Assessing information security risks in the cloud: a case study of Australian local government authorities

Ali, Omar and Shrestha, Anup ORCID: https://orcid.org/0000-0002-2952-0072 and Chatfield, Akemi and Murray, Peter A. (2020) Assessing information security risks in the cloud: a case study of Australian local government authorities. Government Information Quarterly, 37 (1):101419. ISSN 0740-624X


Abstract

Cloud computing enables cost-effective and scalable growth of IT services that can enhance government services. Despite the Australian Federal Government's ‘cloud-first’ strategy and policies, and the Queensland State Government's ‘digital-first’ strategy, cloud services adoption at local government level has been limited—largely due to data security concerns. We reviewed the ISO 27002 Information Security standard with extant literature and found that operational security, individual awareness and compliance matters pose more significant government challenges than the often-highlighted technical and process-oriented cloud security requirements. This study identifies and explores the critical factors associated with information security requirements of cloud services within the Australian regional local government context. We conducted 21 field interviews with IT managers, and surveyed 480 IT staff from Australia's 47 regional local governments. We propose a conceptual cloud computing security requirements model with four components – data security; risk assessment; legal & compliance requirements; and business & technical requirements – in order to promote a balanced view on cloud security for governments. Using this model, governments can work together to demand uniform security requirements for adopting cloud services.


Statistics for USQ ePrint 37206
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: Permanent restricted access to Published version, in accordance with the copyright policy of the publisher.
Faculty/School / Institute/Centre: Historic - Faculty of Business, Education, Law and Arts - School of Management and Enterprise (1 Jul 2013 - 17 Jan 2021)
Faculty/School / Institute/Centre: Historic - Faculty of Business, Education, Law and Arts - School of Management and Enterprise (1 Jul 2013 - 17 Jan 2021)
Date Deposited: 18 Dec 2019 05:08
Last Modified: 25 May 2020 06:16
Uncontrolled Keywords: information security requirements; cloud computing; structural equation model; adoption; local governments
Fields of Research (2008): 08 Information and Computing Sciences > 0806 Information Systems > 080699 Information Systems not elsewhere classified
08 Information and Computing Sciences > 0806 Information Systems > 080609 Information Systems Management
15 Commerce, Management, Tourism and Services > 1503 Business and Management > 150312 Organisational Planning and Management
Fields of Research (2020): 46 INFORMATION AND COMPUTING SCIENCES > 4609 Information systems > 460999 Information systems not elsewhere classified
46 INFORMATION AND COMPUTING SCIENCES > 4609 Information systems > 460908 Information systems organisation and management
35 COMMERCE, MANAGEMENT, TOURISM AND SERVICES > 3507 Strategy, management and organisational behaviour > 350711 Organisational planning and management
Socio-Economic Objectives (2008): E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences
Identification Number or DOI: https://doi.org/10.1016/j.giq.2019.101419
URI: http://eprints.usq.edu.au/id/eprint/37206

Actions (login required)

View Item Archive Repository Staff Only