The governance of justice and internal security in Scotland:between the Scottish independence referendum and British decisions on the EU

This article examines how the governance of justice and internal security in Scotland could be affected by the outcome of the Scottish independence referendum in September 2014. The article argues that it is currently impossible to equate a specific result in the referendum with a given outcome for the governance of justice and internal security in Scotland. This is because of the complexities of the current arrangements in that policy area and the existence of several changes that presently affect them and are outside the control of the government and of the people of Scotland. This article also identifies an important paradox. In the policy domain of justice and internal security, a ‘no’ vote could, in a specific set of circumstances, actually lead to more changes than a victory of the ‘yes’ camp.

Can IT Security be improved with better IT Leadership in the 21st Century University?

Organizations generally are not responding effectively to rising IT security threats because people issues receive inadequate attention. The stark example of IT security is just the latest strategic IT priority demonstrating deficient IT leadership attention to the social dimension of IT. Universities in particular, with their devolved people organization, diverse adoption of IT, and split central/local federated approach to governance and leadership of IT, demand higher levels of interpersonal sophistication and strategic engagement from their IT leaders. An idealized model for IT leaders for the 21st century university is proposed to be developed as a framework for further investigation. The testing of this model in an action research study is proposed.

Evidence-based decision making to strengthen local governance : nutritional health interventions in Bantul and Gunungkidul

Since 2001, district governments have had the main responsibility for providing public health care in Indonesia. One of the main public health challenges facing many district governments is improving nutritional standards, particularly among poorer segments of the population. Developing effective policies and strategies for improving nutrition requires a multi-sectoral approach encompassing agricultural development policy, access to markets, food security (storage) programs, provision of public health facilities, and promotion of public awareness of nutritional health. This implies a strong need for a coordinated approach involving multiple government agencies at the district level. Due to diverse economic, agricultural, and infrastructure conditions across the country, district governments’ ought to be better placed than central government both to identify areas of greatest need for public nutrition interventions, and devise policies that reflect local characteristics. However, in the two districts observed in this study—Bantul and Gunungkidul—it was clear that local government capacity to generate, obtain and integrate evidence about local conditions into the policy-making process was still limited. In both districts, decision-makers tended to rely more on intuition,anecdote, and precedent in formulating policy. The potential for evidence-based decision making was also severely constrained by a lack of coordination and communication between agencies, and current arrangements related to central government fiscal transfers, which compel local governments to allocate funding to centrally determined programs and priorities.

Evidence based decision making to strenghten local governance : nutritional health interventions

Since 2001, district governments have had the main responsibility for providing public health care in Indonesia. One of the main public health challenges facing many district governments is improving nutritional standards, particularly among poorer segments of the population. Developing effective policies and strategies for improving nutrition requires a multi-sectoral approach encompassing agricultural development policy, access to markets, food security (storage) programs, provision of public health facilities, and promotion of public awareness of nutritional health. This implies a strong need for a coordinated approach involving multiple government agencies at the district level. Due to diverse economic, agricultural,and infrastructure conditions across the country, district governments’ ought to be better placed than central government both to identify areas of greatest need for public nutrition interventions, and devise policies that reflect local characteristics. However, in the two districts observed in this study—Bantul and Gunungkidul—it was clear that local government capacity to generate, obtain and integrate evidence about local conditions into the policy-making process was still limited. In both districts, decision-makers tended to rely more on intuition,anecdote, and precedent in formulating policy. The potential for evidence-based decision making was also severely constrained by a lack of coordination and communication between agencies, and current arrangements related to central government fiscal transfers, which compel local governments to allocate funding to centrally determined programs and priorities.

Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Barriers to information technology governance adoption : a preliminary empirical investigation

The adoption of IT Governance (ITG) continues to be an important topic for research. Many researchers have focused their attention on how these practices are currently being implemented in the many diverse areas and industries. Literature shows that a majority of these studies have only been based on industries and organizations in developed countries. There exist very few researches that look specifically within the context of a developing country. Furthermore, there seems to be a lack of research on identifying the barriers or inhibitors to IT Governance adoption within the context of an emerging yet still developing Asian country. This research sets out to justify, substantiate and improve on a priori model developed to study the barriers to the adoption of ITG practice using qualitative data obtained through a series of semi-structured interviews conducted on organizations in Malaysia.

Improving information security management in nonprofit organisations

All organisations, irrespective of size and type, need effective information security management (ISM) practices to protect vital organisational in- formation assets. However, little is known about the information security management practices of nonprofit organisations. Australian nonprofit organisations (NPOs) employed 889,900 people, managed 4.6 million volunteers and contributed $40,959 million to the economy during 2006-2007 (Australian Bureau of Statistics, 2009). This thesis describes the perceptions of information security management in two Australian NPOs and examines the appropriateness of the ISO 27002 information security management standard in an NPO context. The overall approach to the research is interpretive. A collective case study has been performed, consisting of two instrumental case studies with the researcher being embedded within two NPOs for extended periods of time. Data gathering and analysis was informed by grounded theory and action research, and the Technology Acceptance Model was utilised as a lens to explore the findings and provide limited generalisability to other contexts. The major findings include a distinct lack of information security management best practice in both organisations. ISM Governance and risk management was lacking and ISM policy was either outdated or non- existent. While some user focused ISM practices were evident, reference to standards, such as ISO 27002, were absent. The main factor that negatively impacted on ISM practices was the lack of resources available for ISM in the NPOs studied. Two novel aspects of information security dis- covered in this research were the importance of accuracy and consistency of information. The contribution of this research is a preliminary understanding of ISM practices and perceptions in NPOs. Recommendations for a new approach to managing information security management in nonprofit organisations have been proposed.

IT governance adoption in Malaysia : a preliminary investigation

IT Governance (ITG) adoption remains a relevant topic of study. While extensive research has been done looking into the drivers and critical success factors of ITG practice, there seems to be a lack of interest in identifying the barriers to its adoption. This study reports on a survey conducted to first: provide some primary data that suggest ITG adoption and maturity levels are still low, especially in a developing country like Malaysia; and second: to provide initial empirical support for model development. Results obtained supported our assumptions that: (1) ITG adoption and maturity levels are still relatively low in Malaysia, therefore justifying Malaysia as a suitable case; (2) organizational factors, environmental factors and characteristics of the innovation as identified from the literature may serve as possible barriers to adoption.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

An exploratory study into audit challenges in IT governance : a Delphi approach

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the Australian public sector. Based on literature research and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

Policing visible sexual/gender diversity as a program of governance

Using interview data on LGBT young people’s policing experiences, I argue policing and security works as a program of government (Dean 1999; Foucault 1991; Rose 1999) that constrains the visibilities of diverse sexuality and gender in public spaces. While young people narrated police actions as discriminatory, the interactions were complex and multi‐faceted with police and security working to subtly constrain the public visibilities of ‘queerness’. Same sex affection, for instance, was visibly yet unverifiably (Mason 2002) regulated by police as a method of governing the boundaries of proper gender and sexuality in public. The paper concludes by noting how the visibility of police interactions with LGBT young people demonstrates to the public that public spaces are, and should remain, heterosexual spaces.

Optimising COBIT 5 for IT governance : examples from the public sector

Control Objectives for Information and related Technology (COBIT) has grown to be one of the most significant IT Governance (ITG) frameworks available and also the best suited for audit, as it provides comprehensive guidance around IT processes and related business goals. However, given the constraints of both time and resources within which the Australian public sector is forced to operate, implementing an audit framework the size of COBIT in its entirety is often considered too large a task. As an alternative to full implementation it is not uncommon for the public sector to “cherry pick” controls from the framework in an effort to reduce its size. This paper reports on research undertaken to evaluate the potential to use an optimised sub-set of COBIT 5 for ITG audit in Australian public sector organisations. A survey methodology was employed to determine the control-objectives considered to be the most important to a selection of public sector organisations. Twelve control-objectives were identified as being most important to Queensland public sector organisations. As ten of these were also identified by previous studies, it appears possible to derive an optimised sub-set from COBIT 5 that would be both enduring and relevant across geographical and organisational contexts.

A Delphi study into the audit challenges of IT governance in the Australian public sector

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the public sector. Based on literature and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

IT governance stability in a political changing environment : exploring potential impacts in the public sector

Public sector organisations (PSOs) operate in information-intensive environments often within operational contexts where efficiency is a goal. What's more, the rapid adoption of IT is expected to facilitate good governance within public sector organisations but it often clashes with the bureaucratic culture of these organisations. Accordingly, models such as IT Governance (ITG) and government reform -in particular the new public management (NPM)- were introduced in PSOs in an effort to address the inefficiencies of bureaucracy and under performance. This work explores the potential effect of change in political direction and policy on the stability of IT governance in Australian public sector organisations. The aim of this paper is to examine implications of a change of government and the resulting political environment on the effectiveness of the audit function of ITG. The empirical data discussed here indicate that a number of aspects of audit functionality were negatively affected by change in political direction and resultant policy changes. The results indicate a perceived decline in capacity and capability which in turn disrupts the stability of IT governance systems in public sector organisations.