Information Systems - Theses

Permanent URI for this collection

http://hdl.handle.net/11343/289

Filters

2015 - 2019 4
Reset filters

Settings
Statistics
Citations
Type: Masters Coursework thesis ×

Search Results

Now showing 1 - 4 of 4
  • Item
    Thumbnail Image
    Exploring knowledge leakage risk in knowledge-intensive organisations: behavioural aspects and key controls
    Altukruni, Hibah Ahmed ( 2019)
    Knowledge leakage poses a critical risk to the competitiveness advantages of knowledge-intensive organisations. Although knowledge leakage is a human-centric security issue, little is known in relation to the key factors of individual-level leaking behaviour. Therefore, the aim of this thesis was to explore security practitioners’ perspectives on the key enablers and inhibitors of behavioural knowledge leakage risk in the context of knowledge-intensive organisations. An exploratory, qualitative design was used to carry out the study. Moreover, seven security practitioners working in Australian organisations were recruited to participate in this research. The data were collected using semi-structured questions via two focus group discussions. The discussion sessions lasted between 90 and 120 minutes, including a 10-minute break. The sessions were audio recorded, transcribed, and thematically analysed following Braun and Clarke’s (2006) strategy. Furthermore, two main trends emerged from the analysed data. First, ‘interpersonal enabling factors’ included leaking behaviours and employees’ personality’ traits. Second, contributing ‘organisational practices around knowledge leakage mitigation’ included poor knowledge sensitivity classification systems and poor knowledge security management practices. In conclusion, it is essential that security practitioners address the key identified factors of behavioural leakage risk to mitigate the leaking incidents effectively. Three key security practices that were found to have a superior impact in mitigating leaking enablers included human resource management practices, knowledge security training and awareness practices, and compartmentalisation.
  • Item
    Thumbnail Image
    Enhancing the security and privacy of cloud-based health records systems
    Alwuthaynani, Maha Mohammed ( 2015-11-04)
    Electronic health records (EHR) and personal health records (PHR) are emerging services for electronic health. They allow healthcare providers, clinicians and patients to manage, access and share medical data. EHR and PHR increase healthcare e ciency by preventing unnecessary diagnostics. They can assist clinicians in tracking the status of patients’ chronic illnesses and dealing with any encountered problems. There is growing interest in storing patient data in cloud computing storage instead of storing data in healthcare providers’ decentralised data centres. More and more health information is stored in cloud-based storage and this makes securing this information a challenging task. If cloud- based storage is compromised, health information might be revealed. Also, healthcare providers and patients lose control of this information. To address these challenging issues, there is a need to develop an efficient cryptographic scheme that can secure and preserve the privacy of the stored information. The proposed scheme needs to allow both healthcare providers and patients to gain full control of health information by being able to enforce a fine-grained access policy on each data file stored in the cloud. We propose a multi-authority attribute-based scheme for securing electronic and personal health records. This scheme allows healthcare providers to send encrypted copies of any health record to a patient. It also provides a feature to assist healthcare providers in monitoring patient health. In addition, patients are able to share any record with other users. Using the proposed scheme, all health records (medical files with their directory entries) need to be encrypted before they are uploaded to cloud-based storage. Medical data files are encrypted using a symmetric key while their directory entries are encrypted twice: first using ciphertext-policy attribute-based encryption and second using patient-controlled encryption. Finally, we evaluate the effectiveness and efficiency of the proposed scheme.
  • Item
    Thumbnail Image
    Mitigating BYOD information security risks
    Arregui, Daniel ( 2015)
    BYOD is a trend in organizations to allow employees, contractors and suppliers to use their personal devices in the workplace. Users can access electronic organizational resources from their tablets, smartphones, laptops, etc. The benefits of allowing BYOD in organizations are convenient for both employees and organizations. Employees will feel more comfortable employing their personal devices and organizations will save resources that should be used to purchase of electronic equipment for their employees. However, the confidentiality, integrity and ability of the information are at risk because individuals will have access to it employing their personal devices. The challenge to organizations is to keep that information secure. While BYOD is a well-defined and accepted trend in several organizations, there is little documentation to address the information security risks posed by BYOD. The following research, in the form of an extensive literature review, has defined a comprehensive list of information security risks that are associated with allowing BYOD in the organizations. This list will be used to evaluate five BYOD policy documents from different organizations to determine how comprehensively BYOD information security risks are addressed. Based on this evaluation, it will be identified which BYOD information security risks have been acknowledged and addressed by these organizations.
  • Item
    Thumbnail Image
    Information security manager as a strategist
    Onibere, Mazino ( 2015)
    The modern organisation operates within a highly complex and sophisticated security threat landscape that exposes its information infrastructure to a range of security risks. This threat landscape includes advanced persistent threat (APT) – attackers are well-trained, organised, well-funded and capable of utilising a range of technologies to inflict damage over a prolonged period of time (Giura & Wang 2012; Ahmad 2010). Unsurprisingly, despite the existence of industry ‘best-practice’ security standards and unprecedented levels of investment in security infrastructure, the rate of incidents continues to escalate. The fundamental premise of this thesis is that the level of sophistication of threat requires organisations to develop novel security strategies that draw on creative and lateral thinking approaches. Such a security campaign requires the security manager to function as a ‘strategist’ by exercising ‘strategic thinking’. A review of security literature found little or no evidence that security managers are able or expected to function as strategists. Therefore this research project aims to identify the specific capabilities required by security managers to become effective strategists. A systematic literature review approach was adopted to determine 1) the existing role of the security manager from security literature, and 2) characteristics of a strategist from the management literature. Findings from a review of these literatures revealed 1) a strategic perspective of Information Security Management is missing, and 2) the management literature identifies a range of characteristics and qualities of a strategist. The latter was coded into the 5 dimensions of the strategist. These 5 dimensions are then discussed in the context of security managers and current strategic challenges facing security management. The result was a set of security capabilities required by security mangers to function as strategists. The thesis outlines implications for further research, including the need to expand the scope of literature review to warfare literature and the need to empirically test the 5 dimensions.