E-business security management for Australian micro SMEs - a case study

Small and Medium Business Enterprises (SMEs) make a significant contribution to the economic viability of the Australian economy. The benefits of performing business in an on-line environment has been realised by Australian SMEs as the use of the Internet for performing business activities both with consumers and other businesses continues to increase. The findings of an empirical study and other evidence available indicate the uptake and advancement of performing e-business activities shall be dependent on two key complementary elements: first, the ability of Australian SMEs to secure their e-business systems; and second, the availability of an approach to recommend a practical e-business security management strategy. This paper presents the results of a case study which applied a previously developed methodology to a micro SME e-business system. The purpose was to validate the ability of the Australian Small to Medium Enterprise E-business Security Methodology (ASME-EBSM) to provide an effective security management strategy for Australian SMEs. The outcome demonstrated that this approach was both feasible and realistic for providing recommendations to secure the e-business activities performed and to protect the micro SME e-business system.

E-business security management for Australian small SMEs - a case study

Small and Medium sized Enterprises (SMEs) play an important role within the Australian economy. There is a strong business case for Australian SMEs to be involved in e-business, which has been realised as the use of the Internet for performing business activities continues to increase. The evidence available indicates the uptake and advancement of performing e-business activities shall be dependent on the ability of Australian SMEs to secure their e-business systems. This paper presents the results of a case study, which applied a previously developed methodology to a small SME e-business system. The purpose was to validate the ability of the Australian Small to Medium Enterprise E-business Security Methodology (ASME-EBSM) to provide an effective security management strategy for Australian SMEs. The outcome demonstrated that this approach was both feasible and realistic for providing recommendations to secure the e-business activities performed and to protect the small SME e-business system.

The derivation of a conceptual model for outsourcing IT security

IT security outsourcing is the establishment of a contractual relationship with an outside vendor to assume responsibility for one or more security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems in is placed in the hands of an external provider. This is the second paper discussing the improvement of the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integrates security benefits, costs and their respective performance measures. In this paper the methodology used to develop the model and its validation are discussed.

A participational security method for healthcare organisations

The use of participational approaches in system design have been debated for a number of years. Within this paper we describe a method that was used to effectively design information systems and implement information security countermeasures within a health care environment. The paper shows how it was used in a number of different environments.

The derivation of a conceptual model for IT security outsourcing

IT security outsourcing is the establishment of a contractual relationship between an organization with an outside vendor which assumes responsibility for the organisation’s security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems is placed in the hands of an external provider. This paper is a fuller and more comprehensive paper of a previous paper outlining the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integratessecurity benefits, costs and their respective performance measures. In this paper the methodology used to develop the model is discussed in detail.

A model and framework for online security benchmarking

The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.

E-business security benchmarking : a model and framework

The dynamic nature of threats and vulnerabilities within the e-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, e-business security has to become proactive, by reviewing and continuously improving security to strengthen e-business security measures and policies. This can be accomplished through benchmarking the security measures and policies utilised within the e-business, against recognised Information Technology (IT) and Information Security (IS) security standards.

A conceptual model for security outsourcing

This research analyses the current literature on IT security outsourcing and the organisational attitudes towards this approach to determine the applicability of outsourcing IT security in a commercial environment. A conceptual model is developed as the main goal of research which provides guidance in the process of outsourcing IT security functions to a third-party security service provider. The research conducted has established a complete process for outsourcing IT security.