Rodger Jamieson

Determining Key Factors in E-Government Information System Security

Abstract This article investigates the key drivers and inhibitors for information system security and business continuity management in E-government. Based on data collected from a broad cross-section of government organizations, the key implementation issues include awareness, active management support, training, and appropriate funding.

Identification of Legal Issues for Computer Forensics

Abstract The adoption of computers into every aspect of modern society has been accompanied by the rise of E-crime. the processes and techniques employed by the field of computer forensics offer huge potential for the extraction and presentation of electronic evidence in a court of law. This article analyzes the legal issues that currently or could potentially impact the computer forensics field from the perspective of experts in Australia.

The Introduction and Assessment of Three Teaching Tools (WebCT, Mindtrail, EVE) into a Post Graduate Course

This paper discusses the use and assessment of three teaching tools (WebCT, Mindtrail, and EVE) in a postgraduate course. Firstly, the postgraduate course is introduced and the reader is provided with an overview of the course, Information Systems Auditing, an explanation of the manner in which the course was delivered, the cohort attending, the staff teaching the course, and the use of information Technology (IT) in the course. The paper then provides an overview of each of the tools used including their description, rationale, deployment and use in the course. Web CT assisted with supporting delivery of the course and class discussions, Mindtrail helped in the marking and assessment of student assignments, while EVE assisted in the identification and control of plagiarism by students in their assignments. Following descriptions of the use of these tools in the course, an assessment was carried out as to their usefulness, from both an academic staff and student perspective. Students’ perspectives were gathered by use of a questionnaire at the end of the course. The overall impression of WebCT was that it was a worthwhile tool to support the course and will be used in future courses. Mindtrail was adopted to improve both the assignment marking quality and the feedback given to students and we found that the explicit construction of the knowledge tree (marking guide) assisted in focusing on the important issues of the assignment and thus provided a more ‘objective’ marking process. EVE analyses documents for plagiarism and was adopted as a deterrent in the major assignment. The lecturers’ believe that its use was most worthwhile and demonstrated the academic staff’s seriousness about stopping plagiarism. A number of deficiencies identified with the tools and recommendations for its their improvement are also presented. An analysis of students’ perceptions of the three tools revealed that WebCT was rated greater than ‘moderately useful’ and those students who had a high WebCT access rate, perceived that WebCT was more useful than students in a lower access rate category. Students also found WebCT easy to use, and improved communications between students and instructors during the course. Similarly, Mindtrail was perceived as greater than ‘moderately useful’ by the students and contained ‘moderately detailed’ feedback on their major assignments. EVE similarly was perceived as ‘moderately useful’ by the students, provided ‘moderately detailed’ feedback to students, and students believed that is was a good idea to prevent/control plagiarism. Overall both the students and the academic staff perceived the three tools as being useful to the completion and running of the course, and the results provide a solid base for the continued use of these tools.

An Action Research Program to Improve Information Systems Security Compliance across Government Agencies

Information systems security (ISSec) compliance is an important aspect of implementing e-government. This paper presents results from an action research project using longitudinal surveys as interventions to enhance understanding and improve security across the whole of the NSW government, in Australia. The ISO Standard AS/NZS ISO/IEC 17799:2001 Information Technology - code of practice for information security management, was used a framework for developing the survey research instrument. The major findings are that this action research program led to an improvement in ISSec compliance by agencies, increased understanding and knowledge as agencies became more aware of ISSec issues, improved agencies ISSec policies and plans, as well as improved business continuity plans. This research is innovative as it is the first time that ISSec has been explored using an action research framework across whole of government

A Framework for Security, Control and Assurance of Knowledge Management Systems

Knowledge management systems are proliferating through organizations as management seeks to gain competitive advantage by enhancing and sharing knowledge across the organization. Unfortunately there are risks and consequences associated with knowledge management systems that may not be adequately controlled and audited, and may breach privacy concerns and legislation. This chapter addresses these issues and provides a framework and guidelines for management to provide assurance over their KM systems.

Development of a Conceptual Framework for Managing Identity Fraud

This paper builds a conceptual identity fraud enterprise management framework. The model is constructed through analysis and synthesis of models from academic literature, reports by industry professionals, and grounded through interviews with Australian-based industry experts. Models identified include, cost of identity fraud, identity and identity fraud risk management, identity fraud profiling, fraud risk management, accounting and auditing, corporate and internal fraud, computing abuse, and e-fraud prevention. The proposed frameworks strengths include, robust stages within anticipatory, reactionary and remediation phases, and covers internal and external crimes, including traditional (offline) and electronic (online) crimes. The stages are well defined, comprehensive, encourage teamwork, are scaleable and reflective to permit learning and change to be incorporated to minimize identity fraud and related crimes

Development of a Framework for Risks and Security in B2C eBusiness

The aim of this paper is to develop a framework for analysing risks, security and controls for business to consumer electronic commerce over the Internet. An initial framework was developed from the literature and was validated by comparing it against current industry practice. To achieve this, a number of semi-structured interviews were conducted with a range of industry professionals who were representatives from EC consultants, Independent security consultants, BIG 5 audit and security consultants, Web based assurance service providers, Internal audit and Law enforcement agencies. These interviews validated much of the framework and identified additional risks and controls that were added to the framework. In the process, a matrix was developed to match the identified risks with their mitigating controls, which was further validated by the practitioners. This matrix can be used as a support for practitioners seeking to identify and mitigate risks for Internet commerce as well as providing a springboard for future research.

Security and control issues in local area network design

This paper presents security and control issues and concerns associated with network design within a local area network (LAN) environment. Five key issues are identified for more detailed investigation: adequate network planning, sound network management, dangers from external LAN connections, access to data and programs, and level of LAN service. For each of these issues control and security measures are proposed as guidelines to counter these risks or concerns. To complement this issues approach, an alternative strategy based on LAN components is presented in the form of a summary table. Here network design is subdivided into several functional areas or components, together with the security and control measures providing protection for each component. The identification and discussion of these issues, concurrently with suggested security measures, provides guidance to personnel involved in the design and review of LAN security during the LAN design phase. Information on LAN risks, exposures and protective measures will be valuable to information systems management when planning resource commitments for the security budget.

Security risks in mobile business

This paper presents the findings from a study which investigated the security and control issues surrounding the deployment of mobile and wireless applications within Australian based companies. This research undertakes an exploratory study into the perceptions of risk, which practitioners and companies have experienced, thereby enhancing knowledge of the domain. This paper will report on the risks of m-business identified by the study participants and their classification into Varshhney and Vetters (2000) 4-level integrated framework for mobile commerce.

Local area network operations: a security, control and audit perspective

This paper provides a framework for the review of security and control within a local area network environment. Network operations are subdivided into several functional areas or components for further review. Each component or area is briefly explained and the security risks, issues and concerns highlighted. Controls and security measures are proposed as guidelines to counter these threats. An approach to the audit of each major area of network operations is proposed.This suggested framework provides guidance to information system security officers, auditors, communications and network administrators, consultants and information systems management for the review of local area network security during network operations.