Information Systems - Theses

Permanent URI for this collection

http://hdl.handle.net/11343/289

Filters

Reset filters

Settings
Statistics
Citations
End date: 2014 ×

Search Results

Now showing 1 - 10 of 27
  • Item
    Thumbnail Image
    Strategic information security policy quality assessment : a multiple constituency perspective
    Maynard, Sean Brian. (University of Melbourne, 2010)
    An integral part of any information security management program is the information security policy. The purpose of an information security policy is to define the means by which organisations protect the confidentiality, integrity and availability of information and its supporting infrastructure from a range of security threats. The tenet of this thesis is that the quality of information security policy is inadequately addressed by organisations. Further, although information security policies may undergo multiple revisions as part of a process development lifecycle and, as a result, may generally improve in quality, a more explicit systematic and comprehensive process of quality improvement is required. A key assertion of this research is that a comprehensive assessment of information security policy requires the involvement of the multiple stakeholders in organisations that derive benefit from the directives of the information security policy. Therefore, this dissertation used a multiple-constituency approach to investigate how security policy quality can be addressed in organisations, given the existence of multiple stakeholders. The formal research question under investigation was: How can multiple constituency quality assessment be used to improve strategic information security policy? The primary contribution of this thesis to the Information Systems field of knowledge is the development of a model: the Strategic Information Security Policy Quality Model. This model comprises three components: a comprehensive model of quality components, a model of stakeholder involvement and a model for security policy development. The strategic information security policy quality model gives a holistic perspective to organisations to enable management of the security policy quality assessment process. This research contributes six main contributions as stated below: � This research has demonstrated that a multiple constituency approach is effective for information security policy assessment � This research has developed a set of quality components for information security policy quality assessment � This research has identified that efficiency of the security policy quality assessment process is critical for organisations � This research has formalised security policy quality assessment within policy development � This research has developed a strategic information security policy quality model � This research has identified improvements that can be made to the security policy development lifecycle The outcomes of this research contend that the security policy lifecycle can be improved by: enabling the identification of when different stakeholders should be involved, identifying those quality components that each of the different stakeholders should assess as part of the quality assessment, and showing organisations which quality components to include or to ignore based on their individual circumstances. This leads to a higher quality information security policy, and should impact positively on an organisation�s information security.
  • Item
  • Item
    Thumbnail Image
    Data modeling : description or design?
    Simsion, Graeme C. (University of Melbourne, 2006)
  • Item
    Thumbnail Image
    Data modeling : description or design?
    Simsion, Graeme C. (University of Melbourne, 2006)
  • Item
    Thumbnail Image
    Audience experience in domestic videogaming
    DOWNS, JOHN ( 2014)
    Videogames are frequently played socially, but not all participants actively play. Audience members observe gameplay, often participating and experiencing the game indirectly. While the existence of non-playing audience members has been previously acknowledged, there have been few attempts to understand what activities audience members engage in while watching videogames, or how their experience is affected by different aspects of the game and social situation. This thesis presents the first substantial body of empirical work on audience behaviour and experience in social videogaming sessions. Existing work was reviewed in a number of areas of literp.ature including the sociality of gameplay, the increasing role of physicality and physical actions in gameplay, and the role of audiences in HCI. Three studies were then conducted based on the research question: How do the sociality and physicality of videogaming sessions influence audience experience? An initial exploratory observational study (N = 6 families) examined the types of activities that audiences engage in while watching highly physical videogames in their homes. This study indicated that audience members can adopt a variety of ephemeral roles that provide them with opportunities to interact with one another, the players, and the game technology. Additionally, participants reported that the physicality of the gameplay heavily influenced their experience. The second study, a naturalistic experimental study (N = 134) consisted of a mixed-model analysis of the factors of game physicality and turn anticipation. Study 2 found that anticipation of a turn affects experience of both audience and player, and similarly found that highly physical games result in more positive audience experiences, although the relationship between physicality and experience is not straightforward. A third study, also an experiment (N = 24), examined the influence of game physicality and visual attention on audience experience within a mediated setting, and a cross-study comparison identified that there appears to be a strong interplay between social context and the experience of physicality. Overall, this thesis contributes an understanding of how sociality, physicality, and the interplay between the two can influence audience behaviour and experience. These findings can be used to inform the design of novel game and interactive experiences that incorporate physicality, turn anticipation, and opportunities for different types of participation in order to influence and enhance audience experience.
  • Item
    Thumbnail Image
    Strategies to manage the influences from persuasive technologies: the case of self-monitoring and social comparison
    ROSAS, PEDRO ( 2014)
    Persuasive technologies are systems designed to support and motivate people to adopt, maintain or change their behaviours. Persuasive systems deliver influences to the user containing information that aims to: 1) trigger the user’s emotions, 2) convince the user with information, and/or 3) raise the user’s awareness of the importance of changing a behaviour. Though it is generally expected that the influences delivered by a persuasive technology will trigger motivation; the theory of cognitive appraisal and coping with stress, proposed by Lazarus and Folkman (1984) shows that when people are exposed to influences they can also experience undesired pressure. When individuals experience such undesired pressure they will often implement personal strategies that are attempts to avoid, control, tolerate and/or accept the influence, and the effects that the influence can cause. Whilst the persuasive technology literature reports on how users of persuasive systems interpret an influence as either motivating or adverse, there is a lack of understanding in the current literature on how users can employ strategies to manage the influences from persuasive systems. The aim of this thesis is to explore the strategies that users employ when interacting with a persuasive technology. The present research uses the case of sports technologies that combine the persuasive design principles (PDPs) of self-monitoring and social comparison. Using the aforementioned case allows this research to better understand the use of strategies when persuasive systems deliver influences in two different conditions. The first condition being when a system delivers the influences from self-monitoring and social comparison in different times and contexts, and the second condition being when a single technological platform simultaneously delivers the influences from self-monitoring and social comparison. Through two qualitative studies this research discovered the use of 12 strategies that aimed to 1) manage the influences delivered by the persuasive systems and, 2) manage the effects caused by the influences. The strategies that were used to manage the influences were aimed at preventing the user from experiencing the side effects that the influence could cause. The strategies that were used to manage the effects caused by the influences aimed at alleviating the unpleasant feelings and effects caused by the influences. The findings of the present research have contributed to a better understanding of how users employed strategies to manage the influences from persuasive systems and, the effects that the influences can generate. Furthermore, this thesis explains the use of strategies as a form of appropriating the persuasive system, where users had to perform additional tasks to avoid adverse effects from the influences. The findings extend current knowledge of the design of persuasive technologies by using strategies as a design tool to identify flaws in the persuasive design. Finally this research highlights the importance of tailoring the persuasive system to both the user and the specific physical activity to be performed.
  • Item
    Thumbnail Image
    A model for digital forensic readiness in organisations
    ELYAS, MOHAMED ( 2014)
    Organisations are increasingly reliant upon information systems for almost every facet of their operations. As a result, there are legal, contractual, regulatory, security and operational reasons why this reliance often translates into a need to conduct digital forensic investigations. However, conducting digital forensic investigations and collecting digital evidence is a specialised and challenging task exacerbated by the increased complexity of corporate environments, diversity of computing platforms, and large-scale digitisation of businesses. There is agreement in both professional and academic literature that in order for organisations to meet this challenge, they must develop ‘digital forensic readiness’ – the proactive capability to collect, analyse and preserve digital information. Unfortunately, although digital forensic readiness is becoming a legal and regulatory requirement in many jurisdictions, studies show that most organisations have not developed a significant capability in this domain. A key issue facing organisations intending to develop a forensic readiness capability is the lack of comprehensive and coherent guidance in both the academic and professional literature on how forensic readiness can be achieved. A review of the literature conducted as part of this study found that the academic and professional discourse in forensic readiness is fragmented and dispersed in that it does not build cumulatively on prior knowledge and is not informed by empirical evidence. Further, there is a lack of maturity in the discourse that is rooted in the reliance on informal definitions of key terms and concepts. For example, there is little discussion and understanding of the key organisational factors that contribute to forensic readiness, the relationships between these factors and their precise definitions. Importantly, there is no collective agreement on the primary motivating factors for organisations to becoming forensically ready. Therefore, this research project proposes the following research questions: Research Question 1. What objectives can organisations achieve by being forensically ready? Research Question 2. How can forensic readiness be achieved by organisations? Which in turn suggests the following sub-questions: Sub-Question 2. What factors contribute to making an organisation forensically ready? Sub-Question 3. How do these factors interact to achieve forensic readiness in organisations? A systematic review approach and coding techniques have been utilised to synthesise key elements of the vast and largely fragmented body of knowledge in forensic readiness towards a more holistic and coherent understanding. This led to the development of a comprehensive model that explains how forensic readiness can be achieved and what organisations can achieve by being forensically ready. The proposed model has been extensively validated through multiple focus groups and a multi-round Delphi survey, which involved experienced computer forensic experts from twenty countries and diverse computer forensic backgrounds. The study found there to be four primary objectives for developing a forensic readiness capability: 1) to manage digital evidence; 2) to conduct internal digital forensic investigations; 3) to comply with regulations; and 4) to achieve other non-forensic related objectives (e.g. improve security management). The study also identified the factors that contribute to forensic readiness. These are: 1) a strategy that draws the map for a forensically ready system; 2) human expertise to perform forensic tasks; 3) awareness of forensics in organisational staff; 4) software and hardware to manage digital evidence; 5) system architecture that is tailored for forensics; 6) policies and procedures that outline forensic best practice; and 7) training to educate staff on their forensic responsibilities. Further, the study found three additional organisational factors external to the forensic program: 1) adequate support from senior management; 2) an organisational culture that is supportive of forensics; and 3) good governance. This study makes significant theoretical contributions by introducing a more comprehensive model for forensic readiness that is characterised by the following: 1) providing formal definitions to key concepts in forensic readiness; 2) describing the key factors that contribute to forensic readiness; 3) describing the relationships and interactions between the factors; 4) defining a set of dimensions and properties by which forensic readiness is characterised; and 5) describing the key objectives organisations can achieve by being forensically ready. The study also makes significant contributions to practice. A key attribute of the digital forensic readiness model is its depth (in terms of the various dimensions and properties of each factor), which enables its use as an instrument to assess and guide organisational forensic readiness. Furthermore, this research increases the marketability of forensic readiness by introducing a well-defined list of objectives organisations can achieve by developing a forensic capability.
  • Item
    Thumbnail Image
    Strategic information security policy quality assessment: a multiple constituency perspective
    MAYNARD, SEAN ( 2010)
    An integral part of any information security management program is the information security policy. The purpose of an information security policy is to define the means by which organisations protect the confidentiality, integrity and availability of information and its supporting infrastructure from a range of security threats. The tenet of this thesis is that the quality of information security policy is inadequately addressed by organisations. Further, although information security policies may undergo multiple revisions as part of a process development lifecycle and, as a result, may generally improve in quality, a more explicit systematic and comprehensive process of quality improvement is required. A key assertion of this research is that a comprehensive assessment of information security policy requires the involvement of the multiple stakeholders in organisations that derive benefit from the directives of the information security policy. Therefore, this dissertation used a multiple-constituency approach to investigate how security policy quality can be addressed in organisations, given the existence of multiple stakeholders. The formal research question under investigation was: How can multiple constituency quality assessment be used to improve strategic information security policy? The primary contribution of this thesis to the Information Systems field of knowledge is the development of a model: the Strategic Information Security Policy Quality Model. This model comprises three components: a comprehensive model of quality components, a model of stakeholder involvement and a model for security policy development. The strategic information security policy quality model gives a holistic perspective to organisations to enable management of the security policy quality assessment process. This research contributes six main contributions as stated below:  This research has demonstrated that a multiple constituency approach is effective for information security policy assessment  This research has developed a set of quality components for information security policy quality assessment  This research has identified that efficiency of the security policy quality assessment process is critical for organisations  This research has formalised security policy quality assessment within policy development  This research has developed a strategic information security policy quality model  This research has identified improvements that can be made to the security policy development lifecycle The outcomes of this research contend that the security policy lifecycle can be improved by: enabling the identification of when different stakeholders should be involved, identifying those quality components that each of the different stakeholders should assess as part of the quality assessment, and showing organisations which quality components to include or to ignore based on their individual circumstances. This leads to a higher quality information security policy, and should impact positively on an organisation’s information security.
  • Item
    Thumbnail Image
    Seamless proximity sensing
    Ahmed, Bilal ( 2013)
    Smartphones are uniquely positioned to offer a new breed of location and proximity aware applications that can harness the benefits provided by positioning technologies such as GPS, and advancements in radio communication technologies such as Near Field Communication (NFC) and Bluetooth low energy (BLE). The popularity of location aware applications, that make use of technologies such as GPS, Wi-Fi and 3G, has further strained the already frail battery life that current generation smartphones exhibit. This research project is aimed to perform a comparative assessment of NFC, BLE and Classic Bluetooth (BT) for the purpose of establishing proximity awareness in mobile devices. We demonstrate techniques; in the context of a mobile application to provide seamless proximity awareness using the three technologies, with focus on accuracy and operational range. We present the results of our research and experimentation for the purpose of creating a baseline for proximity estimation using the three technologies. We further investigate the viability of using BT as the underlying wireless technology for peer to peer networking on mobile devices and demonstrate techniques that can be applied programmatically for automatic detection of nearby mobile devices.
  • Item
    Thumbnail Image
    Interest-based negotiation in multi-agent systems
    rahwan, iyad ( 2004)
    Software systems involving autonomous interacting software entities (or agents) present new challenges in computer science and software engineering. A particularly challenging problem is the engineering of various forms of interaction among agents. Interaction may be aimed at enabling agents to coordinate their activities, cooperate to reach common objectives, or exchange resources to better achieve their individual objectives. This thesis is concerned with negotiation: a process through which multiple self-interested agents can reach agreement over the exchange of scarce resources. In particular, I focus on settings where agents have limited or uncertain information, precluding them from making optimal individual decisions. I demonstrate that this form of bounded-rationality may lead agents to sub-optimal negotiation agreements. I argue that rational dialogue based on the exchange of arguments can enable agents to overcome this problem. Since agents make decisions based on particular underlying reasons, namely their interests, beliefs and planning knowledge, then rational dialogue over these reasons can enable agents to refine their individual decisions and consequently reach better agreements. I refer to this form of interaction as “interested-based negotiation.” (For complete abstract open document)