Enterprise information security policy assessment : an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach.

ACE research vignette 013 : does policy for women's entrepreneurship promote gender equality, or not?

This series of research vignettes is aimed at sharing current and interesting research findings from our team and other international Entrepreneurship researchers. In this vignette, Professor Helene Ahl from Jonkoping University considers the consequences for gender equality of policy for women's entrepreneurship in two countries with distinctly different welfare state regimes.

Demand for, and Supply of, the Services of Primary Producer Representative Bodies in Queensland

In Queensland, at least 93 bodies exist to represent the interests of, and provide other services for, their farmer members, and their industries. The bodies vary greatly in focus, roles and activities, priorities, resources, size, and affiliations with other bodies. Results from a survey of 68 producer representative bodies (PRBs), and other data and information are used to examine the demand for, and supply of, farmer representational and other services in Queensland. The main results were: 1. member demand for services varies considerably between PRBs and is influenced by numerous factors; 2. members and non-members of one PRB vary significantly in the importance attached to some services; 3. the types of activities undertaken by PRBs varies between those for emerging and established industries; and 4. PRBs with paid staff/officers undertake more activities than others. The paper concludes that PRBs must continue to evolve and adapt their operations and structures to take account of changes in member and industry needs, external environments, cost pressures, resource availability, and sources of funding/assistance.

Cultural diversity, cultural networks and trade : international cultural policy debate

This article sketches some of the ways in which the language and concepts of cultural diversity are being taken up internationally. The debate has been driven in part by concerns about the treatment of cultural goods, services and knowledge in trade agreements. But it also involves larger questions about the role of the state, the role of non-state actors in domestic policy formation, and the shape and function of international policy communities comprising both state and non-state actors. The extent of the discussion of cultural diversity internationally is described through new formal and informal cultural networks and work towards an international instrument for cultural diversity to lay our ground rules for international trade, cultural exchange and policy principles to guide governmental responsibilities. The article concludes with analysis of some of these new networks, and investigates why Canada has been so prominent in these international efforts.

Globalization, media policy and regulatory design : rethinking the Australian media classification scheme

This paper considers the debate about the relationship between globalization and media policy from the perspective provided by a current review of the Australian media classification scheme. Drawing upon the author’s recent experience in being ‘inside’ the policy process, as Lead Commissioner on the Australian National Classification Scheme Review, it is argued that theories of globalization – including theories of neoliberal globalization – fail to adequately capture the complexities of the reform process, particularly around the relationship between regulation and markets. The paper considers the pressure points for media content policies arising from media globalization, and the wider questions surrounding media content policies in an age of media convergence.

Regulating assisted reproductive technologies in Victoria : the impact of changing policy concerning the accessibility of in vitro fertilisation for preimplantation tissue-typing

On 1 January 2010, the Assisted Reproductive Treatment Act 2008 (Vic) came into force. The legislation was the outcome of a detailed review and consultation process undertaken by the Victorian Law Reform Commission. Arguably, the change to the regulatory framework represents a significant shift in policy compared to previous regulatory approaches on this topic in Victoria. This article considers the impact of the new legislation on eligibility for reproductive treatments, focusing on the accessibility of such services for the purpose of creating a “saviour sibling”. It also highlights the impact of the Victorian regulatory body’s decision to abolish its regulatory policies on preimplantation genetic diagnosis and preimplantation tissue-typing, concluding that the regulatory approach in relation to these latter issues is similar to other Australian jurisdictions where such practices are not addressed by a statutory framework.

A small molecule that walks non-directionally along a track without external intervention

Charge of the light brigade: A molecule is able to walk back and forth upon a five-foothold pentaethylenimine track without external intervention. The 1D random walk is highly processive (mean step number 530) and exchange takes place between adjacent amine groups in a stepwise fashion. The walker performs a simple task whilst walking: quenching of the fluorescence of an anthracene group sited at one end of the track. Copyright © 2012 WILEY-VCH Verlag GmbH & Co. KGaA, Weinheim.

Speed enforcement in Australia : a changing policy landscape shaped by public opinion

- Speeding and crash involvement in Australia - Speed management in Australia - Jurisdictional differences - National Road Safety Strategy (2011-2020) - Auditor-General reviews of speed camera programs - The role of public opinion/feedback - Implications for speed management

Managing open incremental process innovation : absorptive capacity and distributed learning

In this conceptual article, we extend earlier work on Open Innovation and Absorptive Capacity. We suggest that the literature on Absorptive Capacity does not place sufficient emphasis on distributed knowledge and learning or on the application of innovative knowledge. To accomplish physical transformations, organisations need specific Innovative Capacities that extend beyond knowledge management. Accessive Capacity is the ability to collect, sort and analyse knowledge from both internal and external sources. Adaptive Capacity is needed to ensure that new pieces of equipment are suitable for the organisation's own purposes even though they may have been originally developed for other uses. Integrative Capacity makes it possible for a new or modified piece of equipment to be fitted into an existing production process with a minimum of inessential and expensive adjustment elsewhere in the process. These Innovative Capacities are controlled and coordinated by Innovative Management Capacity, a higher-order dynamic capability.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.