Can IT Security be improved with better IT Leadership in the 21st Century University?

Organizations generally are not responding effectively to rising IT security threats because people issues receive inadequate attention. The stark example of IT security is just the latest strategic IT priority demonstrating deficient IT leadership attention to the social dimension of IT. Universities in particular, with their devolved people organization, diverse adoption of IT, and split central/local federated approach to governance and leadership of IT, demand higher levels of interpersonal sophistication and strategic engagement from their IT leaders. An idealized model for IT leaders for the 21st century university is proposed to be developed as a framework for further investigation. The testing of this model in an action research study is proposed.

Security of Two-Party Identity-Based Key Agreement

Identity-based cryptography has become extremely fashionable in the last few years. As a consequence many proposals for identity-based key establishment have emerged, the majority in the two party case. We survey the currently proposed protocols of this type, examining their security and efficiency. Problems with some published protocols are noted.

Security and legal issues in E-tendering

The Queensland Department of Public Works (QDPW) and the Queensland Department of Main Roads (QDMR) have identified a need for industry e-contracting guidelines in the short to medium term. Each of these organisations conducts tenders and contracts for over $600 million annually. This report considers the security and legal issues relating to the shift from a paper-based tendering system to an electronic tendering system. The research objectives derived from the industry partners include: • a review of current standards and e-tendering systems; • a summary of legal requirements impacting upon e-tendering; • an analysis of the threats and requirements for any e-tendering system; • the identification of outstanding issues; • an evaluation of possible e-tendering architectures; • recommendations for e-tendering systems.

Security metrics for object-oriented class designs

Measuring quality attributes of object-oriented designs (e.g. maintainability and performance) has been covered by a number of studies. However, these studies have not considered security as much as other quality attributes. Also, most security studies focus at the level of individual program statements. This approach makes it hard and expensive to discover and fix vulnerabilities caused by design errors. In this work, we focus on the security design of an object oriented application and define a number of security metrics. These metrics allow designers to discover and fix security vulnerabilities at an early stage, and help compare the security of various alternative designs. In particular, we propose seven security metrics to measure Data Encapsulation (accessibility) and Cohesion (interactions) of a given object-oriented class from the point of view of potential information flow.

Privacy and security in open and trusted health information systems

The Open and Trusted Health Information Systems (OTHIS) Research Group has formed in response to the health sector’s privacy and security requirements for contemporary Health Information Systems (HIS). Due to recent research developments in trusted computing concepts, it is now both timely and desirable to move electronic HIS towards privacy-aware and security-aware applications. We introduce the OTHIS architecture in this paper. This scheme proposes a feasible and sustainable solution to meeting real-world application security demands using commercial off-the-shelf systems and commodity hardware and software products.

A Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context

An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information security culture in Saudi Arabian organizations. We plan to use this framework to investigate whether security culture has emerged into practices in Saudi Arabian organizations.

Information security culture : a behaviour compliance conceptual framework

Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.

A psychosocial approach to understanding young Australians' mobile phone behaviour

This thesis by publication contributes to our knowledge of psychological factors underlying a modern day phenomenon, young people’s mobile phone behaviour. Specifically, the thesis reports a PhD program of research which adopted a social psychological approach to explore mobile phone behaviour among young Australians aged between 15 and 24 years. A particular focus of the research program was to explore both the cognitive and behavioural aspects of young people’s mobile phone behaviour which for the purposes of this thesis is defined as mobile phone involvement. The research program comprised three separate stages which were developmental in nature, in that, the findings of each stage of the research program informed the next. The overarching goal of the program of research was to improve our understanding of the psychosocial factors influencing young people’s mobile phone behaviour. To achieve this overall goal, there were a number of aims to the research program which reflect the developmental nature of this thesis. Given the limited research into the mobile phone behaviour in Australia, the first two aims of the research program were to explore patterns of mobile phone behaviour among Australian youth and explore the social psychological factors relating to their mobile phone behaviour. Following this exploration, the research program sought to develop a measure which captures the cognitive and behavioural aspects of mobile phone behaviour. Finally, the research program aimed to examine and differentiate the psychosocial predictors of young people’s frequency of mobile phone use and their level of involvement with their mobile phone. Both qualitative and quantitative methodologies were used throughout the program of research. Five papers prepared during the three stages of the research program form the bulk of this thesis. The first stage of the research program was a qualitative investigation of young people’s mobile phone behaviour. Thirty-two young Australians participated in a series of focus groups in which they discussed their mobile phone behaviour. Thematic data analysis explored patterns of mobile phone behaviour among young people, developed an understanding of psychological factors influencing their use of mobile phones, and identified that symptoms of addiction were emerging in young people’s mobile phone behaviour. Two papers (Papers 1 and 2) emanated from this first stage of the research program. Paper 1 explored patterns of mobile phone behaviour and revealed that mobile phones were perceived as being highly beneficial to young people’s lives, with the ability to remain in constant contact with others being particularly valued. The paper also identified that symptoms of behavioural addiction including withdrawal, cognitive and behavioural salience, and loss of control, emerged in participants’ descriptions of their mobile phone behaviour. Paper 2 explored how young people’s need to belong and their social identity (two constructs previously unexplored in the context of mobile phone behaviour) related to their mobile phone behaviour. It was revealed that young people use their mobile phones to facilitate social attachments. Additionally, friends and peers influenced young people’s mobile phone behaviour; for example, their choice of mobile phone carrier and their most frequent type of mobile phone use. These papers laid the foundation for the further investigation of addictive patterns of behaviour and the role of social psychological factors on young people’s mobile behaviour throughout the research program. Stage 2 of the research program focussed on developing a new parsimonious measure of mobile phone behaviour, the Mobile Phone Involvement Questionnaire (MPIQ), which captured the cognitive and behavioural aspects of mobile phone use. Additionally, the stage included a preliminary exploration of factors influencing young people’s mobile phone behaviour. Participants (N = 946) completed a questionnaire which included a pool of items assessing symptoms of behavioural addiction, the uses and gratifications relating to mobile phone use, and self-identity and validation from others in the context of mobile phone behaviour. Two papers (Papers 3 & 4) emanated from the second stage of the research program. Paper 3 provided an important link between the qualitative and quantitative components of the research program. Qualitative data from Stage 1 indicated the reasons young people use their mobile phones and identified addictive characteristics present in young people’s mobile phone behaviour. Results of the quantitative study conducted in Stage 2 of the research program revealed the uses and gratifications relating to young people’s mobile phone behaviour and the effect of these gratifications on young people’s frequency of mobile phone use and three indicators of addiction, withdrawal, salience, and loss of control. Three major uses and gratifications: self (such as feeling good or as a fashion item), social (such as contacting friends), and security (such as use in an emergency) were found to underlie much of young people’s mobile phone behaviour. Self and social gratifications predicted young people’s frequency of mobile phone use and the three indicators of addiction but security gratifications did not. These results provided an important foundation for the inclusion of more specific psychosocial predictors in the later stages of the research program. Paper 4 reported the development of the mobile phone involvement questionnaire and a preliminary exploration of the effect of self-identity and validation from others on young people’s mobile phone behaviour. The MPIQ assessed a unitary construct and was a reliable measure amongst this cohort. Results found that self-identity influenced the frequency of young people’s use whereas self-identity and validation from others influenced their level of mobile phone involvement. These findings provided an important indication that, in addition to self factors, other people have a strong influence on young people’s involvement with their mobile phone and that mobile phone involvement is conceptually different to frequency of mobile phone use. Stage 3 of the research program empirically examined the psychosocial predictors of young people’s mobile behaviour and one paper, Paper 5, emanated from this stage. Young people (N = 292) from throughout Australia completed an online survey assessing the role of self-identity, ingroup norm, the need to belong, and self-esteem on their frequency of mobile phone use and their mobile phone involvement. Self-identity was the only psychosocial predictor of young people’s frequency of mobile phone use. In contrast, self-identity, ingroup norm, and need to belong all influenced young people’s level of involvement with their mobile phone. Additionally, the effect of self-esteem on young people’s mobile phone involvement was mediated by their need to belong. These results indicate that young people who perceive their mobile phone to be an integral part of their self-identity, who perceive that mobile phone is common amongst friends and peers, and who have a strong need for attachment to others, in some cases driven by a desire to enhance their self-esteem, are most likely to become highly involved with their mobile phones. Overall, this PhD program of research has provided an important contribution to our understanding of young Australians’ mobile phone behaviour. Results of the program have broadened our knowledge of factors influencing mobile phone behaviour beyond the approaches used in previous research. The use of various social psychological theories combined with a behavioural addiction framework provided a novel examination of young people’s mobile behaviour. In particular, the development of a new measure of mobile phone behaviour in the research program facilitated the differentiation of the psychosocial factors influencing frequency of young people’s mobile phone behaviour and their level of involvement with their mobile phone. Results of the research program indicate the important role that mobile phone behaviour plays in young people’s social development and also signals the characteristics of those people who may become highly involved with their mobile phone. Future research could build on this thesis by exploring whether mobile phones are affecting traditional social psychological processes and whether the results in this research program are generalisable to other cohorts and other communication technologies.