Identifying child sexual abuse within school contexts : policy problems and solutions, and a landmark case

As a strategy to identify child sexual abuse, most Australian States and Territories have enacted legislation requiring teachers to report suspected cases. Some Australian State and non-State educational authorities have also created policy-based obligations to report suspected child sexual abuse. Significantly, these can be wider than non-existent or limited legislative duties, and therefore are a crucial element of the effort to identify sexual abuse. Yet, no research has explored the existence and nature of these policy-based duties. The first purpose of this paper is to report the results of a three-State study into policy-based reporting duties in State and non-State schools in Australia. In an extraordinary coincidence, while conducting the study, a case of failure to comply with reporting policy occurred with tragic consequences. This led to a rare example in Australia (and one of only a few worldwide) of a professional being prosecuted for failure to comply with a legislative duty. It also led to disciplinary proceedings against school staff. The second purpose of this paper is to describe this case and connect it with findings from our policy analysis.

Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.