Information Systems Audit for University Governance in Bucharest Academy of Economic Studies

Today’s successful audit leaders never lose sight of the importance of continually assessing and improving the organizations’ university governance structure. Focusing on small and large mission, and using practical exercises and individual activities, the auditors will help gain the skills necessary to review and improve university governance structure, while developing techniques to assess risk management activities. Attendees will leave with an understanding of legal and regulatory guidelines as they pertain to university governance and discuss in-depth issues such as business ethics, transparency and disclosure, IT governance and university risks management. Identification, evaluation and management of university risks, is an important element of the university governance system. Today, the Bucharest Academy of Economic Studies is in a complex process to realize a university governance integrate information system. In context of this paperwork there are presented the main aspects for developing and implementing in actual phase information systems audit, to recognize the risks and establish the necessary measures to eliminate them.University Governance, IT Governance, IS Audit, Risks Management, Performance

Control of industrial accidents in Saudi Arabia

An information-based solution is proposed that will aid fire-fighters and other emergency service personnel in their control of industrial accidents in Saudi Arabia. The integration of databases and geographic information systems (GIS) through dynamic data exchange (DDE) creates an informatics tool with more general usability. Further, web enabled information exchange about hazardous materials is interfaced with the proposed information system. The resulting 'Industrial Incidents Administration System' (IIAS) is a paperless, user-centred, secure method for information exchange able to preserve information between the Civil Defence and Industrial Sectors in Saudi Arabia using state of the art electronic sources and resources. Three main needs were identified in the design phase of HAS: the information architecture of the data repositories in a form that retains semantic and syntactic values; a rapid-access database for planning decisions; and, an online transactional database for frequent updating. In order to achieve the HAS, the following technologies were exploited and integrated. Online data exchange through the use of an Information Bus system architecture; a local database which contains five subsystems; and the GIS application. Interoperability was an important feature of the proposed solution. In order to better understand and satisfy user needs, the prototype system was implemented and evaluated. The purpose of this prototype was to receive feedback from users to understand their needs. The feedback received helped to improve, as well as add, new functionalities to the HAS. In this study, we presented results and experiences of conducting two well known evaluation techniques heuristic evaluation and cognitive walk-through. The two methods employed complemented each other very well, the first giving feedback from end-users needs, and the second revealing deficiencies in usability in the system. The study provided convincing information for improving the current version of HAS

Governing information security within the context of "bring your own device" in small, medium and micro enterprises

Throughout history, information has been core to the communication, processing and storage of most tasks in the organisation, in this case in Small-Medium and Micro Enterprises (SMMEs). The implementation of these tasks relies on Information and Communication Technology (ICT). ICT is constantly evolving, and with each developed ICT, it becomes important that organisations adapt to the changing environment. Organisations need to adapt to the changing environment by incorporating innovative ICT that allows employees to perform their tasks with ease anywhere and anytime, whilst reducing the costs affiliated with the ICT. In this modern, performing tasks with ease anywhere and anytime requires that the employee is mobile whilst using the ICT. As a result, a relatively new phenomenon called “Bring Your Own Device” (BYOD) is currently infiltrating most organisations, where personally-owned mobile devices are used to access organisational information that will be used to conduct the various tasks of the organisation. The use of BYOD in organisations breeds the previously mentioned benefits such as performing organisational tasks anywhere and anytime. However, with the benefits highlighted for BYOD, organisations should be aware that there are risks to the implementation of BYOD. Therefore, the implementation of BYOD deems that organisations should implement BYOD with proper management thereof

Governing information security within the context of "bring your own device" in small, medium and micro enterprises

Throughout history, information has been core to the communication, processing and storage of most tasks in the organisation, in this case in Small-Medium and Micro Enterprises (SMMEs). The implementation of these tasks relies on Information and Communication Technology (ICT). ICT is constantly evolving, and with each developed ICT, it becomes important that organisations adapt to the changing environment. Organisations need to adapt to the changing environment by incorporating innovative ICT that allows employees to perform their tasks with ease anywhere and anytime, whilst reducing the costs affiliated with the ICT. In this modern, performing tasks with ease anywhere and anytime requires that the employee is mobile whilst using the ICT. As a result, a relatively new phenomenon called “Bring Your Own Device” (BYOD) is currently infiltrating most organisations, where personally-owned mobile devices are used to access organisational information that will be used to conduct the various tasks of the organisation. The use of BYOD in organisations breeds the previously mentioned benefits such as performing organisational tasks anywhere and anytime. However, with the benefits highlighted for BYOD, organisations should be aware that there are risks to the implementation of BYOD. Therefore, the implementation of BYOD deems that organisations should implement BYOD with proper management thereof

Internet Safety and Security Surveys - A Review

www.imm.dtu.d

OPEN GOVERNMENT AT GRASSROOTS LEVEL GOVERNMENT: E-GOVERNMENT SUCCESS FACTORS IN THE VILLAGE OF PEJAMBON, BOJONEGORO

The Government of Bojonegoro Regency was an Indonesia representative in Open Government Partnership (OGP) of Subnational Government Pilot Program. This achievement raised new energy to implement openness in rural government. This policy was also in line with Rural Law. Mean while, to implement government openness, the use of e-Government was highly prioritized. By e-Government, the governance would be effective and efficient. However, only one of 419 villages in Bojonegoro succesded in implementing government openness, that was Pejambon Village. This village won the best website in East Java in 2016 and 2017. There after, it took the first place as the most informative and transparant village in national level in 2018. This research uses qualitative descriptive research methods. The results show that in general the success of E-Government implementation in the open government in Pejambon village is influenced by three main factors. First governing factors that include vision, leadership, and funding. Second, organizational factors that include policy, human resources, and collaboration. Third, technical factors that include IT infrastructure and IT standars. However, there are some indicators that need to get attention and improved by the village government of Pejambon, namely Funding, human resources, and IT infrastructure. If not immediately handled seriously, the future will impede the implementation of open government in Pejambon village.Keywords: Open Government, Succes Factors, e-Government, Grassroots, Villag

Technical and governance considerations for Advanced Metering Infrastructure/smart meters: technology, security, uncertainty, costs, benefits, and risks

The fundamental role of policymakers when considering Advanced Metering Infrastructure (AMI), or 'smart meters for energy and water infrastructure is to investigate a broad range of complex interrelated issues. These include alternative technical and non-technical options and deployment needs, the cost and benefits of the infrastructure (risks and mitigation measures), and the impact of a number of stakeholders: consumers, distributors, retailers, competitive market operators, competing technology companies, etc. The scale and number of potential variables in the AMI space is an almost unprecedented challenge to policymakers, with the anticipation of new ancillary products and services, associated market contestability, related regulatory and policy amendments, and the adequacy of consumer protection, education, and safety considerations requiring utmost due-diligence. Embarking on AMI investment entails significant technical, implementation, and strategic risk for governments and administering bodies, and an active effort is required to ensure AMI governance and planning maximises the potential benefits, and minimise uncertainties, costs, and risks to stakeholders. This work seeks to clarify AMI fundamentals and discusses the technical and related governance considerations from a dispassionate perspective, yet acknowledges many stakeholders tend to dichotomise debate, and obfuscate both advantages and benefits, and the converse

Innovation-ICT-cybersecurity: The triad relationship and its impact on growth competitiveness

This study examines the global growth competitiveness of countries using the dynamics of growth, ICT, and innovation. It also introduces a new dynamic, cybersecurity, and argues that within a growth competitiveness framework, ICT, innovation, and cybersecurity mechanisms allow some countries to achieve higher ranks on the competitiveness ladder than others. Based on a theoretical framework that encompasses the economic growth model, the complementarity theory, and the international law theory, a model that integrates ICT, innovation, and cybersecurity, depicts the relationships amongst them and with growth competitiveness, and incorporates complementary factors with possible moderating effect is presented. The model proposed relationships are then tested using PLS-PM. The model proves to have adequate goodness-of-fit as well as predictive validity. Results support most hypotheses showing: (1) a positive relationship between ICT and innovation; (2) a positive relationship between each of innovation and ICT with growth competitiveness; (3) a mediating effect of innovation has in the ICT – growth competitiveness relationship; (4) a positive relationship between ICT and innovation on one hand and cybersecurity on the other; (5) a mediating role of cybersecurity in the ICT – growth as well as the innovation – growth relationships; and the (6) moderating effect that human capital has in the above relationships. Cyber threats, however, do not have a moderator role in these relationships. These findings are interpreted in relation to the extant body of knowledge related to ICT, innovation, and cybersecurity. Moreover, the theoretical and the practical implications are discussed and the practical significance is shown. Finally, the study limitations are listed, the recommendations are presented, and the direction for future work is discussed

From Russia with Love: Understanding the Russian Cyber Threat to U.S. Critical Infrastructure and What to Do about It

I. Introduction II. A Short History of Russian Hacking of U.S. Government Networks and Critical Infrastructure III. Unpacking the Ukraine Grid Hacks and Their Aftermath IV. Analyzing Policy Options to Help Promote the Resilience of U.S. Government Systems and Critical Infrastructure ... A. Contextualizing and Introducing Draft Version 1.1 of the NIST Cybersecurity Framework ... B. Operationalizing International Cybersecurity Norms on Critical Infrastructure ... C. Deterrence and a Path Forward ... 1. Publicize Benefits as Applied … 2. Publicize Exercise Results ... 3. Publicize Updates V. Conclusio