Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

GIS application to boost fish production in Nigeria

The paper discusses the application of Geographic Information System (GIS) to fisheries management. The paper presents the importance of the emerging technology of GIS and how it can be utilized to greatly speed up and make more efficient location optimizing processes and how the technology can allow for a through examination of the many spatially variable factors which might affect or control fish production both from aquaculture and inland fisheries in Nigeri

Major Indian ICT firms and their approaches towards achieving quality

Of the three basic theories of innovation: the entrepreneur theory, the technology-economics theory and the strategic theory, the third one seems to be highly appropriate for the analysis of recent growth of the information and communication technology (ICT) industry in many developing countries including India. The central measure for achieving quality by the various major Indian ICT firms is widely agreed to have been the adoption of Six Sigma Methodology and various other approaches like Total Quality Management (TQM), Supply Chain Management (SCM), Customer Relationship Management (CRM), etc. It is apparent that the main objective of the firms chosen has been to increase the pace of innovation activities, irrespective of their different areas of product specialisation. Its success also depends largely on the overall improvement in infrastructure, besides active market interaction. To enable both the above, a brief highlight on the establishment of interaction and learning sites (ILSs) in every regional State in India comes to the foreground. The chapter concludes with a mention of the elements observed to be missing among the firms under consideration, and, thereby, delineating the scope for their further improvement.

Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justifications are needed to operate securely and effectively in networked businesses. In this paper, we first compare a Risk-Based Requirements Prioritization method (RiskREP) with some requirements engineering and risk assessment methods based on their requirements elicitation and prioritization properties. RiskREP extends misuse case-based requirements engineering methods with IT architecture-based risk assessment and countermeasure definition and prioritization. Then, we present how RiskREP prioritizes countermeasures by linking business goals to countermeasure specification. Prioritizing countermeasures based on business goals is especially important to provide the stakeholders with structured arguments for choosing a set of countermeasures to implement. We illustrate RiskREP and how it prioritizes the countermeasures it elicits by an application to an action case

Critical success factors for e-tendering implementation in construction collaborative environments : people and process issues

The construction industry is increasingly engulfed by globalisation where clients, business partners and customers are found in virtually every corner of the world. Communicating, reaching and supporting them are no longer optional but are imperative for continued business growth and success. A key component of enterprise communication reach is collaborative environments (for the construction industry) which allows customers, suppliers, partners and other project team members secure access to project information, products or services they need at any given moment. Implementation of the stated critical success factors of the project is essential to ensure optimal performance and benefits from the system to all parties involved. This paper presents critical success factors for the implementation of e-tendering in collaborative environments with particular considerations given to the people issues and process factors

Iowa Department for the Blind Performance Report, FY 2006

Agency Performance Repor