Policies and User Perception based Data Security in the Cloud

In today’s world, most of the companies migrated from desktop devices to the cloud. Cloud is a platform for storing large amount of data. Among this it is very necessary to provide data security over the un-trusted cloud. We cannot trust the cloud provider when sensitive data is stored in the cloud so that, various security aspects are required to protect sensitive data which is stored on the cloud. The main problem is that, how to deal with such security issues to protect sensitive data. With the help of policy based security, it is possible to minimize data security issues and to improve data privacy. This paper proposes a user perception framework. According to this framework, owner of the organization is able to tell which user of that organization will follow which rights. A particular user should provide his/her privileges to the owner and he will protect user’s data by giving full rights to access data based on the identification of the users

Deepening the Knowledge on Information Security Management in Developing Countries: Evidence from Ghana

Following the seamless integration of the internet with computer information systems and the rapid increase in the number of people worldwide who possess the skills needed to launch cyber-attacks on public communication systems, businesses and organizations can hardly assume adequate security by depending on anonymity and geographical location. The basis of this study deepens knowledge on information security management in developing countries. This study uses both quantitative and qualitative approaches to examine the information security management practices of Social Security and National Trust in Ghana. Findings from results from the study suggest significant indications of human factor vulnerabilities and threats to information security. Findings also suggest that high levels of vulnerability to an external attack. Other findings however indicate management level recognition of education and training as very essential in improving information security practices. Although the results of this study may not be generalizable, we recommend that the issue of education and training on information security management should be made top priority on the IT agendas of all organizations in Ghana. A further study is proposed to assess the value placed on information security management within the context of developing countries and the factors that influence these values. Keywords: Information Security Management, Cyber-attack, developing countries, computerization, security policy, security awareness, education and trainin

Digital curation of records in the cloud to support e-government services in South Africa

Many scholars lament of poor infrastructure to manage and preserve digital records within the public sector in South Africa to support electronic government (egovernment). For example, in South Africa, the national archives’ repository and its subsidiary provincial archives do not have infrastructure to ingest digital records into archival custody. As a result, digital records are left to the creating agencies to manage and preserve. The problem is compounded by the fact that very few public sector organisations in South Africa have procured systems to manage digital records. Therefore, a question is how are digital records managed and stored in these organisations to support e-government? Do public organisations entrust their records to the cloud as an alternative storage given the fact that both physical and virtual storages are a problem? If they do, how do they ensure accessibility, governance, security and long-term preservation of records in the cloud? Utilising the Digital Curation Centre (DCC) Lifecycle Model as a guiding framework, this qualitative study sought to explore digital curation of records in the cloud to support e-government services in South Africa with the view to propose a framework that would guide the public sector to migrate records to the cloud storage. Semi-structured interviews were employed to collect data from the purposively selected Chief Information Officers in the national government departments that have implemented some of the electronic services such as the Department of Arts and Culture, Department of Home Affairs, Department of Higher Education and Training and the Department of Basic Education. Furthermore, the National Archives and Records Services of South Africa was also chosen as it is charged with the statutory regulatory role of records management in governmental bodies. So is the State Information Technology Agency (SITA), a public sector ICT company established in 1999 to consolidate and coordinate the state’s information technology resources in order to achieve cost savings through scale, increase delivery capabilities and enhance interoperability. Interview data were augmented through document analysis of legislation and policies pertaining to data storage. Data were analysed thematically and interpreted in accordance with the objectives of the study. The key finding suggests that although public servants informally and unconsciously put some records in the clouds, government departments in South Africa are sceptical to entrust their records to the cloud due to a number of reasons, such as lack of policy and legislative framework, lack of trust to the cloud storage, jurisdiction, legal implications, privacy, ownership and security risks. This study recommends that given the evolution of technology, the government should regulate cloud storage through policy and legislative promulgation, as well as developing a government-owned cloud managed through SITA in order for all government departments to use it. This study suggests a framework to migrate paperbased records to cloud storage that is controlled by the government.Information ScienceD.Lit. et Phil. (Information Science