Information Systems Security Compliance in E-Government

The aim of this research paper is the development of a Fuzzy Logic model framed on Activity Theory to predict and benchmark compliance of Government agencies activities, with information systems security (ISS) standard, AS17799 (2006). The ISS standard has 10 main categories and 127 controls for which survey questions were asked in an online process. This project is a longitudinal study that commenced in 2002. The questions for the Fuzzy Logic project were piloted in August 2002, followed by three annual surveys from November 2002. The paper describes the development of an enhanced Fuzzy Logic model using Activity Theory. The results from the Fuzzy Logic model helped to focus attention and monitor the progress of agencies that appear unlikely to reach ISS compliance. The main contribution of this study is the simplification of a complex system guided by Activity Theory using a fuzzy logic tool for analysis of a large number of inputs across a large number of agencies. A practical contribution to the New South Wales Government was that the Fuzzy Logic tool removed the complexity in computation, saved time and resources. Our approach using Fuzzy Logic also permits input from expert’s embracing an organisations human capital.

[1]  A. Luria,et al.  Cultural–Historical Activity Theory , 2010 .

[2]  Harold F. Tipton,et al.  Information Security Management , 2000 .

[3]  L. S. Vygotksy Mind in society: the development of higher psychological processes , 1978 .

[4]  Helen Hasan Integrating IS and HCI Using Activity Theory as a Philosophical and Theoretical Basis , 1999, Australas. J. Inf. Syst..

[5]  Lance J. Hoffman,et al.  SECURATE - Security evaluation and analysis using fuzzy metrics , 1978, AFIPS National Computer Conference.

[6]  Joseph Y. Halpern Reasoning about uncertainty , 2003 .

[7]  Salwa Ammar,et al.  Ranking State Financial Management: A Multilevel Fuzzy Rule-based System , 2000, Decis. Sci..

[8]  Salwa Ammar,et al.  Analysing customer satisfaction surveys using a fuzzy rule-based decision support system: Enhancing customer relationship management , 2008 .

[9]  L. Zadeh The role of fuzzy logic in the management of uncertainty in expert systems , 1983 .

[10]  Earl Cox,et al.  The fuzzy systems handbook - a practitioner's guide to building, using, and maintaining fuzzy systems , 1994 .

[11]  George J. Klir,et al.  On fuzzy-set interpretation of possibility theory , 1999, Fuzzy Sets Syst..

[12]  Sumit Ghosh,et al.  A survey of recent advances in fuzzy logic in telecommunications networks and new challenges , 1998, IEEE Trans. Fuzzy Syst..

[13]  Salwa Ammar,et al.  A fuzzy logic approach to performance evaluation , 1995, Proceedings of 3rd International Symposium on Uncertainty Modeling and Analysis and Annual Conference of the North American Fuzzy Information Processing Society.

[14]  Hung T. Nguyen,et al.  Fundamentals of Statistics with Fuzzy Data , 2006, Studies in Fuzziness and Soft Computing.

[15]  David Hung,et al.  Bringing Communities of Practice into Schools: Implications for Instructional Technologies from Vygotskian Perspectives. , 2002 .

[16]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.