Information Systems - Theses

Permanent URI for this collection

http://hdl.handle.net/11343/289

Filters

2010 - 2015 13
Reset filters

Settings
Statistics
Citations
End date: 2015 × Start date: 2010 × Type: PhD thesis ×

Search Results

Now showing 1 - 10 of 13
  • Item
    Thumbnail Image
    Strategic information security policy quality assessment : a multiple constituency perspective
    Maynard, Sean Brian. (University of Melbourne, 2010)
    An integral part of any information security management program is the information security policy. The purpose of an information security policy is to define the means by which organisations protect the confidentiality, integrity and availability of information and its supporting infrastructure from a range of security threats. The tenet of this thesis is that the quality of information security policy is inadequately addressed by organisations. Further, although information security policies may undergo multiple revisions as part of a process development lifecycle and, as a result, may generally improve in quality, a more explicit systematic and comprehensive process of quality improvement is required. A key assertion of this research is that a comprehensive assessment of information security policy requires the involvement of the multiple stakeholders in organisations that derive benefit from the directives of the information security policy. Therefore, this dissertation used a multiple-constituency approach to investigate how security policy quality can be addressed in organisations, given the existence of multiple stakeholders. The formal research question under investigation was: How can multiple constituency quality assessment be used to improve strategic information security policy? The primary contribution of this thesis to the Information Systems field of knowledge is the development of a model: the Strategic Information Security Policy Quality Model. This model comprises three components: a comprehensive model of quality components, a model of stakeholder involvement and a model for security policy development. The strategic information security policy quality model gives a holistic perspective to organisations to enable management of the security policy quality assessment process. This research contributes six main contributions as stated below: � This research has demonstrated that a multiple constituency approach is effective for information security policy assessment � This research has developed a set of quality components for information security policy quality assessment � This research has identified that efficiency of the security policy quality assessment process is critical for organisations � This research has formalised security policy quality assessment within policy development � This research has developed a strategic information security policy quality model � This research has identified improvements that can be made to the security policy development lifecycle The outcomes of this research contend that the security policy lifecycle can be improved by: enabling the identification of when different stakeholders should be involved, identifying those quality components that each of the different stakeholders should assess as part of the quality assessment, and showing organisations which quality components to include or to ignore based on their individual circumstances. This leads to a higher quality information security policy, and should impact positively on an organisation�s information security.
  • Item
    Thumbnail Image
    Towards intelligence-driven information security risk management: an intelligent information security method
    WEBB, JEB ( 2015)
    Information security risk management (ISRM) methods aim to protect organizational information infrastructure from a range of security threats using efficient and cost‐effective means. A review of the literature identified three common practical deficiencies that can undermine ISRM: (1) Information security risk identification is commonly perfunctory; (2) Information security risks are commonly estimated with little reference to the organization’s actual situation; and (3) Information security risk assessment is commonly performed on an intermittent, non‐historical basis. These deficiencies indicate that despite implementing “best practices,” organizations are likely to have inadequate situation awareness (SA) regarding their information security risk environments. SA is achieved by a decision‐maker in progressive stages. First, one perceives relevant elements of a situation. Once these situational elements are perceived, their intrinsic and contextual meanings can be comprehended in light of established knowledge. Optimal SA is achieved when the decision-maker knows and understands enough about relevant situational elements to project the future of the situation and its implications for operational goals and objectives. Supporting SA is a matter of supporting a decision‐maker’s ability to perceive, comprehend, and project. In ISRM, the general situations of interest are organizational information security risk environments. To answer the research question, “How can situation awareness be increased in information security risk management?” this thesis offers a design science artifact that supports perception, comprehension, and projection by means of a distributed intelligence collection and analysis effort. This artifact—the Intelligent Information Security Method—is the output of an in‐depth case study of the US Intelligence Community’s enterprise management structure, which was performed using publicly available, open source documents. The intelligence cycle, as executed by the US Intelligence Community, was modeled using Endsley’s SA theory and comparisons were then drawn between the US model and organizations to develop a risk management system for organizations. The Intelligent Information Security Method has two major dimensions. The primary (theoretical) dimension of the method is a high level process that explains how organizational SA can be achieved in general terms. The secondary (practical) dimension of the Method concerns the practical details—or “inner workings”—of this process, which are presented as a comprehensive information security risk management system design. This thesis makes a significant contribution to information security management theory by explaining management in the cognitive terms of SA, and then describing how an organizational intelligence production effort can be used to support managerial SA. The thesis makes a significant contribution to information security management practice by specifying a management system design that organizations can use to actually achieve this theoretical objective. The Intelligent Information Security Method can be used to improve the quality of ISRM in the implementing organization while simultaneously supporting the management and optimization of the organization’s business processes.
  • Item
    Thumbnail Image
    Designing digital memorials: commemorating the Black Saturday Bushfires
    Mori, Joji Cyrus ( 2015)
    Digital memorials are novel technologies used for commemorative purposes. There is a growing interest in their design amongst HCI researchers. Existing studies focus on commemorating deceased loved ones, where personal and familial remembrance is emphasised. However, there are fewer examples where digital memorials play a wider social and cultural role. Commemorating a war, terrorist attack, natural disaster or death of somebody of special significance such as a leader or even celebrity, are examples where commemoration extends beyond the personal and familial, and into broader social contexts. In these instances, it is likely that large numbers of people may wish to participate, from those with deeply personal reasons, to others with only a passing interest. This thesis examines the design of digital memorials for use in contexts where these diverse audiences come together in commemoration. This thesis presents three studies, in which commemoration following the Black Saturday bushfires was used as the setting for the research. The fires occurred in 2009 in Victoria, Australia. Asides the devastation caused to the natural environment, there were 173 fatalities and massive destruction caused to homes and other infrastructure. The first study was an exploratory study examining how people commemorated Black Saturday within the first two years after the fires. The findings extend current understandings of commemoration using technology by showing similarities between how people engage with physical and web-based memorials. The second study involved participants in fire-affected communities who were asked to generate design ideas for digital memorials to commemorate Black Saturday. The study contributed a novel craft-based approach to designing technology in the commemorative context. For the third study, a digital memorial was developed that included a website and internet-connected tablet computer app to commemorate the fourth anniversary of the fires. This technology was designed for both those within the fire-affected communities and those outside. The findings report on an evaluation of the experiences of those who engaged with the digital memorial. Selected findings from the three thesis studies are expressed as a set of five design considerations intended for future designers and researchers interested in digital memorials. These are: privacy, control and context collapse; considerations for symbolism and metaphoric representations; utilising physical locations; having sensitivity towards temporal patterns; and, designing for pace and asynchronicity.
  • Item
    Thumbnail Image
    Audience experience in domestic videogaming
    DOWNS, JOHN ( 2014)
    Videogames are frequently played socially, but not all participants actively play. Audience members observe gameplay, often participating and experiencing the game indirectly. While the existence of non-playing audience members has been previously acknowledged, there have been few attempts to understand what activities audience members engage in while watching videogames, or how their experience is affected by different aspects of the game and social situation. This thesis presents the first substantial body of empirical work on audience behaviour and experience in social videogaming sessions. Existing work was reviewed in a number of areas of literp.ature including the sociality of gameplay, the increasing role of physicality and physical actions in gameplay, and the role of audiences in HCI. Three studies were then conducted based on the research question: How do the sociality and physicality of videogaming sessions influence audience experience? An initial exploratory observational study (N = 6 families) examined the types of activities that audiences engage in while watching highly physical videogames in their homes. This study indicated that audience members can adopt a variety of ephemeral roles that provide them with opportunities to interact with one another, the players, and the game technology. Additionally, participants reported that the physicality of the gameplay heavily influenced their experience. The second study, a naturalistic experimental study (N = 134) consisted of a mixed-model analysis of the factors of game physicality and turn anticipation. Study 2 found that anticipation of a turn affects experience of both audience and player, and similarly found that highly physical games result in more positive audience experiences, although the relationship between physicality and experience is not straightforward. A third study, also an experiment (N = 24), examined the influence of game physicality and visual attention on audience experience within a mediated setting, and a cross-study comparison identified that there appears to be a strong interplay between social context and the experience of physicality. Overall, this thesis contributes an understanding of how sociality, physicality, and the interplay between the two can influence audience behaviour and experience. These findings can be used to inform the design of novel game and interactive experiences that incorporate physicality, turn anticipation, and opportunities for different types of participation in order to influence and enhance audience experience.
  • Item
    Thumbnail Image
    A model for digital forensic readiness in organisations
    ELYAS, MOHAMED ( 2014)
    Organisations are increasingly reliant upon information systems for almost every facet of their operations. As a result, there are legal, contractual, regulatory, security and operational reasons why this reliance often translates into a need to conduct digital forensic investigations. However, conducting digital forensic investigations and collecting digital evidence is a specialised and challenging task exacerbated by the increased complexity of corporate environments, diversity of computing platforms, and large-scale digitisation of businesses. There is agreement in both professional and academic literature that in order for organisations to meet this challenge, they must develop ‘digital forensic readiness’ – the proactive capability to collect, analyse and preserve digital information. Unfortunately, although digital forensic readiness is becoming a legal and regulatory requirement in many jurisdictions, studies show that most organisations have not developed a significant capability in this domain. A key issue facing organisations intending to develop a forensic readiness capability is the lack of comprehensive and coherent guidance in both the academic and professional literature on how forensic readiness can be achieved. A review of the literature conducted as part of this study found that the academic and professional discourse in forensic readiness is fragmented and dispersed in that it does not build cumulatively on prior knowledge and is not informed by empirical evidence. Further, there is a lack of maturity in the discourse that is rooted in the reliance on informal definitions of key terms and concepts. For example, there is little discussion and understanding of the key organisational factors that contribute to forensic readiness, the relationships between these factors and their precise definitions. Importantly, there is no collective agreement on the primary motivating factors for organisations to becoming forensically ready. Therefore, this research project proposes the following research questions: Research Question 1. What objectives can organisations achieve by being forensically ready? Research Question 2. How can forensic readiness be achieved by organisations? Which in turn suggests the following sub-questions: Sub-Question 2. What factors contribute to making an organisation forensically ready? Sub-Question 3. How do these factors interact to achieve forensic readiness in organisations? A systematic review approach and coding techniques have been utilised to synthesise key elements of the vast and largely fragmented body of knowledge in forensic readiness towards a more holistic and coherent understanding. This led to the development of a comprehensive model that explains how forensic readiness can be achieved and what organisations can achieve by being forensically ready. The proposed model has been extensively validated through multiple focus groups and a multi-round Delphi survey, which involved experienced computer forensic experts from twenty countries and diverse computer forensic backgrounds. The study found there to be four primary objectives for developing a forensic readiness capability: 1) to manage digital evidence; 2) to conduct internal digital forensic investigations; 3) to comply with regulations; and 4) to achieve other non-forensic related objectives (e.g. improve security management). The study also identified the factors that contribute to forensic readiness. These are: 1) a strategy that draws the map for a forensically ready system; 2) human expertise to perform forensic tasks; 3) awareness of forensics in organisational staff; 4) software and hardware to manage digital evidence; 5) system architecture that is tailored for forensics; 6) policies and procedures that outline forensic best practice; and 7) training to educate staff on their forensic responsibilities. Further, the study found three additional organisational factors external to the forensic program: 1) adequate support from senior management; 2) an organisational culture that is supportive of forensics; and 3) good governance. This study makes significant theoretical contributions by introducing a more comprehensive model for forensic readiness that is characterised by the following: 1) providing formal definitions to key concepts in forensic readiness; 2) describing the key factors that contribute to forensic readiness; 3) describing the relationships and interactions between the factors; 4) defining a set of dimensions and properties by which forensic readiness is characterised; and 5) describing the key objectives organisations can achieve by being forensically ready. The study also makes significant contributions to practice. A key attribute of the digital forensic readiness model is its depth (in terms of the various dimensions and properties of each factor), which enables its use as an instrument to assess and guide organisational forensic readiness. Furthermore, this research increases the marketability of forensic readiness by introducing a well-defined list of objectives organisations can achieve by developing a forensic capability.
  • Item
    Thumbnail Image
    Strategic information security policy quality assessment: a multiple constituency perspective
    MAYNARD, SEAN ( 2010)
    An integral part of any information security management program is the information security policy. The purpose of an information security policy is to define the means by which organisations protect the confidentiality, integrity and availability of information and its supporting infrastructure from a range of security threats. The tenet of this thesis is that the quality of information security policy is inadequately addressed by organisations. Further, although information security policies may undergo multiple revisions as part of a process development lifecycle and, as a result, may generally improve in quality, a more explicit systematic and comprehensive process of quality improvement is required. A key assertion of this research is that a comprehensive assessment of information security policy requires the involvement of the multiple stakeholders in organisations that derive benefit from the directives of the information security policy. Therefore, this dissertation used a multiple-constituency approach to investigate how security policy quality can be addressed in organisations, given the existence of multiple stakeholders. The formal research question under investigation was: How can multiple constituency quality assessment be used to improve strategic information security policy? The primary contribution of this thesis to the Information Systems field of knowledge is the development of a model: the Strategic Information Security Policy Quality Model. This model comprises three components: a comprehensive model of quality components, a model of stakeholder involvement and a model for security policy development. The strategic information security policy quality model gives a holistic perspective to organisations to enable management of the security policy quality assessment process. This research contributes six main contributions as stated below:  This research has demonstrated that a multiple constituency approach is effective for information security policy assessment  This research has developed a set of quality components for information security policy quality assessment  This research has identified that efficiency of the security policy quality assessment process is critical for organisations  This research has formalised security policy quality assessment within policy development  This research has developed a strategic information security policy quality model  This research has identified improvements that can be made to the security policy development lifecycle The outcomes of this research contend that the security policy lifecycle can be improved by: enabling the identification of when different stakeholders should be involved, identifying those quality components that each of the different stakeholders should assess as part of the quality assessment, and showing organisations which quality components to include or to ignore based on their individual circumstances. This leads to a higher quality information security policy, and should impact positively on an organisation’s information security.
  • Item
    Thumbnail Image
    A conceptual framework for competitive mobile content provision
    SULLIVAN, JOANNE ( 2012)
    Content provision via mobile technology platforms (such as smart mobile phones and tablet computers) raises interesting practical and research challenges for the field of Information Systems (IS). Much of the IS literature about mobile content provision is concerned with the ‘user experience’, with a particular focus on technology. In contrast, there is limited academic work looking at the ‘content’ component of the mobile experience. Quite often in information system development the content is seen as separate to the system and does not receive as much consideration. This study is specifically interested in how providers (such as newspapers, media companies and universities) can understand and then tailor content for delivery to users of mobile devices in ever-changing life contexts. This study proposes that it is the content that users come to the mobile platform to consume and which gives the experience much of its value and meaning. It is therefore through the development of appealing content offerings that content providers stand their best chance of establishing a competitive advantage on the mobile platform. In the mobile sphere content providers are observed focusing their efforts upon the development of micro information systems (in the form of mobile content offerings) which contain everything required by, and of value to the mobile technology user in the moment of use. These offerings are modular in nature (self-sufficient, but able to be associated with other systems) and geared towards helping users to optimize their quality of life. This study puts forward a theoretical framework for mobile content provision which describes and supports this modular, content-driven approach. This framework is both descriptive (detailing what providers are actually doing in relation to mobile content provision) and prescriptive, because the observations are taken further and a set of concepts, constructs and principles defined, to inform future IS research and to aid strategic decision-making about competitive content offering development and provision on the mobile platform. In particular, current IS theoretical frameworks and models, based on utility and user satisfaction, are no longer adequate ways for providers, researchers or developers to conceive the needs and expectations of mobile information system users. Instead, qualitative evidence shows that providers expect people to value and bond with mobile content offerings that help them to resolve everyday predicaments and contribute to their quality of life. This study therefore proposes the Continuous Quality of Life Optimization Principle as a better way to understand the complex, deeply personal, mobile content experience — and the predicament and bondability constructs as more effective ways to understand and then tailor content for delivery to users of mobile devices in ever-changing life contexts.
  • Item
    Thumbnail Image
    Computing relationships and relatedness between contextually diverse entities
    GRIESER, KARL ( 2011)
    When presented with a pair of entities such as a ball and a bat, a person may make the connection that both of these entities are involved in sport (e.g., the sports baseball or cricket, based on the individual's background), that the composition of the two entities is similar (e.g., a wooden ball and a wooden stick), or if the person is especially creative, a fancy dress ball where someone has come dressed as a bat. All of these connections are equally valid, but depending on the context the person is familiar with (e.g., sport, wooden objects, fancy dress), a particular connection may be more apparent to that person. From a computational perspective, identifying these relationships and calculating the level of relatedness of entity pairs requires consideration of all ways in which the entities are able to interact with one another. Existing approaches to identifying the relatedness of entities and the semantic relationships that exist between them fail to take into account the multiple diverse ways in which these entities may interact, and hence do not explore all potential ways in which entities may be related. In this thesis, I use the collaborative encyclopedia Wikipedia as the basis for the formulation of a measure of semantic relatedness that takes into account the contextual diversity of entities (called the Related Article Conceptual Overlap, or RACO, method), and describe several methods of relationship extraction that utilise the taxonomic structure of Wikipedia to identify pieces of text that describe relations between contextually diverse entities. I also describe the construction of a dataset of museum exhibit relatedness judgements used to evaluate the performance of RACO. I demonstrate that RACO outperforms state-of-the-art measures of semantic relatedness over a collection of contextually diverse entities (museum exhibits), and that the taxonomic structure of Wikipedia provides a basis for identifying valid relationships between contextually diverse entities. As this work is presented in regard to the domain of Cultural Heritage and using Wikipedia as a basis for representation, I additionally describe the process for adapting the principle of conceptual overlap for calculating semantic relatedness and the relationship extraction methods based on taxonomic links to alternate contextually diverse domains, and for use with other representational resources.
  • Item
    Thumbnail Image
    Information categorisation: an emergent approach
    Lamp, John William ( 2011)
    The explosion of information and of naive users on the Internet has highlighted problems of effective access to information. One response to the problem of effective access to information is to classify the information into categories based on the nature of the information being classified. Existing information classifications are typically developed by committees or imposed by organisations and have proved difficult to maintain. This investigation developed a two phase method to systematically determine and analyse information categories in a specific domain as perceived by domain experts. The initial phase, the Term Extraction Phase, applied the librarianship approach of literary warrant guided by Ingarden’s Ontology of Literature to research papers from a specific domain to discover what is studied in the domain. The approach is significant in that it draws upon rigorous and philosophically compatible bodies of work in two areas. Firstly, from work addressing the nature, existence, and categorisation of literary expression found in research papers. Secondly, from qualitative research methods addressing how meaningful terms can be analysed in text and related to each other. We have found that such a guiding ontological theory can be used to seed coding families giving rise to a viable method for generating categorisations for further research. We have also found that the key guiding unit of analysis operationalising Ingarden’s approach is the “reported research activity” and that the process is practical although labour intensive. The second phase, the Term Categorisation Phase, used the librarianship approach of consensus to have domain experts form categories from the terms generated in the first phase. Examining those categories using pairwise comparisons allowed the identification of similar categories based on the common categorisation of terms in the coding family. The pairwise comparisons were undertaken manually, but the development of an automated tool to perform these comparisons would enhance this aspect of the phase. Boisot’s Social Learning Cycle (SLC) was used as a model with which to explain category variations. The single performance of the Term Categorisation Phase undertaken in this investigation demonstrated the value of the SLC for explaining the variations between domain experts, and showed the potential for explaining category changes over time using the SLC and repeated performances of the Term Categorisation Phase. This investigation makes a number of contributions. The investigation demonstrated that the two librarianship approaches of literary warrant and consensus are not necessarily mutually exclusive and that both have much to offer at different stages of the categorisation process. A method was devised which provides a more rigorous and systematic approach to analysing and categorising text. The method consists of two phases which are loosely coupled and could be used independently. A very significant aspect is the ability to view categorisation as a dynamic process. That enables the examination of categorisation and classification schemes and for the identification of areas within those schemes which require attention. The method is not a tool to develop a complete classification scheme, but seeks to contribute insights on how to progress the development of mature schemes.
  • Item
    Thumbnail Image
    Designing sports: exertion games
    Mueller, Florian (Floyd) ( 2010)
    Exertion games are computer games that require intense physical effort from its users. Unlike traditional computer games, exertion games offer physical health benefits in addition to the social benefits derived from networked games. This thesis contributes an understanding of exertion games from an interaction design perspective to support researchers analysing and designers creating more engaging exertion games. Playing with other participants can increase engagement and hence facilitate the associated benefits. Computer technology can support such social play by expanding the range of possible participants through networking advances. However, there is a lack of understanding how technological design can facilitate the relationship between exertion and social play, especially in mediated environments. In response, this thesis establishes an understanding of how mediating technology can support social exertion play, in particular when players are in geographically distant locations. This understanding is forged through the design of three “sports over a distance” games. The experience of engaging with them was studied qualitatively to gain a rich understanding of how design facilitates social play in exertion games. The three games “Jogging over a Distance”, “Table Tennis for Three”, and “Remote Impact - Shadowboxing over a Distance” allow investigating different perspectives of mediated exertion play, since they represent three categories of richness on a social play continuum across both the virtual and the physical world. Studies of the experience of engaging with the three games resulted in an exertion framework that consists of six conceptual themes framed by four perspectives on the body and three on games. A fourth study demonstrated that the understanding derived from the investigation of the use and design of the games can support designers and researchers with the analysis of existing games and aid the creative process of designing new exertion games. This thesis provides the first understanding of how technology design facilitates social play in exertion games. In doing so, it expands our knowledge of how to design for the active body, broadening the view of the role of the body when interacting with computers. Offering an increased understanding of exertion games enables game designers to create more engaging games, hence providing players more reasons to exert their bodies, supporting them in profiting from the many benefits of exertion.