Assessing information security risks in the cloud: a case study of Australian local government authorities
Article
Article Title | Assessing information security risks in the cloud: a case study of Australian local government authorities |
---|---|
ERA Journal ID | 30346 |
Article Category | Article |
Authors | Ali, Omar (Author), Shrestha, Anup (Author), Chatfield, Akemi (Author) and Murray, Peter A. (Author) |
Journal Title | Government Information Quarterly: an international journal of information technology management, policies, and practices |
Journal Citation | 37 (1) |
Article Number | 101419 |
Number of Pages | 20 |
Year | 2020 |
Place of Publication | United Kingdom |
ISSN | 0740-624X |
1872-9517 | |
Digital Object Identifier (DOI) | https://doi.org/10.1016/j.giq.2019.101419 |
Abstract | Cloud computing enables cost-effective and scalable growth of IT services that can enhance government services. Despite the Australian Federal Government's ‘cloud-first’ strategy and policies, and the Queensland State Government's ‘digital-first’ strategy, cloud services adoption at local government level has been limited—largely due to data security concerns. We reviewed the ISO 27002 Information Security standard with extant literature and found that operational security, individual awareness and compliance matters pose more significant government challenges than the often-highlighted technical and process-oriented cloud security requirements. This study identifies and explores the critical factors associated with information security requirements of cloud services within the Australian regional local government context. We conducted 21 field interviews with IT managers, and surveyed 480 IT staff from Australia's 47 regional local governments. We propose a conceptual cloud computing security requirements model with four components – data security; risk assessment; legal & compliance requirements; and business & technical requirements – in order to promote a balanced view on cloud security for governments. Using this model, governments can work together to demand uniform security requirements for adopting cloud services. |
Keywords | information security requirements; cloud computing; structural equation model; adoption; local governments |
ANZSRC Field of Research 2020 | 460999. Information systems not elsewhere classified |
460908. Information systems organisation and management | |
350711. Organisational planning and management | |
Public Notes | Files associated with this item cannot be displayed due to copyright restrictions. |
Byline Affiliations | American University of the Middle East, Kuwait |
School of Management and Enterprise | |
University of Wollongong | |
Institution of Origin | University of Southern Queensland |
https://research.usq.edu.au/item/q569x/assessing-information-security-risks-in-the-cloud-a-case-study-of-australian-local-government-authorities
411
total views8
total downloads2
views this month0
downloads this month