The recognition and application of security risk management in corporate governance

Security as a profession and discipline has emerged principally in the later half of the twentieth century and has developed to become a more defined, usual, respectable and visual part of management. This study aimed to determine the degree of recognition and application of security risk management to corporate governance practices in Australia. Formal research design used descriptive research methodology, consisting of a literature review, primary document analysis and a questionnaire survey to collect data. This research was contrasted to a Corporate Governance Security Model formulated to determine if the model is applicable to the recognition, or application, of a security function to the Australian Stock Exchange (\u27ASX\u27) Corporate Governance principles. A major finding of this study is that security functions and responsibilities are poorly recognised and documented by Australia\u27s largest public company boards. A majority of directors will have no experience or qualifications in security risk management and this is likely to be reflected down through the organisation resulting in low to medium security awareness and culture. Corporate governance statements from companies listed on the ASX/S&P 200 strongly suggests that security related risks are not widely considered as part of the corporate governance framework. With limited application of security in the corporate governance framework, there is less focus on security related behaviour within the codes of conduct held by a majority of public companies. This can have an adverse impact on corporate ethics, internal controls and crisis response capabilities. The study developed a model which implements security risk management functions to the corporate governance framework in order to formally recognise and promote effective management of security risk and compliance. Applying security as a business process to support long term revenue was found to benefit corporate reputation and compliments other risk and business management practices. Security of information and confidentiality is enhanced to encourage reports of misconduct within the company, generating a security and reporting culture. Security functions are currently limited to form part of internal controls within the operating environment and generally viewed as a cost centre which does not contribute to revenue. Security functions are not holistically applied across the organisation or within the corporate governance framework. There are a number of recommendations resulting from the study and are primarily concerned with the continued need for research into the application and recognition of security within the hierarchy of executive and business management

Digitizing grey portions of e-governance

Purpose: The purpose of this research paper is to assess e-governance efficacy in various sectors of India. The paper develops on Grey System Theory (GST) methodology and enlightens grey portions of e-governance in select sectors. Research study identifies few grey criteria which affect implementation of information and communication technology (ICT) applications to support sustainable e-governance. Such criteria are related to information security breaches, information technology (IT) policy implementation, investments and strategic advantages for the various sector developments. Design/methodology/approach: Considering “information” as a sensitive element to security for administration and part of dark portion to Indian economy, GST-based COmplex PRroportional ASsessment (COPRAS-G) method is adopted to assess the e-governance efficacy. The method provides flexible multicriteria decision-making (MCDM) approach to assess e-governance in prioritizing the sector alternatives of future strategic development. Priority order of select sectors is estimated, and COPRAS-G method is used in the research study to support decision-making on e-governance. Study compares ten major gross domestic product-dependent sectors based on few grey criteria. These criteria are chosen based on authors’ perspective on this study and feedback received from government officials of district levels under the Digital India-training programme. To address the subjectivity that lies in e-governance grey areas of sector, criteria are also weighted using fuzzy scale. Later methodology-based results are presented to draw a strategic road map for strategic development of the country. Findings: On applying COPRAS-G method to predict pessimistic, optimistic and realistic scenarios of e-governance implementation across the ten sectors, high priory order in realistic scenario of results shows that implementation of ICT applications for e-governance should be in the sectors such as environment, climate change and in the railways. Industrial sector is also ranked as the preferred one over the other sectors on the basis of e-governance efficacy assessment. Research limitations/implications: Here COPRAS-G method is used as MCDM techniques. However, few other MCDM techniques such as GRA, DRSA, VIKOR, SMAA, SWARA and SAW can be also explored to outrank various Indian sectors to deal with subjectivity in decision-making. Practical implications: Implementation of ICT applications to support e-governance varies from sector to sector. ICT-based governance involves high degree of complexity in driving the operations for development of respective sectors. Therefore, government and policymakers need more flexibility to overcome present barriers of sector development. Such research can support decision-making where GST-based COPRAS-G method is able to capture and address the breaches of information security. Moreover, management concern for sector development has been presented on the basis of pessimistic, optimistic and realistic scenarios more precisely. Social implications: The results can provide guidance to the academicians, policymakers and public sectors highlighting various possible measures to handle the security breaches in multi-facet intention of sustainable development. The outcomes from MCDM framework can also help in drawing a rough trajectory of strategy, i.e. development of ICTs applications and e-governance process. Originality/value: This paper can supplement and act as the support for decision-making in conflicting situations on different flexible scenarios. Moreover, such work can synergize conflicting ideas of decision makers, academics and various other stakeholders of the Indian IT sector

Aligning information security with the image of the organization and prioritization based on fuzzy logic for the industrial automation sector

This paper develops the strategic alignment of organizational behavior through the organizations´ image, prioritization and information security practices. To this end, information security is studied based on the business requirements of confidentiality, integrity and availability by applying a tool which integrates the strategic, tactical and operational vision through the following framework: Balanced Scorecard - BSC (strategic) x Control Objectives for Information and Related Technology - COBIT (tactical) x International Organization for Standardization - ISO/International Electro Technical Commission - IEC27002 (operational). Another image instrument of the organization is applied in parallel with this analysis to identify and analyze performance involving profiles related to mechanistic, psychic prisons, political systems, instruments of domination, organisms, cybernetics, flux and transformation (MORGAN, 1996). Finally, a model of strategic prioritization, based on compensatory fuzzy logic (ESPIN and VANTI, 2005), is applied. The method was applied to an industrial company located in southern Brazil. The results with the application show two organizational images: "organism" and "flux and transformation ". The strategic priorities indicated a significant search for new business services and international markets. Regarding protection of information, security found the gap between "minimum" and "Reasonable" and in domain 8 (HR) of standard ISO/IEC27002, considered 71% protection as "inappropriate" and "minimal" in the IT Governance context

Visual Analytics in Software Maintenance:Challenges and Opportunities

Visual analytics (VA) is an emerging science at the crossroads of data and information visualization, graphics, data min-ing, and knowledge representation, with many successful applications in engineering, business and finance, security, geo-sciences, and e-governance and health. Tools using visualization, data mining, and data analysis are also prominently present in a different field: software maintenance. However, an integrated VA is relatively new for this field. In this paper, we discuss the specific challenges and particularities of applying VA in software engineering, highlight the added value of a VA approach, as distilled by us from several large-scale software engineering industrial projects. 1

Multicriteria analysis of the compliance for the improvement on information security

ABSTRACT: Information security is a current issue of protection of information assets that considers significant variables of a strategic, organizational and IT governance nature, and that requires to analyze the compliance with international standards that regulate business actions. In this way, the work analyzes institutional compliance to improve information security applying the Analytic Hierarchy Process methodology to the specific practices defined in ISO/IEC 27002:2013. Expert Choice has been used as Decision Support Systems that has generated as a result the ranking of priorities of the criteria and alternatives used in the decisional process. It has been later applied in a medium-sized Brazilian industrial company. The results identify that the main security practice is the one related to the independent critical analysis of information security

An Assessment of the Commission’s 2011 Schengen Governance Package: Preventing abuse by EU member states of freedom of movement? CEPS Liberty and Security in Europe No. 47, 26 March 2012

The Schengen system has been at the centre of sharp controversy throughout 2011 and the early months of 2012 arising from attempts by several member state governments to challenge the right to the free movement of persons and the abolition of internal border checks. The speech delivered by Nicolas Sarkozy early this month (March 2012), as part of the French presidential campaign, in which he threatened to suspend France’s participation in Schengen illustrates this phenomenon. This paper examines the European Commission’s response to the Schengen controversies, namely the Schengen Goverance Package published in September 2011 and currently under negotiation in Council and the European Parliament. It assesses the scope and added value of the Package’s two new legislative proposals (a new Schengen evaluation mechanism and revised rules for restating internal border checks) by looking at the origins and features of the debate surrounding liberty of circulation in the Schengen area. The paper addresses the following questions: first, are these new rules necessary and appropriate to effectively respond to unlawful security derogations and restrictions to liberty of circulation? Second, would their adoption provide an effective response to current and future political tensions and national governments’ policies against free movement, such as those evidenced in 2011 and 2012 and for them to expand to other member states? And finally, is the Schengen Governance Package well designed to safeguard the free movement of persons, or is it rather oriented towards further strengthening the security apparatus of Schengen

Criteria to monitor the poverty alleviation, empowerment and institutional performance of equity-share schemes in South African agriculture

This paper extends a previous study in South Africa aimed at developing methodology for assessing the performance of equity-share schemes. The previous study proposed four broad criteria to measure performance: poverty alleviation; empowerment and participation; institutional arrangements and governance; and financial performance. This paper does not aim to assess the performance of existing equity-share schemes but to develop a methodology for the first three criteria based on empirical analysis of data gathered in 2004 from a land reform project in the Midlands of KwaZulu-Natal and seven established equity-share schemes in the Western Cape. Poverty alleviation is measured using a transition matrix of households grouped by four different symptoms of poverty: current income, wealth, health and a principal component index of housing quality. Eight categories of indicators are recommended for empowerment and participation: control and ownership; skills transfer; understanding; information; outcomes; trust; outreach; and participation. A scorecard applying norms based on empirical evidence gathered at the equity-share schemes in the Western Cape is used to test the indicators. A scorecard approach is also applied to institutional arrangements and governance, which are measured using three categories of indicators: accountability, transparency and property rights. The proposed performance measures are relevant, manageable in number and have feasible norms based on empirical evidence. These indicators and their norms need to be tested on a wider scale and monitored over time. Future research should be undertaken to determine weights for the empowerment and institutional indicators.Food Security and Poverty,

Governing cyber security through networks : an analysis of cyber security coordination in Belgium

While governments develop formal and informal structures or 'networks' to promote collaboration between governmental departments and agencies, there remains uncertainty on how to set up and develop cyber security networks. The latter is demonstrated when taking recent developments in the field of cyber security in Belgium into consideration. The 2012 decision to create the Belgian cyber security centre seems to entail a move towards a 'Weberian' hierarchical network coordination approach rather than the development of a cyber security network organisation. This article claims that - as the threats of cyber are becoming more complex - there is a growing need for governmental agencies to expand horizontal coordination mechanisms. From this follows, the growing demand for criminological research into the managerial aspects of cyber security networks. Generating knowledge on how to manage networks is required as the latter is not only decisive for the effectiveness and efficiency of cyber security networks but also contributes to the overall network cyber security governance

Governing cyber security through networks : an analysis of cyber security coordination in Belgium

While governments develop formal and informal structures or 'networks' to promote collaboration between governmental departments and agencies, there remains uncertainty on how to set up and develop cyber security networks. The latter is demonstrated when taking recent developments in the field of cyber security in Belgium into consideration. The 2012 decision to create the Belgian cyber security centre seems to entail a move towards a 'Weberian' hierarchical network coordination approach rather than the development of a cyber security network organisation. This article claims that - as the threats of cyber are becoming more complex - there is a growing need for governmental agencies to expand horizontal coordination mechanisms. From this follows, the growing demand for criminological research into the managerial aspects of cyber security networks. Generating knowledge on how to manage networks is required as the latter is not only decisive for the effectiveness and efficiency of cyber security networks but also contributes to the overall network cyber security governance