Understanding and measuring information security culture in developing countries : case of Saudi Arabia

The purpose of the current study was to develop a measurement of information security culture in developing countries such as Saudi Arabia. In order to achieve this goal, the study commenced with a comprehensive review of the literature, the outcome being the development of a conceptual model as a reference base. The literature review revealed a lack of academic and professional research into information security culture in developing countries and more specifically in Saudi Arabia. Given the increasing importance and significant investment developing countries are making in information technology, there is a clear need to investigate information security culture from developing countries perspective such as Saudi Arabia. Furthermore, our analysis indicated a lack of clear conceptualization and distinction between factors that constitute information security culture and factors that influence information security culture. Our research aims to fill this gap by developing and validating a measurement model of information security culture, as well as developing initial understanding of factors that influence security culture. A sequential mixed method consisting of a qualitative phase to explore the conceptualisation of information security culture, and a quantitative phase to validate the model is adopted for this research. In the qualitative phase, eight interviews with information security experts in eight different Saudi organisations were conducted, revealing that security culture can be constituted as reflection of security awareness, security compliance and security ownership. Additionally, the qualitative interviews have revealed that factors that influence security culture are top management involvement, policy enforcement, policy maintenance, training and ethical conduct policies. These factors were confirmed by the literature review as being critical and important for the creation of security culture and formed the basis for our initial information security culture model, which was operationalised and tested in different Saudi Arabian organisations. Using data from two hundred and fifty-four valid responses, we demonstrated the validity and reliability of the information security culture model through Exploratory Factor Analysis (EFA), followed by Confirmatory Factor Analysis (CFA.) In addition, using Structural Equation Modelling (SEM) we were further able to demonstrate the validity of the model in a nomological net, as well as provide some preliminary findings on the factors that influence information security culture. The current study contributes to the existing body of knowledge in two major ways: firstly, it develops an information security culture measurement model; secondly, it presents empirical evidence for the nomological validity for the security culture measurement model and discovery of factors that influence information security culture. The current study also indicates possible future related research needs.

Providing innovative planning education experience : teaching regional planning in an international context

Rapidly changing economic, social, and environmental conditions have created a need for urban and regional planning practitioners who are resilient, innovative, and able to cope with the increasingly complex and cosmopolitan nature of major metropolitan areas. This need should be reflected in planning education that allows students to experience a diverse range of approaches to problems and challenges, and that exposes students to the diverse array of perspectives on planning issues. This paper investigates the outcomes of a collaborative regional planning exercise organised jointly by planning academics from both Queensland University of Technology and the International Islamic University of Malaysia, and involving planning students from both universities. The regional planning exercise consisted of a regional appraisal and report topics of the area under investigation, Klang Valley – Kuala Lumpur, Malaysia. It culminated with the presentation of regional development strategies for the area, with a field trip to Malaysia being the cornerstone of the project. The collaborative exercise involved a series of workshops and seminars organised locally, in which both Australian and Malaysian planning students participated, as well as meetings with local and federal planning officials, and also a forum for Young Planners of Australian and Malaysian Planning Institutes. The experience attempted to bridge the teaching of theoretical concepts of regional planning and development and the regional, more professional knowledge of planning practice, as it relates to specific political, institutional and cultural contexts. A survey of participating students, from both Queensland University of Technology and the International Islamic University of Malaysia, highlights the benefits of such project in terms of leaning experience and exposure to different cultural contexts.

Everything you do : young adult fiction and surveillance in an age of security

Espionage, surveillance and clandestine operations by secret agencies and governments were something of an East–West obsession in the second half of the twentieth century, a fact reflected in literature and film. In the twenty-first century, concerns of the Cold War and the threat of Communism have been rearticulated in the wake of 9/11. Under the rubric of ‘terror’ attacks, the discourses of security and surveillance are now framed within an increasingly global context. As this article illustrates, surveillance fiction written for young people engages with the cultural and political tropes that reflect a new social order that is different from the Cold War era, with its emphasis on spies, counter espionage, brainwashing and psychological warfare. While these tropes are still evident in much recent literature, advances in technology have transformed the means of tracking, profiling and accumulating data on individuals’ daily activities. Little Brother, The Hunger Games and Article 5 reflect the complex relationship between the real and the imaginary in the world of surveillance and, as this paper discusses, raise moral and ethical issues that are important questions for young people in our age of security.

Joint venture behaviour in construction industry : an Australia case study

Joint ventures can take many forms and can be formed for different reasons, from sharing resources to creating future business opportunities. At the same time, there is increasing interest and discussion of alternative procurement methods, moving away from traditional procurement systems to relational approaches. Business systems and strategies need to be redefined and move from a short-term project to project culture to a more strategic, long-term perspective. Joint ventures of construction organisations, global and local, have become increasingly popular to deliver large-scale infrastructure construction projects. However, successful strategic collaborations require project organisations to formulate a fit between contractual and operational arrangements for each situation. This study reviews the movement from traditional procurement methods towards relational contracting approaches in Queensland, Australia. The study examines the organisational factors that facilitates sustainable relationship between project organisations and hence, lead to long-term business success. This paper reports on initial findings captured from a survey undertaken with construction contracting organisations in Australia, focusing on the supply chain relationships. Contractors’ perceptions of the relationship management process and the engagement of the supply chain are also presented.

Islamic contributions to the International Organization for Science and Technology Education (IOSTE)

This presentation introduces the International Organization for Science and Technology Education (IOSTE), outlining its history, structure, principles and activities. It discusses the role of IOSTE as a values-oriented STE research organization established in response to cold war ideologies with the aim of encouraging dialogue and academic exchange. The presentation then highlights the recent engagement of IOSTE with STE in predominantly Muslim countries. It examines quantitatively and qualitatively the increasing contributions from researchers in these countries, and outlines possible future engagements which could lead to closer research collaborations and relationships between STE academics in Muslim and non-Muslim countries.

Re-envisioning sovereignty : the end of Westphalia?

Fables of sovereignty / Wayne Hudson Sovereignty discourse and practice : past and future / Joseph Camilleri Guises of sovereignty / Gerry Simpson Westphalian and Islamic concepts of sovereignty in the Middle East / Amin Saikal Wither sovereignty in Southeast Asia today? / See Seng Tan Ambivalent sovereignty : China and re-imagining the Westphalian ideal / Yongjin Zhang Confronting terrorism : dilemmas of principle and practice regarding sovereignty / Brian L. Job Sovereignty in the 21st century : security, immigration, and refugees / Howard Adelman State sovereignty and international refugee protection / Robyn Lui Do no harm : towards a Hippocratic standard for international civilisation / Neil Arya Sovereignty and the global politics of the environment : beyond Westphalia? / Lorraine Elliott Westphalian sovereignty in the shadow of international justice? a fresh coat of paint for a tainted concept / Jackson Nyamuya Maogoto Development assistance and the hollow sovereignty of the weak / Roland Rich Corruption and transparency in governance and development : reinventing sovereignty for promoting good governance / C. Raj Kumar Re-envisioning economic sovereignty : developing countries and the International Monetary Fund / Ross P. Buckley Trust, legitimacy, and the sharing of sovereignty / William Maley Sovereignty as indirect rule / Barry Hindess Indigenous sovereignty / Paul Keal Civil society in a post-statist circumstance / Jan Aart Scholte.

Money laundering and FATF compliance by the international community

This paper examines the anti-money laundering systems of Australia, the United Arab Emirates (UAE), the United Kingdom (UK) and the United States of America (USA), the extent to which they have implemented the Financial Action Task Force (FATF) recommendations, and how compliance with these recommendations is affected by local cultural and economic factors. The paper makes use of FATF evaluation reports to compare the countries’ compliance; it examines some of the underlying cultural considerations and culture-specific ethical issues that affect the extent of compliance, and how cultural and ethical considerations may affect good governance. The findings indicate that the UK and the USA are the most advanced with regards to their compliance with the FATF recommendations and Australia and the UAE less so. The UAE is in particular found to be least compliant. We relate this finding to previous work on how a country’s legal and financial systems develop in line with its religion, culture and socio-economic situation, and examine how such local factors have affected the UAE’s financial and anti-money laundering and combating the financing of terrorism (AML/CFT) systems. This research will be of interest to policy-makers and government agencies involved in addressing money laundering and its successful detection and prosecution.

Enhancing security and continuity management at international airports

Operators of busy contemporary airports have to balance tensions between the timely flow of passengers, flight operations, the conduct of commercial business activities and the effective application of security processes. In addition to specific onsite issues airport operators liaise with a range of organisations which set and enforce aviation-related policies and regulations as well as border security agencies responsible for customs, quarantine and immigration, in addition to first response security services. The challenging demands of coordinating and planning in such complex socio-technical contexts place considerable pressure on airport management to facilitate coordination of what are often conflicting goals and expectations among groups that have standing in respect to safe and secure air travel. What are, as yet, significantly unexplored issues in large airports are options for the optimal coordination of efforts from the range of public and private sector participants active in airport security and crisis management. A further aspect of this issue is how airport management systems operate when there is a transition from business-as-usual into an emergency/crisis situation and then, on recovery, back to ‘normal’ functioning. Business Continuity Planning (BCP), incorporating sub-plans for emergency response, continuation of output and recovery of degraded operating capacity, would fit such a context. The implementation of BCP practices in such a significant high security setting offers considerable potential benefit yet entails considerable challenges. This paper presents early results of a 4 year nationally funded industry-based research project examining the merger of Business Continuity Planning and Transport Security Planning as a means of generating capability for improved security and reliability and, ultimately, enhanced resilience in major airports. The project is part of a larger research program on the Design of Secure Airports that includes most of the gazetted ‘first response’ international airports in Australia, key Aviation industry groups and all aviation-related border and security regulators as collaborative partners. The paper examines a number of initial themes in the research, including: ? Approaches to integrating Business Continuity & Aviation Security Planning within airport operations; ? Assessment of gaps in management protocols and operational capacities for identifying and responding to crises within and across critical aviation infrastructure; ? Identification of convergent and divergent approaches to crisis management used across Austral-Asia and their alignment to planned and possible infrastructure evolution.

Combating computer crime : an international perspective

Given the serious nature of computer crime, and its global nature and implications, it is clear that there is a crucial need for a common understanding of such criminal activity internationally in order to deal with it effectively. Research into the extent to which legislation, international initiatives, and policy and procedures to combat and investigate computer crime are consistent globally is therefore of enormous importance. The challenge is to study, analyse, and compare the policies and practices of combating computer crime under different jurisdictions in order to identify the extent to which they are consistent with each other and with international guidelines; and the extent of their successes and limitations. The purpose ultimately is to identify areas where improvements are needed and what those improvements should be. This thesis examines approaches used for combating computer crime, including money laundering, in Australia, the UAE, the UK and the USA, four countries which represent a spectrum of economic development and culture. It does so in the context of the guidelines of international organizations such as the Council of Europe (CoE) and the Financial Action Task Force (FATF). In the case of the UAE, we examine also the cultural influences which differentiate it from the other three countries and which has necessarily been a factor in shaping its approaches for countering money laundering in particular. The thesis concludes that because of the transnational nature of computer crime there is a need internationally for further harmonisation of approaches for combating computer crime. The specific contributions of the thesis are as follows: „h Developing a new unified comprehensive taxonomy of computer crime based upon the dual characteristics of the role of the computer and the contextual nature of the crime „h Revealing differences in computer crime legislation in Australia, the UAE, the UK and the USA, and how they correspond to the CoE Convention on Cybercrime and identifying a new framework to develop harmonised computer crime or cybercrime legislation globally „h Identifying some important issues that continue to create problems for law enforcement agencies such as insufficient resources, coping internationally with computer crime legislation that differs between countries, having comprehensive documented procedures and guidelines for combating computer crime, and reporting and recording of computer crime offences as distinct from other forms of crime „h Completing the most comprehensive study currently available regarding the extent of money laundered in four such developed or fast developing countries „h Identifying that the UK and the USA are the most advanced with regard to anti-money laundering and combating the financing of terrorism (AML/CFT) systems among the four countries based on compliance with the FATF recommendations. In addition, the thesis has identified that local factors have affected how the UAE has implemented its financial and AML/CFT systems and reveals that such local and cultural factors should be taken into account when implementing or evaluating any country¡¦s AML/CFT system.