E-business security management for Australian small SMEs - a case study

Small and Medium sized Enterprises (SMEs) play an important role within the Australian economy. There is a strong business case for Australian SMEs to be involved in e-business, which has been realised as the use of the Internet for performing business activities continues to increase. The evidence available indicates the uptake and advancement of performing e-business activities shall be dependent on the ability of Australian SMEs to secure their e-business systems. This paper presents the results of a case study, which applied a previously developed methodology to a small SME e-business system. The purpose was to validate the ability of the Australian Small to Medium Enterprise E-business Security Methodology (ASME-EBSM) to provide an effective security management strategy for Australian SMEs. The outcome demonstrated that this approach was both feasible and realistic for providing recommendations to secure the e-business activities performed and to protect the small SME e-business system.

The derivation of a conceptual model for outsourcing IT security

IT security outsourcing is the establishment of a contractual relationship with an outside vendor to assume responsibility for one or more security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems in is placed in the hands of an external provider. This is the second paper discussing the improvement of the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integrates security benefits, costs and their respective performance measures. In this paper the methodology used to develop the model and its validation are discussed.

A participational security method for healthcare organisations

The use of participational approaches in system design have been debated for a number of years. Within this paper we describe a method that was used to effectively design information systems and implement information security countermeasures within a health care environment. The paper shows how it was used in a number of different environments.

The derivation of a conceptual model for IT security outsourcing

IT security outsourcing is the establishment of a contractual relationship between an organization with an outside vendor which assumes responsibility for the organisation’s security functions. Outsourcing in IS has had a variable history of success and the complexity of the decision making process leads to a substantial degree of uncertainty. This is especially so in the realm of IS security since the protection of both hardware and software systems is placed in the hands of an external provider. This paper is a fuller and more comprehensive paper of a previous paper outlining the effectiveness of the decision making process by means of a conceptual model using Soft System Methodology techniques that integratessecurity benefits, costs and their respective performance measures. In this paper the methodology used to develop the model is discussed in detail.

Cost of stroke in Australia from a societal perspective: results from the north east Melbourne stroke incidence study (NEMESIS)

Background and Purpose—— Accurate information about resource use and costs of stroke is necessary for informed health service planning. The purpose of this study was to determine the patterns of resource use among stroke patients and to estimate the total costs (direct service use and indirect production losses) of stroke (excluding SAH) in Australia for 1997.

Methods—— An incidence-based cost-of-illness model was developed, incorporating data obtained from the North East Melbourne Stroke Incidence Study (NEMESIS). The costs of stroke during the first year after stroke and the present value of total lifetime costs of stroke were estimated.

Results—— The total first-year costs of all first-ever-in-a lifetime strokes (SAH excluded) that occurred in Australia during 1997 were estimated to be A$555 million (US$420 million), and the present value of lifetime costs was estimated to be A$1.3 billion (US$985 million). The average cost per case during the first 12 months and over a lifetime was A$18 956 (US$14 361) and A$44 428 (US$33 658), respectively. The most important categories of cost during the first year were acute hospitalization (A$154 million), inpatient rehabilitation (A$150 million), and nursing home care (A$63 million). The present value of lifetime indirect costs was estimated to be A$34 million.

Conclusions—— Similar to other studies, hospital and nursing home costs contributed most to the total cost of stroke (excluding SAH) in Australia. Inpatient rehabilitation accounts for {approx}27% of total first-year costs. Given the magnitude of these costs, investigation of the cost-effectiveness of rehabilitation services should become a priority in this community.

A model and framework for online security benchmarking

The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.

E-business security benchmarking : a model and framework

The dynamic nature of threats and vulnerabilities within the e-business environment can impede online functionality, compromise organisational or customer information, contravene security implementations and thereby undermine online customer confidence. To negate these problems, e-business security has to become proactive, by reviewing and continuously improving security to strengthen e-business security measures and policies. This can be accomplished through benchmarking the security measures and policies utilised within the e-business, against recognised Information Technology (IT) and Information Security (IS) security standards.

A conceptual model for security outsourcing

This research analyses the current literature on IT security outsourcing and the organisational attitudes towards this approach to determine the applicability of outsourcing IT security in a commercial environment. A conceptual model is developed as the main goal of research which provides guidance in the process of outsourcing IT security functions to a third-party security service provider. The research conducted has established a complete process for outsourcing IT security.