An Action Research Program to Improve Information Systems Security Compliance across Government Agencies

Author

Smith, Stephen ; Jamieson, Rodger ; Winchester, Donald

Author_Institution

Sch. of Inf. Syst., New South Wales Univ., Kensington, NSW

fYear

2007

fDate

Jan. 2007

Firstpage

99

Lastpage

99

Abstract

Information systems security (ISSec) compliance is an important aspect of implementing e-government. This paper presents results from an action research project using longitudinal surveys as interventions to enhance understanding and improve security across the whole of the NSW government, in Australia. The ISO Standard AS/NZS ISO/IEC 17799:2001 Information Technology - code of practice for information security management, was used a framework for developing the survey research instrument. The major findings are that this action research program led to an improvement in ISSec compliance by agencies, increased understanding and knowledge as agencies became more aware of ISSec issues, improved agencies ISSec policies and plans, as well as improved business continuity plans. This research is innovative as it is the first time that ISSec has been explored using an action research framework across whole of government

Keywords

ISO standards; business continuity; certification; government data processing; security of data; Australia NSW government agencies; ISO Standard AS-NZS ISO-IEC 17799:2001 Information Technology; action research program; business continuity plans; information systems security compliance; Australia; Electronic government; IEC standards; ISO standards; Information management; Information security; Information systems; Information technology; Instruments; Technology management;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on

Conference_Location

Waikoloa, HI

ISSN

1530-1605

Electronic_ISBN

1530-1605

Type

conf

DOI

10.1109/HICSS.2007.58

Filename

4076572