Donald Winchester

Circuits of power: a study of mandated compliance to an information systems security de jure standard in a government organization

Organizations need to protect information assets against cyber crime, denial-of-service attacks, web hackers, data breaches, identity and credit card theft, and fraud. Criminals often try to achieve financial, political, or personal gain through these attacks, so the threats that their actions prompt are insidious motivators for organizations to adopt information systems security (ISS) approaches. Extant ISS research has traditionally examined ISS in e-commerce business organizations. The present study investigates ISS within government, analyzing power relationships during an ISS standards adoption and accreditation process, where a head of state mandates that all government agencies are to comply with a national de jure ISS standard. Using a canonical action research method, designated managers of ISS services across small, medium, and large agencies were monitored and assessed for progress to accreditation through surveys, interviews, participant observation at round table forums, and focus groups. By 2008, accreditation status across the 89 agencies participating in this study was approximately 33 percent fully accredited, with 67 percent partially compliant. The research uses Cleggs (1989) circuits of power framework to interpret power, resistance, norms, and cultural relationships in the process of compliance. The paper highlights that a strategy based on organization subunit size is helpful in motivating and assisting organizations to move toward accreditation. Mandated standard accreditation was inhibited by insufficient resource allocation, lack of senior management input, and commitment. Factors contributing to this resistance were group norms and cultural biases.

An Action Research Program to Improve Information Systems Security Compliance across Government Agencies

Information systems security (ISSec) compliance is an important aspect of implementing e-government. This paper presents results from an action research project using longitudinal surveys as interventions to enhance understanding and improve security across the whole of the NSW government, in Australia. The ISO Standard AS/NZS ISO/IEC 17799:2001 Information Technology - code of practice for information security management, was used a framework for developing the survey research instrument. The major findings are that this action research program led to an improvement in ISSec compliance by agencies, increased understanding and knowledge as agencies became more aware of ISSec issues, improved agencies ISSec policies and plans, as well as improved business continuity plans. This research is innovative as it is the first time that ISSec has been explored using an action research framework across whole of government

Development of a Conceptual Framework for Managing Identity Fraud

This paper builds a conceptual identity fraud enterprise management framework. The model is constructed through analysis and synthesis of models from academic literature, reports by industry professionals, and grounded through interviews with Australian-based industry experts. Models identified include, cost of identity fraud, identity and identity fraud risk management, identity fraud profiling, fraud risk management, accounting and auditing, corporate and internal fraud, computing abuse, and e-fraud prevention. The proposed frameworks strengths include, robust stages within anticipatory, reactionary and remediation phases, and covers internal and external crimes, including traditional (offline) and electronic (online) crimes. The stages are well defined, comprehensive, encourage teamwork, are scaleable and reflective to permit learning and change to be incorporated to minimize identity fraud and related crimes

A Study of the Risks in an Information System Outsourcing Partnership

The objective of this paper is to report the findings of a case study into the risks involved in an information systems outsourcing partnership between a retail bank client and the vendor, an information technology service provider. By drawing on the case study, the paper proposes a theoretical development of shared benefits and shared risks in IT outsourcing partnerships. The paper argues that the longevity and success of the outsourcing partnership depends largely on managing shared risks and goals in the outsourcing partnership, which may gradually deteriorate over time without frequent, open interactions between partnership members. The outsourcing partnership contractual agreements alone may have limited scope in contributing to shared risk reduction in the IT outsourcing partnership if relationships deteriorate.

Collaboration as a strategic service in government online communities

Abstract This study investigates strategic innovation changes designed to facilitate ‘Collaboration as a Service’ that were undertaken on information technology platform sites hosting online communities by NSW state government agencies in Australia. The initial platform hosted the Guardianship Tribunal site dealing with people that have disabilities. The second platform involved working groups (WGs). The third platform hosted knowledge resource centre user group sites. A WG focusing on climate change issues that collaborated within and across agencies, as well as with outside organizations was investigated. A feature of the climate change group is that it requires data and collaboration from many agencies with a future-oriented function and duration of 20+ years. Overall, the WGs perform better following the adoption and implementation of collaborative tools resulting in the benefits of there being a single-point document, reduced duplication of information and effort and a design that complements WG operational activities. Lessons were learned from changes in service delivery for the design of face-to-face services that drove pre-implementation factors and assisted change and collaboration in earlier platforms through enhancing later sites features and functionality limiting user resistance. However, the organizational change contributed to enhanced centralization and panopticism of organizational power relations.