Stephen Smith

Circuits of power: a study of mandated compliance to an information systems security de jure standard in a government organization

Organizations need to protect information assets against cyber crime, denial-of-service attacks, web hackers, data breaches, identity and credit card theft, and fraud. Criminals often try to achieve financial, political, or personal gain through these attacks, so the threats that their actions prompt are insidious motivators for organizations to adopt information systems security (ISS) approaches. Extant ISS research has traditionally examined ISS in e-commerce business organizations. The present study investigates ISS within government, analyzing power relationships during an ISS standards adoption and accreditation process, where a head of state mandates that all government agencies are to comply with a national de jure ISS standard. Using a canonical action research method, designated managers of ISS services across small, medium, and large agencies were monitored and assessed for progress to accreditation through surveys, interviews, participant observation at round table forums, and focus groups. By 2008, accreditation status across the 89 agencies participating in this study was approximately 33 percent fully accredited, with 67 percent partially compliant. The research uses Cleggs (1989) circuits of power framework to interpret power, resistance, norms, and cultural relationships in the process of compliance. The paper highlights that a strategy based on organization subunit size is helpful in motivating and assisting organizations to move toward accreditation. Mandated standard accreditation was inhibited by insufficient resource allocation, lack of senior management input, and commitment. Factors contributing to this resistance were group norms and cultural biases.

Determining Key Factors in E-Government Information System Security

Abstract This article investigates the key drivers and inhibitors for information system security and business continuity management in E-government. Based on data collected from a broad cross-section of government organizations, the key implementation issues include awareness, active management support, training, and appropriate funding.

An Action Research Program to Improve Information Systems Security Compliance across Government Agencies

Information systems security (ISSec) compliance is an important aspect of implementing e-government. This paper presents results from an action research project using longitudinal surveys as interventions to enhance understanding and improve security across the whole of the NSW government, in Australia. The ISO Standard AS/NZS ISO/IEC 17799:2001 Information Technology - code of practice for information security management, was used a framework for developing the survey research instrument. The major findings are that this action research program led to an improvement in ISSec compliance by agencies, increased understanding and knowledge as agencies became more aware of ISSec issues, improved agencies ISSec policies and plans, as well as improved business continuity plans. This research is innovative as it is the first time that ISSec has been explored using an action research framework across whole of government

An activity theoretic analysis of the mediating role of information systems in tackling climate change adaptation

This paper demonstrates that information systems (IS) researchers and practitioners can make a significant contribution to the grand challenge of sustainability in light of global climate change. In doing so, the paper takes a novel perspective by going beyond the dominant emphasis in the Green IS literature on climate change mitigation to focus on climate change adaptation. To demonstrate how IS researchers and practitioners can engage with the grand challenge of sustainability, we report the findings of an investigation into the role of IS in climate change adaptation programmes of the government of New South Wales, Australia. Canonical action research, informed by activity theory, proved to be an appropriate methodology for this investigation by combining iterative collaborative engagement and rigorous scholarly reflection. Activity theory has previously been successfully used in IS research as a framework for inquiry and description but not for prediction. This raised questions, addressed in this study, about whether or not activity theory could be used to guide interventions and make sense of their impact. The findings reveal how activity theory provides an appropriate balance between scope and detail to accommodate the complex processes of planning and implementing climate change adaptation programmes. We conclude that while climate adaptation is complex, activity theory, specifically five dynamic dimensions for deep sense‐making, can inform interventions in climate change adaptation projects. Most significantly, we demonstrate that IS experts can make a positive contribution to addressing one of the most important grand challenges of our time.

A Tuned Fuzzy Logic Relocation Model in WSNs Using Particle Swarm Optimization

In harsh and hostile environments, swift relocation of currently deployed nodes in the absence of centralized paradigm is a challenging issue in WSNs. Reducing the burden of centralized relocation paradigms by the distributed movement models comes at the price of unpleasant oscillations and excessive movements due to nodes local and limited interactions. If the nodes careless movements in the distributed relocation models are not properly addressed, their power will be exhausted. Therefore, in order to exert proper amount of virtual radial/angular push/pull forces among the nodes, a fuzzy logic relocation model is proposed and by considering linear combination of the presented performance metric(s)(i.e. coverage, uniformity, and average movement), its parameters are locally and globally tuned by particle swarm optimization(PSO). In order to tune fuzzy parameters locally and globally, PSO benefits respectively from nodes neighbours within different ranges and all the given deployed area. Performance of locally and globally tuned fuzzy relocation models is compared with one another in addition to the distributed self-spreading algorithm (DSSA). It is shown that by applying PSO to the linear combinations of desired metric(s) to obtain tuned fuzzy parameters, the relocation model outperforms and/or is comparable to DSSA in one or more performance metric(s).

How Organization Goals Affect Interorganization System Implementation Projects: Evidence and Implications

The factors leading to the initial adoption of an interorganizational system (IOS) are reasonably well understood, but this is not true of the determinants of the activities performed following that decision. This paper proposes that the motivation to implement a system is the starting point for understanding the implementation process and develops a theory about the relationship between the motivation to implement an IOS system and the types of activities likely to be performed in the project. We then compare predictions against activities actually performed in three electronic data interchange (EDI) projects, and find that the patterns predicted are observed. On this basis, we assert that motivation influenced business decisions regarding which activities to conduct in each project. We finally assess the likely long-run consequences of each organizations activity pattern, noting that each motivation-based pattern brings with it a number of potential risks and opportunities that need to be managed carefully.

Development of a Conceptual Framework for Managing Identity Fraud

This paper builds a conceptual identity fraud enterprise management framework. The model is constructed through analysis and synthesis of models from academic literature, reports by industry professionals, and grounded through interviews with Australian-based industry experts. Models identified include, cost of identity fraud, identity and identity fraud risk management, identity fraud profiling, fraud risk management, accounting and auditing, corporate and internal fraud, computing abuse, and e-fraud prevention. The proposed frameworks strengths include, robust stages within anticipatory, reactionary and remediation phases, and covers internal and external crimes, including traditional (offline) and electronic (online) crimes. The stages are well defined, comprehensive, encourage teamwork, are scaleable and reflective to permit learning and change to be incorporated to minimize identity fraud and related crimes

A Study of the Risks in an Information System Outsourcing Partnership

The objective of this paper is to report the findings of a case study into the risks involved in an information systems outsourcing partnership between a retail bank client and the vendor, an information technology service provider. By drawing on the case study, the paper proposes a theoretical development of shared benefits and shared risks in IT outsourcing partnerships. The paper argues that the longevity and success of the outsourcing partnership depends largely on managing shared risks and goals in the outsourcing partnership, which may gradually deteriorate over time without frequent, open interactions between partnership members. The outsourcing partnership contractual agreements alone may have limited scope in contributing to shared risk reduction in the IT outsourcing partnership if relationships deteriorate.

Cooperative recovery of coverage holes in WSNs via disjoint spanning trees

Large scale coverage holes (CHs) resulting from correlated node failures, can significantly degrade quality of service and also jeopardise the integrity of WSNs. In the absence of centralised control, the distributed relocation of deployed nodes becomes a promising solution especially in harsh and hostile environments. In this paper, a distributed method is proposed that enables a network to partially or entirely repair itself through a collection of distributed movements of disjoint spanned trees (DS-Trees) towards the CHs. DS-Trees are spanned based on the nodes distances from the CHs, which are autonomously perceived by the nodes and their one-hop neighbours. DS-Trees around the CHs are spanned in a downstream style outwards from the holes, as nodes select their parents based on the minimum distance to the CH from their neighbours; nodes then decide whether or not to follow the movements of their DS-Trees parents. To examine the efficiency of the proposed model, its performance is compared with two Voronoi-based and one force-based node relocation algorithms. Results show that the proposed DS-Tree model either outperforms or matches the alternative approaches across a wide range of scenarios.

An iteratively tuned fuzzy logic movement model in WSN using particle swarm optimization

In contrast to adding new nodes, relocation of deployed nodes in mobile wireless sensor networks seems to be an effective solution to cope with undesirable, unpredictable and uncontrolled network topology changes due to nodes drift and failure. At the price of less global control, there is a trend in recent years towards giving nodes more autonomy and devising localized relocation algorithms to address challenges of network topology control in harsh and hostile environments in the absence of centralized control. Inspired by laws of nature, a large variety of distributed node relocation algorithms have been designed to alleviate undesirable oscillations caused by local interactions and uncertainties among autonomous nodes as they reach their desired formations. Force-based distributed relocation algorithms governed by virtual push-pull forces among autonomous nodes are among such aforesaid algorithms. Adapting fuzzy logic model in exerting proper amount of forces to reduce node movement oscillation seems to be promising as its conforms well with uncertainties and interactions of autonomous nodes. However, parameters of fuzzy logic relocation model should be tuned so to enable nodes to exert proper amount of forces among their in-range neighbours. In this paper, by using particle swarm optimization, parameters of fuzzy relocation model are obtained based on the desired combinations of performance metrics within nodes range in each movement iteration. The result shows that our model either outperforms or matches DSSA movement model.