Three strategic dimensions of information security in ecommerce : a literature review based conceptual model

Important eCommerce requirements are a robust and secure technical infrastructure, and the ability to ensuring the security of information, and to satisfying certain related legal requirements. In this paper, based on a literature review, we present a high-level conceptual model of information security in eCommerce, consisting of three strategic dimensions: protecting organizations' information, satisfying certain legal requirements, and enabling trusted and secure electronic transactions. Our conceptual model can be used by eCommerce managers as a tool in the strategic planning and management process, to better understand and communicate the inter-dependencies between business and legal requirements. The model can also be used for devising the goals and objectives relevant to their specific organization, for designing the policies that are needed, and deciding how technology will be managed and what training is required.

Educating for professional capability in the field of information technology: integrating industry-based learning with the academic curriculum

In response to the forces of globalisation, societies and organisations have had to adapt and even proactively transform themselves. Universities, as knowledge-based organisations, have recognised that there are now many other important sites of knowledge construction and use. The apparent monopoly over valued forms of knowledge making and knowledge certification is disappearing. Universities have had to recognise the value of practical working knowledge developed in workplace settings beyond university domains, and promote the value of academic forms of knowledge making to the practical concerns of everyday learning. It is within this broader systems view that professional curriculum development undertaken by universities needs to be examined.

University educational planning responds to these external forces in ways that are drawing together formal academic capability/competence and practice-based capability/competence. Both forms of academic and practice-based knowledge and knowing are being equally valued and related one to the other. University planning in turn gives impetus to the development of new forms of professional education curricula. This paper presents a contemporary case of a designed professional curriculum in the field of information technology that situates workplace learning as a central element in the education of Information Technology (IT)/Information Systems (IS) professionals.

The key dimensions of the learning environment of Deakin University’s BIT (Hons) program are considered with a view to identifying areas of strong integration between the worlds of academic and workplace learning from the perspectives of major stakeholders. The dynamic interplay between forms of theorising and practising is seen as critical in educating students for professional capability in their chosen field. From this analysis, an applied research agenda, relating to desired forms of professional learning in higher education, is outlined, with specific reference to the information and communication technology professions.

An exploratory study of information systems subject indexing

The motivation for detailed study of information systems research subject indexing schemes is explained, along with an analysis of two indexing schemes proposed for use in the area.  A number of reference disciplines are examined for their ability to provide insights and analysis approaches.

The tri-dimensional role of information security in E-business : a managerial perspective

The effective management of information and its associated infrastructure is critical in electronic business. Failure to exercise due diligence in information assurance and security may lead to lost revenue or business opportunities, brand and reputation erosion, adverse media publicity, scrutiny from consumer advocates and even lawsuits. Traditionally, information security was approached in terms of goals. Yet, the goalsoriented approach may be a flawed one. In this paper, we adopt a conceptual analytical approach and propose a tri-dimensional understanding of information security in electronic business. Our approach can help managers better understand and communicate the information security’s role in e-business and the inter-dependencies between business and legal requirements, for devising the goals, objectives and policies relevant to their organization.

Positivism: one ring to rule them all? A tale of information systems research methodology

The tale of research methodology in information systems is told through the fantasy of Tolkien’s Lord of the Rings. The tale is intended to be at once a piece of light hearted fun in its placement of the struggles of research methodology as an epic story but, in the tradition of the court jester, attempts to provide a new perspective on Information Systems (IS) research methodology and our struggles with positivism in particular. Our tale is one of developing a greater maturity and confidence in IS methodology and introduces postmodern methodologies to Information Systems. Our tale, our pastiche, is itself postmodern.

The value of information in an agency model with moral hazard

I show that the principal and the agent may each prefer that the principal or the agent has imperfect information about the principal's technology in a principal-agent environment with moral hazard. Principals expend considerable resources on data cumulation and analysis. However, such investments in information acquisition are benecial only if the agent will know that the principal is not ignorant or it allows the principal to implement a dierent action. When the principal is perfectly informed about her technology, the agent prefers to be ignorant. In addition, the value of perfect information for the agency is negative if the principal would implement the same action with either possible technology. I also investigate the dierences between ex ante and ex post contracting, and the ramications of the principal being ignorant or potentially ignorant about the technology. Finally, I determine if the principal's utility varies continuously with the degree of informativeness of the agent about the principal's technology. In this vein, I determine whether the agent's uncertainty may make the principal better o if she has the less informative technology.

The reality of information systems research

The examination of a practical issue with a web site has led, in this paper, directly to the consideration of the need for, and an assessment of the impact of, an approach based on fundamental theories of ‘what is’, to examine what information systems research is and the relations of its component areas of endeavour. The paper presents an examination of the use of the philosophical field of ontologies, and specifically the use of the ontological approaches upon which to base categories of information systems research activities. This theoretical analysis is intended to be used as the basis from which to develop a methodology to undertake the development of the categorial scheme for the web site that initiated the research.

The multifaceted and ever-changing directions of information security - Australia get ready!

In recent years, we have witnessed many information security developmental trends. As a consequence, the dimensions of information security - once single disciplinary area - have become multifaceted and convoluted. This paper aims to (1) recapitulate these key developments: (2) argue that the emergence of many complex information security dimensions are the result of 'constant change agents' (CCAs); (3) discuss the implications on Australia's society, i. e. government, companies and individuals; and (4) propose key consideration areas and possible solutions thereof. We hope that the discussion presented here will position Australia to make better aligned information security and strategic plans, such as choosing appropriate investments and adopting effective solutions to strengthen and secure Australia's national information security posture.

Securing small business - the role of information technology policy

As small and medium enterprises develop their capacity to trade  electronically, they and their trading partners stand to gain considerable benefit from the resulting transaction efficiencies and business  relationships. However, this raises the question of how well small business manages its IT security and the threats that security lapses may pose to the wider trading network. It is in the interest of all members of an electronic trading network, as well as governments, to assist smaller companies to secure their business data. This paper considers the relationship between IT security management and IT policy implementation among small  businesses involved in business-to-business eCommerce. It reports the results of a survey of 240 Australian small and medium businesses  operating in a cross-industry environment. The survey found a low level of strategic integration of eCommerce along with inadequate IT security among the respondents, despite the fact that 81% were doing business online and 97% identified their business data as confidential. Businesses which implemented satisfactory levels of security technologies were more likely than others to have an information technology policy within the organisation. The paper proposes a model that outlines the development of security governance and policy implementation for small and medium businesses.

Defuturing an architecture of destruction: a reconciliation of Van Berkel and Bos to the new design philosophy of Tony Fry

For some time now Tony Fry has promoted the idea of 'The Sustainment', an idea that asserts a paradigm shift in attitudes to consumption. 'The Sustainment' recognises that increasingly human futures are products of self-determination and not chance. Fry’s hypothesis can be understood through his concept of Defuturing, a philosophy that questions the role of design and the responsibility of designers to facilitating the ability to sustain (Fry 1999).
Central to Fry’s philosophy is an awareness that it is in the best interests of designers and their clients, as inhabitants of cultures increasingly driven by technology, to be aware of the relationships between the products and theories of design and the processes and implications of technological change. This is an awareness that is central to the concepts, work, and methodologies of the ‘UN Studio’ of Van Berkel and Bos described and elaborated upon in Move – Imagination, Techniques, and Effects (Van Berkel & Bos 1999). Here, Ben Van Berkel defines the parameters and methodologies employed by UN Studio in an environment of technological and socio-economic change. The Dutch practice could be said to exemplify something of a zeitgeist in current architectural design that sees architects, as Van Berkel and Bos view them, as “fashion designers of the future, dressing events to come and holding up a mirror to the world (Van Berkel & Bos 1999, back cover).” It is a zeitgeist that Fry might see as aligned to the resilient hype of ‘new creativity’, ‘globalisation’ the ‘romance with technology’, and the vacuous-ness of the world of fashion. (Fry The Voice of Sustainment: on Design Intelligence 2005).
A source of breaking down such design propaganda is identified by Fry in the notion of ‘scenarios,’ which “provide a mechanism for politico-practice assemblage in which dialogues and narratives of change can be rehearsed in ways that enable participants to re-educate themselves via critical confrontations” (Fry The Voice of Sustainment: on Design Intelligence 2005). From such a perspective this paper aims to practically illustrate and ground the Defuturing of Fry by establishing a dialogue between his writings and the theories that have generated the architectural designs of Van Berkel and Bos and there UN Studio. This will be a ‘scenario’ that examines therefore an appropriation and transformation of the applied intellectual practice of Van Berkel and Bos. Through this confrontation we shall explore the question of why sustainability appears to be so low in the agenda of many pre-eminent contemporary architects, and how we might refocus therefore practice and theory on the ability to sustain.

Electronic negotiation and security of information exchanged in e-commerce

In settings such as electronic markets where trading partners have conflicting interests and a desire to cooperate, mobile agent mediated negotiation have become very popular. However, agent-based negotiation in electronic commerce involves the exchange of critical and sensitive data that must be highly safeguarded. Therefore, in order to give benefits of quick and safe trading to the trading partners, an approach that secures the information exchanged between the mobile agents during e-Commerce negotiations is needed. To this end, we discuss an approach that we refer to as Multi-Agent Security NEgotiation Protocol (MASNEP). To show that MASNEP protocol is free of attacks and thus the information exchanged throughout electronic negotiation is truly secured, we provide a formal proof on the correctness of the MASNEP.

Describing individual incidents of sexual abuse: a review of research on the effects of multiple sources of information on children's reports

Objective: For successful prosecution of child sexual abuse, children are often required to provide reports about individual, alleged incidents. Although verbally or mentally rehearsing memory of an incident can strengthen memories, children’s report of individual incidents can also be contaminated when they experience other events related to the individual incidents (e.g., informal interviews, dreams of the incident) and/or when they have similar, repeated experiences of an incident, as in cases of multiple abuse.

Method: Research is reviewed on the positive and negative effects of these related experiences on the length, accuracy, and structure of children’s reports of a particular incident.

Results: Children’s memories of a particular incident can be strengthened when exposed to information that does not contradict what they have experienced, thus promoting accurate recall and resistance to false, suggestive influences. When the encountered information differs from children’s experiences of the target incident, however, children can become confused between their experiences—they may remember the content but not the source of their experiences.

Conclusions: We discuss the implications of this research for interviewing children in sexual abuse investigations and provide a set of research-based recommendations for investigative interviewers.