliance is being enforced. Using a literature review, approaches to measuring information security governance were analysed for their potential suitability and use within General Practice for the effective protection of confidential information. The models, frameworks and guidelines selected were analysed to evaluate if they were Key Performance Indicator (KPI), or process driven; whether the approach taken was strategic, tactical or operational; and if governance or management assessment tools were presented. To measure information security governance, and be both effective and practical, the approach …
Case Study On An Investigation Of Information Security Management Among Law Firms, Sameera Mubarak, Elena Sitnikova
Case Study On An Investigation Of Information Security Management Among Law Firms, Sameera Mubarak, Elena Sitnikova
Australian Information Security Management Conference
The integrity of lawyers trust accounts as come under scrutiny in the last few years. There have been many incidents of trust account fraud reported internationally, including a case in Australia, where an employee of a law firm stole $4,500,000 from the trust funds of forty-two clients. Our study involved interviewing principles of ten law companies to find out solicitors’ attitudes to computer security and the possibility of breaches of their trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account …
Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward
Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward
Australian Information Security Management Conference
A security policy which includes the appropriate phases of implementation, enforcement, auditing and review is vital to protecting an organisations information security. This paper examined the information security policy of a government organisation in response to a number of perceived shortcomings. The specific issues identified relating to the organisations security policy as a result of this investigation were as follows: a culture of ignoring policies, minimal awareness of policies, minimal policy enforcement, policy updating and review ad hoc at best, policy framework, lengthy policy development and approval process, no compliance program, no formal non-compliance reporting and an apparent inconsistent enforcement …
What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams
What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams
Australian Information Security Management Conference
The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and …
Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad
Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad
Australian Information Security Management Conference
Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is significant, many researchers have called for the creation of information security culture (ISC) in organizations to influence the actions and behaviour of employees towards better organizational information security. Although researchers have called for the creation of ISC to be embedded in organizations, nonetheless, literature suggests that little past research examining the relationship between the nature of OC and ISC. …
Information Security Governance And Boards Of Directors: Are They Compatible?, Endre Bihari
Information Security Governance And Boards Of Directors: Are They Compatible?, Endre Bihari
Australian Information Security Management Conference
This paper presents a critique of emergent views on the roles of the boards of directors in relation to information security. The analysis highlights several concerns about the separation and validation of proper theory and business assertions of information security at board level. New requirements articulated by industry bodies – represented by a selected group of experts and evident in literature – are compared to the underlying theory of corporate governance to identify possible discrepancies. The discussion shows in particular the importance of staying within the theoretical underpinnings of corporate governance when discussing the topic of governance in general and …
Improving Information Security Management In Nonprofit Organisations With Action, Mark Carey-Smith, Karen Nelson, Lauren May
Improving Information Security Management In Nonprofit Organisations With Action, Mark Carey-Smith, Karen Nelson, Lauren May
Australian Information Security Management Conference
Information security is vital for protecting important assets of organisations, including the information resources and the organisation’s reputation. In Australia, the nonprofit sector makes a significant contribution to society but is under represented in the information security literature. This paper describes research in progress that is investigating and improving information security management in some nonprofit organisations (NPOs), which incorporates a participatory action research methodology. This approach will enhance the skill set likely to be present in Australian nonprofit organisations, producing a more sustainable solution, as well as contributing to the open literature. The Technology Acceptance Model will be utilised as …
Medical Insecurity: When One Size Does Not Fit All, Patricia A. Williams
Medical Insecurity: When One Size Does Not Fit All, Patricia A. Williams
Australian Information Security Management Conference
Security is most commonly seen as a business concept. This is one reason for the poor uptake and implementation of standard security processes in non-business environments such as general medical practice. It is clear that protection of sensitive patient information is imperative yet the overarching conceptual business processes required to ensure this protection are not well suited to this context. The issue of sensitivity of information, together with the expectation that security can be effectively implemented by non-security trained professionals creates an insecure environment. The general security processes used by business, including those for risk assessment, are difficult to operationally …
Evolution Of A Database Security Course: Using Non-Enterprise Teaching Tools, Justin Brown
Evolution Of A Database Security Course: Using Non-Enterprise Teaching Tools, Justin Brown
Australian Information Security Management Conference
This paper examines the issues in delivering a university unit of teaching in database security, examining problems in database environment selection and the ability to provide hands on training for students via oncampus and online modes. Initial problems with Linux and then Windows based enterprise database environments prompted the adoption of Microsoft Access as a database tool that was easier to deliver in-class and online. Though Access is file based and has fundamental flaws in its security implementation (within the enterprise context) it can be tweaked to emulate RDBMS level security, allowing students to see how a properly designed security …
Electronic Surveillance In Hospitals: A Review, Sue Kennedy
Electronic Surveillance In Hospitals: A Review, Sue Kennedy
Australian Information Security Management Conference
This paper focuses on the increasing use of electronic surveillance systems in hospitals and the apparent lack of awareness of the implications of these systems for privacy of the individual. The systems are used for identification and tracking of equipment, staff and patients. There has been little public comment or analysis of these systems with regard to privacy as their implementation has been driven by security issues. The systems that gather this information include video, smart card and more recently RFID systems. The system applications include tracking of vital equipment, labelling of blood and other samples, tracking of patients, new …
Telemedicine And The Digital Door Doctor, Darren Webb, Patricia A. Williams
Telemedicine And The Digital Door Doctor, Darren Webb, Patricia A. Williams
Australian Information Security Management Conference
Telemedicine is changing the way medicine can be practiced, and how medical knowledge is communicated, learnt and researched in today’s technologically oriented society. The adoption of internet based communication has significantly expanded the patients’ ability to access a multitude of world class medical information. Research has shown that patients would welcome the ability to consult a doctor using the same computing tools they use to communicate with family, friends and work colleagues. This paper discusses the use of telemedicine today and how it could be used to access medical services from home. Further, it investigates the incentives and barriers to …