An Optimized Dynamic Process Model of IS Security Governance Implementation

The year 2011 has witnessed a lot of high profiles data breaches despite the availability of IS security and governance controls, frameworks, standards and models for organisations to choose from; and the technical advances made in intrusion prevention and detection. Taking this issue into account the objective of this paper is to identify and analyse the weaknesses in the IS security defences of organisations from a holistic perspective, and propose a dynamic IS security governance process model for the implementation of appropriate controls and mechanisms for optimised IS security. Optimization is achieved through the strategic overlap of security and governance frameworks implemented in a prioritized phased manner for efficiency and effectiveness in cost, time and effort. The paper starts with the analysis of data breaches to identify the weaknesses in the organisational information system. This is followed by the analysis of recommended requirements and dimensions of effective IS security architecture, IS governance, concepts and models to identify relevant frameworks used in IS security and governance. Thereafter, the best practices for implementing the model is evaluated and finally the frameworks and IS entities are integrated into an optimized Information Systems Security and Governance (ISSG) process model

Correlating Architecture Maturity and Enterprise Systems Usage Maturity to Improve Business/IT Alignment

This paper compares concepts of maturity models in the areas of Enterprise Architecture and Enterprise Systems Usage. We investigate whether these concepts correlate, overlap and explain each other. The two maturity models are applied in a case study. We conclude that although it is possible to fully relate constructs from both kinds of models, having a mature architecture function in a company does not imply a high Enterprise Systems Usage maturity

A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies, but it also comes with its challenges - such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.Comment: 6 Page

Digital maturity variables and their impact on the enterprise architecture layers

This study examines the variables of digital maturity of companies. The framework for enterprise architectures Archimate 3.0 is used to compare the variables. The variables are assigned to the six layers of architecture: Strategy, Business Environment, Applications, Technology, Physical and Implementation and Migration. On the basis of a literature overview, 15 “digital maturity models” with a total of 147 variables are analyzed. The databases Scopus, EBSCO – Business Source Premier and ProQuest are used for this purpose

Efficient systems for the securities transaction industry : a framework for the European Union

This paper provides a framework for the securities transaction industry in the EU to understand the functions performed, the institutions involved and the parameters concerned that shape market and ownership structure. Of particular interest are microeconomic incentives of the industry players that can be in contradiction to social welfare. We evaluate the three functions and the strategic parameters - the boundary decision, the communication standard employed and the governance implemented - along the lines of three efficiency concepts. By structuring the main factors that influence these concepts and by describing the underlying trade-offs among them, we provide insight into a highly complex industry. Applying our framework, the paper describes and analyzes three consistent systems for the securities transaction industry. We point out that one of the systems, denoted as 'contestable monopolies', demonstrates a superior overall efficiency while it might be the most sensitive in terms of configuration accuracy and thus difficult to achieve and sustain