479 resultados para security governance
Resumo:
Extracting and aggregating the relevant event records relating to an identified security incident from the multitude of heterogeneous logs in an enterprise network is a difficult challenge. Presenting the information in a meaningful way is an additional challenge. This paper looks at solutions to this problem by first identifying three main transforms; log collection, correlation, and visual transformation. Having identified that the CEE project will address the first transform, this paper focuses on the second, while the third is left for future work. To aggregate by correlating event records we demonstrate the use of two correlation methods, simple and composite. These make use of a defined mapping schema and confidence values to dynamically query the normalised dataset and to constrain result events to within a time window. Doing so improves the quality of results, required for the iterative re-querying process being undertaken. Final results of the process are output as nodes and edges suitable for presentation as a network graph.
Resumo:
In an increasingly business technology (BT) dependent world, the impact of the extraordinary changes brought about by the nexus of mobile and cloud technologies, social media and big data is increasingly being felt in the board room. As leaders of enterprises of every type and size, board directors can no longer afford to ignore, delegate or avoid BT-related decisions. Competitive, financial and reputational risk is increased if boards fail to recognize their role in governing technology as an asset and in removing barriers to improving enterprise business technology governance (EBTG). Directors’ awareness of the need for EBTG is increasing. However, industry research shows that board level willingness to rectify the gap between awareness and action is very low or non-existent. This literature review-based research identifies barriers to EBTG effectiveness. It provides a practical starting point for board analysis. We offer four outcomes that boards might focus on to ensure the organizations they govern are not left behind by those led by the upcoming new breed of technology-savvy leaders. Most extant research looks backward for examples, examining data pre-2010, the time when a tipping point in the personal and business use of multimedia and mobile-internet devices significantly deepened the impacts of the identified nexus technology forces, and began rapidly changing the way many businesses engage with their customers, employees and stakeholders. We situate our work amidst these nexus forces, discuss the board’s role in EBTG in this context, and modernize current definitions of enterprise technology governance. The primary limitation faced is the lack of scholarly research relating to EBTG in the rapidly changing digital economy. Although we have used recent (2011 - 2013) industry surveys, the volume of these surveys and congruence across them is significant in terms of levels of increased awareness and calls for increased board attention and competency in EBTG and strategic information use. Where possible we have used scholarly research to illustrate or discuss industry findings.
Resumo:
The Australian Business Assessment of Computer User Security (ABACUS) survey is a nationwide assessment of the prevalence and nature of computer security incidents experienced by Australian businesses. This report presents the findings of the survey which may be used by businesses in Australia to assess the effectiveness of their information technology security measures.
Resumo:
The aim of this study is to develop a disclosure guide for climate-change-related corporate governance (CCCG) practices. Drawing from existing climate change policy guidelines together with content analysis of leading Australian companies’ disclosure practices, we develop a best practice index for the disclosure of CCCG practises. The best practice index is further informed, validated and refined by the contribution of experts from a range of stakeholder groups. Our index represents the most comprehensive list generated to date, utilising experts’ opinions, in relation to CCCG disclosure practices. This CCCG disclosure index would be useful for companies seeking to provide information in relation their CCCG practices
Resumo:
This paper investigates the climate change-related corporate governance disclosure practices of five major Australian energy-intensive companies over a 16-year period. In doing so, a content analysis instrument is developed to identify disclosures made in relation to various policies and procedures the organisations have in place for addressing the issues associated with climate change. This instrument is applied to the respective companies' annual reports and sustainability reports. An increasing trend is found in companies' climate change-related corporate governance disclosures over time; however, in many instances the disclosures provide limited insights into the climate change-related risks and opportunities confronting the sample companies.
Resumo:
The framework by which organizations are governed has been changed. A reason for this change is related with the force of stakeholders that compel the political power and the business society to review the ways in which companies are governed. Stakeholder thinking has gradually put this change at the center of research into business and society relations. Based on the stakeholder thinking, the corporate regulation framework has extended a new dimension in the business and society interface. This article assesses these issues.
Resumo:
The moral arguments associated with justice, fairness and communitarianism have rejected the exclusivity of cost‐benefit analysis in corporate governance. Particularly, the percepts of new governance (NG) have included distributive aspects in efficiency models focused on maximizing profits. While corporate directors were only assigned to look after the return of investment within the traditional framework of corporate governance (CG), NG has created the scope for them to look beyond the set of contractual liabilities. This article explores how and how far NG notions have contributed to the devolution of CG to create internal strategies focusing on actors, ethics and accountability in corporate self-regulation.
Resumo:
Since 1 December 2002, the New Zealand Exchange’s (NZX) continuous disclosure listing rules have operated with statutory backing. To test the effectiveness of the new corporate disclosure regime, we compare the change in quantity of market announcements (overall, non-routine, non-procedural and external) released to the NZX before and after the introduction of statutory backing. We also extend our study in investigating whether the effectiveness of the new corporate disclosure regime is diminished or augmented by corporate governance mechanisms including board size, providing separate roles for CEO and Chairman, board independence, board gender diversity and audit committee independence. Our findings provide a qualified support for the effectiveness of the new corporate disclosure regime regarding the quantity of market disclosures. There is strong evidence that the effectiveness of the new corporate disclosure regime was augmented by providing separate roles for CEO and Chairman, board gender diversity and audit committee independence, and diminished by board size. In addition, there is significant evidence that share price queries do impact corporate disclosure behaviour and this impact is significantly influenced by corporate governance mechanisms. Our findings provide important implications for corporate regulators in their quest for...
Resumo:
This paper examines the role of compensation and risk committees in managing and monitoring the risk behaviour of Australian financial firms in the period leading up to the global financial crisis (2006–2008). This empirical study of 711 observations of financial sector firms demonstrates how the coordination of risk management and compensation committees reduces information asymmetry. The study shows that the composition of the risk and compensation committees is positively associated with risk, which, in turn, is associated with firm performance. More importantly, information asymmetry is reduced when a director is a member of both the risk and compensation committees which moderate the negative association between risk and firm performance for firms with high risk.
Resumo:
New governance (NG) denotes a new approach in the governance strategies. This approach comes with a conceptual background explaining how the hardcore corporate decision-making and people-friendly business strategies have started to converge, relying on executive fiduciary duties, stakeholder engagement, and economic analysis of management incentives. It also addresses how companies incorporate stakeholder-friendly business strategies, examines the role of shareholder and board activism in pushing for social responsibility, and provides quantitative assessments of reporting practices, indexes, and ratings that link governance with responsibility (Kolk 2008; Statman 2005; Deegan 2002). It suggests models for pursuing this emerging frontier through greater involvement on behalf of the board of directors and utilizes a comparative approach to cross the border between the traditional ...
Resumo:
The convergence of corporate social responsibility (CSR) and corporate governance (CG) has changed the corporate accountability mechanism. This has developed a socially responsible ‘corporate self-regulation’, a synthesis of governance and responsibility in the companies of strong economies. However, unlike in the strong economies, this convergence has not been visible in the companies of weak economies, where the civil society groups are unorganised, regulatory agencies are either ineffective or corrupt and the media and non-governmental organisations do not mirror the corporate conscience. Using the case of Bangladesh, this article investigates the convergence between CSR and CG in the self-regulation of companies in a less vigilant environment.
Resumo:
The function of environmental governance and the principle of the rule of law are both controversial and challenging. To apply the principle of the rule of law to the function of environmental governance is perhaps even more controversial and challenging. A system of environmental governance seeks to bring together the range of competitive and potentially conflicting interests in how the environment and its resources are managed. Increasingly it is the need for economic, social and ecological sustainability that brings these interests – both public and private – together. Then there is the relevance of the principle of the rule of law. Economic, social and ecological sustainability will be achieved – if at all – by a complex series of rules of law that are capable of enforcement so as to ensure compliance with them. To what extent do these rules of law reflect the principle of the rule of law? Is the principle of the rule of law the formally unstated value that is expected to underpin the legal system or is it the normative predicate that directs the legal system both vertically and horizontally? Is sustainability an aspirational value or a normative predicate according to which the environment and its resources are managed? Let us deal sequentially with these issues by reviewing a number of examples that demonstrate the relationship between environmental governance and the rule of law.
Resumo:
For any discipline to be regarded as a professional undertaking by which its members may be treated as true “professionals” in a specific area, practitioners must clearly understand that discipline’s history as well as the place and significance of that history in current practice as well as its relevance to available technologies and artefacts at the time. This is common for many professional disciplines such as medicine, pharmacy, engineering, law and so on but not yet, this paper submits, in information technology. Based on twenty five elapsed years of experience in developing and delivering Cybersecurity courses at undergraduate and postgraduate levels, this paper proposes a rationale and set of differing perspectives for the planning and development of curricula relevant to the delivery of appropriate courses in the history of cybersecurity or information assurance to information and communications technology (ICT) students and thus to potential information technology professionals.
Resumo:
Since 1 December 2002, the New Zealand Exchange’s (NZX) continuous disclosure listing rules have operated with statutory backing. To test the effectiveness of the new corporate disclosure regime, we compare the change in quantity of market announcements (overall, non-routine, non-procedural and external) released to the NZX before and after the introduction of statutory backing. We also extend our study in investigating whether the effectiveness of the new corporate disclosure regime is diminished or augmented by corporate governance mechanisms including board size, providing separate roles for CEO and Chairman, board independence, board gender diversity and audit committee independence. Our findings provide a qualified support for the effectiveness of the new corporate disclosure regime regarding the quantity of market disclosures. There is strong evidence that the effectiveness of the new corporate disclosure regime was augmented by providing separate roles for CEO and Chairman, board gender diversity and audit committee independence, and diminished by board size. In addition, there is significant evidence that share price queries do impact corporate disclosure behaviour and this impact is significantly influenced by corporate governance mechanisms. Our findings provide important implications for corporate regulators in their quest for a superior disclosure regime.
