4 research outputs found
Policies and User Perception based Data Security in the Cloud
In today’s world, most of the companies migrated from desktop devices to the cloud. Cloud is a platform for storing large amount of data. Among this it is very necessary to provide data security over the un-trusted cloud. We cannot trust the cloud provider when sensitive data is stored in the cloud so that, various security aspects are required to protect sensitive data which is stored on the cloud. The main problem is that, how to deal with such security issues to protect sensitive data. With the help of policy based security, it is possible to minimize data security issues and to improve data privacy. This paper proposes a user perception framework. According to this framework, owner of the organization is able to tell which user of that organization will follow which rights. A particular user should provide his/her privileges to the owner and he will protect user’s data by giving full rights to access data based on the identification of the users
Deepening the Knowledge on Information Security Management in Developing Countries: Evidence from Ghana
Following the seamless integration of the internet with computer information systems and the rapid increase in the number of people worldwide who possess the skills needed to launch cyber-attacks on public communication systems, businesses and organizations can hardly assume adequate security by depending on anonymity and geographical location. The basis of this study deepens knowledge on information security management in developing countries. This study uses both quantitative and qualitative approaches to examine the information security management practices of Social Security and National Trust in Ghana. Findings from results from the study suggest significant indications of human factor vulnerabilities and threats to information security. Findings also suggest that high levels of vulnerability to an external attack. Other findings however indicate management level recognition of education and training as very essential in improving information security practices. Although the results of this study may not be generalizable, we recommend that the issue of education and training on information security management should be made top priority on the IT agendas of all organizations in Ghana. A further study is proposed to assess the value placed on information security management within the context of developing countries and the factors that influence these values. Keywords: Information Security Management, Cyber-attack, developing countries, computerization, security policy, security awareness, education and trainin
Digital curation of records in the cloud to support e-government services in South Africa
Many scholars lament of poor infrastructure to manage and preserve digital records
within the public sector in South Africa to support electronic government (egovernment).
For example, in South Africa, the national archives’ repository and its
subsidiary provincial archives do not have infrastructure to ingest digital records into
archival custody. As a result, digital records are left to the creating agencies to manage
and preserve. The problem is compounded by the fact that very few public sector
organisations in South Africa have procured systems to manage digital records.
Therefore, a question is how are digital records managed and stored in these
organisations to support e-government? Do public organisations entrust their records to
the cloud as an alternative storage given the fact that both physical and virtual storages
are a problem? If they do, how do they ensure accessibility, governance, security and
long-term preservation of records in the cloud? Utilising the Digital Curation Centre
(DCC) Lifecycle Model as a guiding framework, this qualitative study sought to
explore digital curation of records in the cloud to support e-government services in
South Africa with the view to propose a framework that would guide the public sector
to migrate records to the cloud storage. Semi-structured interviews were employed to
collect data from the purposively selected Chief Information Officers in the national
government departments that have implemented some of the electronic services such
as the Department of Arts and Culture, Department of Home Affairs, Department of
Higher Education and Training and the Department of Basic Education.
Furthermore, the National Archives and Records Services of South Africa was also
chosen as it is charged with the statutory regulatory role of records management in
governmental bodies. So is the State Information Technology Agency (SITA), a public
sector ICT company established in 1999 to consolidate and coordinate the state’s
information technology resources in order to achieve cost savings through scale,
increase delivery capabilities and enhance interoperability. Interview data were
augmented through document analysis of legislation and policies pertaining to data
storage. Data were analysed thematically and interpreted in accordance with the
objectives of the study. The key finding suggests that although public servants
informally and unconsciously put some records in the clouds, government departments in South Africa are sceptical to entrust their records to the cloud due to a number of
reasons, such as lack of policy and legislative framework, lack of trust to the cloud
storage, jurisdiction, legal implications, privacy, ownership and security risks. This
study recommends that given the evolution of technology, the government should
regulate cloud storage through policy and legislative promulgation, as well as
developing a government-owned cloud managed through SITA in order for all
government departments to use it. This study suggests a framework to migrate paperbased
records to cloud storage that is controlled by the government.Information ScienceD.Lit. et Phil. (Information Science