Three strategic dimensions of information security in ecommerce : a literature review based conceptual model

Important eCommerce requirements are a robust and secure technical infrastructure, and the ability to ensuring the security of information, and to satisfying certain related legal requirements. In this paper, based on a literature review, we present a high-level conceptual model of information security in eCommerce, consisting of three strategic dimensions: protecting organizations' information, satisfying certain legal requirements, and enabling trusted and secure electronic transactions. Our conceptual model can be used by eCommerce managers as a tool in the strategic planning and management process, to better understand and communicate the inter-dependencies between business and legal requirements. The model can also be used for devising the goals and objectives relevant to their specific organization, for designing the policies that are needed, and deciding how technology will be managed and what training is required.

Information security, cyber crime, and infrastructure protection : information security management within Australian healthcare organisations

Information security is now recognised as critical factor within the healthcare industry. With the gradual move from paper -based to electronic information there is an even greater need for protection. However, financial and operational constraints often exist which influence the practicality of developing a secure system. A new baseline security standard, the Health Information Security Management Implementation Guide, has been drafted which applies specifically to the unique information security requirements of the healthcare industry. The aim of this paper is to look at the effectiveness of the health information security standard and the development of information security within the Australian healthcare industry.

Object-oriented security modelling for healthcare

With the convergence of paper to electronic, the health industry is relying more on technology to maintain and update the well-being of patients. This reliance on technology requires an acute level of protection from unwanted technological disasters and/or human threats. Research shows insufficiencies with the implementation and use of security controls; as well as current analysis methods lacking the techniques to analyse technical and social aspects of security. The aim of this paper is to introduce an information security evaluation methodology for health information systems based on UML.

Australian SMES and e-security guides on trusting the internet

There have been many standards and guides written for the implementation of computer security and information security concentrating on appropriate implementation of procedures for effective information security management. Such guides are limited when dealing with e-business and its implementation by Small and Medium Business Enterprises (SMEs). In Australia the National Office for the Information Economy (NOIE) has released a small business guide for e-security for performing such services while fulfilling the necessary security requirements. This paper presents an overview of this current small business guide to e-security with special reference to deriving a common set of criteria for implementing security measures in the SME e-business environment.

A review of critical information infrastructure protection within IT security guidelines

This research takes the form of a review and looks at the current advisories offered to informationl security professionals in Ihe area of critical information infrastructure protection A critical information infrastructure protection mode! is also presented along with a critical review of some of lhe recent formal guidance that has been offered. The Critical lnformation Infrastructure Protection - Risk Analysis-Methodology (CIlP-RAM) is then offered as a solution to the lack of information and advice.

CIIP-RAM - a step-wise security risk analysis methodology for critical information infrastructure protection

Wilh the protection of critical information infrastructure becoming a priority for all levels of management. there is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. The fourth generation security risk analysis melhod which copes wilh the shift from computer/information security to critical information iinfrastructure protectionl is lhe next step toward handling security risk at all levels. The paper will present the methodology of
fourth generation models and their application to critical information infrastructure protection and the associated advantagess of this methodology.

E-business security strategies for SMEs

The major barriers to the Implementation of electronic commerce by businesses globally arc well understood. These comprise security and pnvacy issues, the lack of established regulations governing commercial behaviour and liability, and the lack of universally accepted standards. In this article. we focus on the security concerns of Australian SMEs. Medium, and especially small, enterprises are hindered in the implementation of communications security technology by a lack of expertize and a poor understandmg of the services and resources available to them. As a response to this situation, we examme the facilities avallable to Australian SMEs which help them to make reasonable e- secunty decisions as part of an overall e-busmess strategy. We demonstrate that there are sufficient resources at appropnate levels of availability to enable small and medium Australian enterprises to implement communicatlons security effectively.

The tri-dimensional role of information security in E-business : a managerial perspective

The effective management of information and its associated infrastructure is critical in electronic business. Failure to exercise due diligence in information assurance and security may lead to lost revenue or business opportunities, brand and reputation erosion, adverse media publicity, scrutiny from consumer advocates and even lawsuits. Traditionally, information security was approached in terms of goals. Yet, the goalsoriented approach may be a flawed one. In this paper, we adopt a conceptual analytical approach and propose a tri-dimensional understanding of information security in electronic business. Our approach can help managers better understand and communicate the information security’s role in e-business and the inter-dependencies between business and legal requirements, for devising the goals, objectives and policies relevant to their organization.

An empirical study of e-business security in Geelong small to medium business enterprises (SMEs)

This paper delivers the findings from a study conducted to investigate Australian SMEs and e-business security. The study established the attitudes and concerns of a sample of Australian Small and Medium-sized Enterprises (SMEs) towards the use of e-business within their operational environment using the members of the Geelong Chamber of Commerce as a base for survey participants. The results focus on e-business security and identifying mechanisms that SMEs use to safeguard their e-business systems.

Health information security evaluation: continued development of an object-oriented method

With the convergence of paper to electronic, the health industry is relying more on technology to maintain and update the well-being of patients. This reliance on technology requires an acute level of protection from
unwanted technological disasters and/or human threats. Research shows insufficiencies with the implementation and use of security controls; as well as current analysis methods lacking the techniques to analyse technical and social aspects of security. The aim of this paper is to introduce an information security evaluation methodology for health information systems based on UML.