The multifaceted and ever-changing directions of information security - Australia get ready!

In recent years, we have witnessed many information security developmental trends. As a consequence, the dimensions of information security - once single disciplinary area - have become multifaceted and convoluted. This paper aims to (1) recapitulate these key developments: (2) argue that the emergence of many complex information security dimensions are the result of 'constant change agents' (CCAs); (3) discuss the implications on Australia's society, i. e. government, companies and individuals; and (4) propose key consideration areas and possible solutions thereof. We hope that the discussion presented here will position Australia to make better aligned information security and strategic plans, such as choosing appropriate investments and adopting effective solutions to strengthen and secure Australia's national information security posture.

Understanding transition towards information security culture change

Transitioning towards an information security culture for organisations has not been adequately explored in the current security and management literature. Many authors have proposed how information security culture can be created, fostered and managed within organisations, but have failed to adequately address the transition process towards information security culture change, particularly for small medium enterprises (SMEs). This paper aims to (1) recapitulate key developments and trends within information security culture literature; (2) explore in detail the transition process towards organisational change; (3) adapt the transition process with respects to the key players involved in transition and propose a transition model for information security culture change; and (4) consider how this model could be used by managers and employees of Australian SMEs. A major intention of this paper is to provide academic researchers and practicing managers with an understanding of the transition process towards achieving information security culture change within SMEs.

Security in the online e-learning environment

This paper addresses the role of security in the collaborative e-learning environment, and in particular, the social aspects of security and the importance of identity. It represents a case study, completed in Nov 2004, which was conducted to test the sense of security that students experienced whilst using the wiki platform as a means of online collaboration in the tertiary education environment. Wikis, fully editable Web sites, are easily accessible, require no software and allow its contributors (in this case students) to feel a sense of responsibility and ownership. A comparison between two wiki studies will be made whereby one group employed user login and the other maintained anonymity throughout the course of the study. The results consider the democratic participation and evolution of the work requirements over time, which in fact ascertains the nonvalidity of administrative identification.

Responding to terrorism through networks at sites of critical infrastructure : a case study of Australian airport security networks

The importance of effective multilateral security networks is widely recognised in Australia and internationally as being essential to facilitate the large-scale sharing of information required to respond to the threat of terrorism. Australian national security agencies are currently constructing networks in order to bring the diverse national and international security agencies together to achieve this. This paper examines this process of security network formation in the area of critical infrastructure protection, with particular emphasis on airport security. We address the key issues and factors shaping network formation and the dynamics involved in network practice. These include the need for the networks to extend membership beyond the strictly defined elements of national security; the integration of public and private ‘nodes’ in counter-terrorism ‘networks’; and the broader ‘responsibilisation’ of the private sector and the challenges with ‘enabling’ them in counter-terrorism networks. We argue that the need to integrate public and private agencies in counter-terrorism networks is necessary but faces considerable organisational, cultural, and legal barriers.

E-business security management for Australian micro SMEs - a case study

Small and Medium Business Enterprises (SMEs) make a significant contribution to the economic viability of the Australian economy. The benefits of performing business in an on-line environment has been realised by Australian SMEs as the use of the Internet for performing business activities both with consumers and other businesses continues to increase. The findings of an empirical study and other evidence available indicate the uptake and advancement of performing e-business activities shall be dependent on two key complementary elements: first, the ability of Australian SMEs to secure their e-business systems; and second, the availability of an approach to recommend a practical e-business security management strategy. This paper presents the results of a case study which applied a previously developed methodology to a micro SME e-business system. The purpose was to validate the ability of the Australian Small to Medium Enterprise E-business Security Methodology (ASME-EBSM) to provide an effective security management strategy for Australian SMEs. The outcome demonstrated that this approach was both feasible and realistic for providing recommendations to secure the e-business activities performed and to protect the micro SME e-business system.

E-business security management for Australian small SMEs - a case study

Small and Medium sized Enterprises (SMEs) play an important role within the Australian economy. There is a strong business case for Australian SMEs to be involved in e-business, which has been realised as the use of the Internet for performing business activities continues to increase. The evidence available indicates the uptake and advancement of performing e-business activities shall be dependent on the ability of Australian SMEs to secure their e-business systems. This paper presents the results of a case study, which applied a previously developed methodology to a small SME e-business system. The purpose was to validate the ability of the Australian Small to Medium Enterprise E-business Security Methodology (ASME-EBSM) to provide an effective security management strategy for Australian SMEs. The outcome demonstrated that this approach was both feasible and realistic for providing recommendations to secure the e-business activities performed and to protect the small SME e-business system.

The derivation of a conceptual model for outsourcing IT security

IT security outsourcing is the establishment of a contractual relationship with an outside vendor to assume responsibility for one or more security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems in is placed in the hands of an external provider. This is the second paper discussing the improvement of the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integrates security benefits, costs and their respective performance measures. In this paper the methodology used to develop the model and its validation are discussed.

A participational security method for healthcare organisations

The use of participational approaches in system design have been debated for a number of years. Within this paper we describe a method that was used to effectively design information systems and implement information security countermeasures within a health care environment. The paper shows how it was used in a number of different environments.

The derivation of a conceptual model for IT security outsourcing

IT security outsourcing is the establishment of a contractual relationship between an organization with an outside vendor which assumes responsibility for the organisation’s security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems is placed in the hands of an external provider. This paper is a fuller and more comprehensive paper of a previous paper outlining the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integratessecurity benefits, costs and their respective performance measures. In this paper the methodology used to develop the model is discussed in detail.