Enterprise information security policy assessment : an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach.

ACE research vignette 013 : does policy for women's entrepreneurship promote gender equality, or not?

This series of research vignettes is aimed at sharing current and interesting research findings from our team and other international Entrepreneurship researchers. In this vignette, Professor Helene Ahl from Jonkoping University considers the consequences for gender equality of policy for women's entrepreneurship in two countries with distinctly different welfare state regimes.

Cultural diversity, cultural networks and trade : international cultural policy debate

This article sketches some of the ways in which the language and concepts of cultural diversity are being taken up internationally. The debate has been driven in part by concerns about the treatment of cultural goods, services and knowledge in trade agreements. But it also involves larger questions about the role of the state, the role of non-state actors in domestic policy formation, and the shape and function of international policy communities comprising both state and non-state actors. The extent of the discussion of cultural diversity internationally is described through new formal and informal cultural networks and work towards an international instrument for cultural diversity to lay our ground rules for international trade, cultural exchange and policy principles to guide governmental responsibilities. The article concludes with analysis of some of these new networks, and investigates why Canada has been so prominent in these international efforts.

Globalization, media policy and regulatory design : rethinking the Australian media classification scheme

This paper considers the debate about the relationship between globalization and media policy from the perspective provided by a current review of the Australian media classification scheme. Drawing upon the author’s recent experience in being ‘inside’ the policy process, as Lead Commissioner on the Australian National Classification Scheme Review, it is argued that theories of globalization – including theories of neoliberal globalization – fail to adequately capture the complexities of the reform process, particularly around the relationship between regulation and markets. The paper considers the pressure points for media content policies arising from media globalization, and the wider questions surrounding media content policies in an age of media convergence.

Regulating assisted reproductive technologies in Victoria : the impact of changing policy concerning the accessibility of in vitro fertilisation for preimplantation tissue-typing

On 1 January 2010, the Assisted Reproductive Treatment Act 2008 (Vic) came into force. The legislation was the outcome of a detailed review and consultation process undertaken by the Victorian Law Reform Commission. Arguably, the change to the regulatory framework represents a significant shift in policy compared to previous regulatory approaches on this topic in Victoria. This article considers the impact of the new legislation on eligibility for reproductive treatments, focusing on the accessibility of such services for the purpose of creating a “saviour sibling”. It also highlights the impact of the Victorian regulatory body’s decision to abolish its regulatory policies on preimplantation genetic diagnosis and preimplantation tissue-typing, concluding that the regulatory approach in relation to these latter issues is similar to other Australian jurisdictions where such practices are not addressed by a statutory framework.

Speed enforcement in Australia : a changing policy landscape shaped by public opinion

- Speeding and crash involvement in Australia - Speed management in Australia - Jurisdictional differences - National Road Safety Strategy (2011-2020) - Auditor-General reviews of speed camera programs - The role of public opinion/feedback - Implications for speed management

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.