Lucas M. Venter

A sustainable information security framework for e-Government – case of Tanzania

Abstract The government of Tanzania adopted an e-Government strategy in 2009 that is aimed at improving efficiency in government and providing better services to citizens. Information security is identified as one of the requirements for the successful e-Government implementation although the government has not adopted any standards or issued guidelines to government agencies with regards to information security. Comprehensive addressing of information security can be an expensive undertaking and without guidelines information security implementations may be more prone to failure. In a resource poor country such as Tanzania, there is a need for a cost effective and sustainable means of addressing information security in e-Government implementations. In this paper the authors present a case study of an e-Government interaction between a ministry and a government agency and the information security challenges identified in the implementation. In order to address these challenges an information security fram...

Psychosocial risks: Can their effects on the security of information systems really be ignored?

Purpose – The purpose of this paper is to highlight the relation of psychosocial risks to information security (IS). Although psychosocial risks at the workplace have been extensively researched from a managerial point of view, their effect on IS has not been formally studied to the extent required by the gravity of the topic. Design/methodology/approach – Based on existing research on psychosocial risks, their potential effects on IS are examined. Findings – It is shown that as psychosocial risks affect people at the workplace, they diminish their ability to defend IS. Research limitations/implications – Psychosocial risks are identified as a factor in IS breakdown. Future research should be directed towards assessing the significance of the effects of various psychosocial risks on IS, creating an assessment methodology for the resulting IS posture of the organisation and devising mitigation methodologies. Practical implications – The proposed approach will provide a significant part of the answer to the question of why IS fails when all prescribed measures and controls are in place and active. More effective controls for psychosocial risks at the workplace can be created as the incentive of upholding IS will be added to the equation of their mitigation. Social implications – The organisational environment in which human beings are called upon to function in a secure manner will be redefined, along with what constitutes a “reasonable request” from human operators in the context of IS. Originality/value – Bringing together psychosocial risks and IS in research will provide a better understanding of the shortcomings of human nature with respect to IS. Organisations and employees will benefit from the resulting psychosocial risk mitigation.

Towards the formalisation of object-oriented methodologies

Formal methods have been shown to be beneficial in increasing the quality of and confidence in software systems. The adoption of formal methods in industry has however been limited where the use of informal and semi-formal notations is favoured. To bridge the gap between the ease-of-use of semi-formal notations and correctness of formal methods, a number of approaches to the formalisation of semi-formal notations have been proposed. Two of these approaches are discussed in this paper on the strength of a case study. It is shown that each approach offers results that differ in terms of levels of abstraction, requisite knowledge of the formal target specification language and potential for automation.