Assessing information security risks in the cloud: a case study of Australian local government authorities

Ali, Omar and Shrestha, Anup and Chatfield, Akemi and Murray, Peter A. (2019) Assessing information security risks in the cloud: a case study of Australian local government authorities. Government Information Quarterly (Article 101419). ISSN 0740-624X

Abstract

Cloud computing enables cost-effective and scalable growth of IT services that can enhance government services. Despite the Australian Federal Government's ‘cloud-first’ strategy and policies, and the Queensland State Government's ‘digital-first’ strategy, cloud services adoption at local government level has been limited—largely due to data security concerns. We reviewed the ISO 27002 Information Security standard with extant literature and found that operational security, individual awareness and compliance matters pose more significant government challenges than the often-highlighted technical and process-oriented cloud security requirements. This study identifies and explores the critical factors associated with information security requirements of cloud services within the Australian regional local government context. We conducted 21 field interviews with IT managers, and surveyed 480 IT staff from Australia's 47 regional local governments. We propose a conceptual cloud computing security requirements model with four components – data security; risk assessment; legal & compliance requirements; and business & technical requirements – in order to promote a balanced view on cloud security for governments. Using this model, governments can work together to demand uniform security requirements for adopting cloud services.


Statistics for USQ ePrint 37206
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: Published online: 1 October 2019. Permanent restricted access to ArticleFirst version, in accordance with the copyright policy of the publisher.
Faculty/School / Institute/Centre: Current - Faculty of Business, Education, Law and Arts - School of Management and Enterprise (1 July 2013 -)
Faculty/School / Institute/Centre: Current - Faculty of Business, Education, Law and Arts - School of Management and Enterprise (1 July 2013 -)
Date Deposited: 18 Dec 2019 05:08
Last Modified: 17 Jan 2020 03:20
Uncontrolled Keywords: information security requirements; cloud computing; structural equation model; adoption; local governments
Fields of Research : 08 Information and Computing Sciences > 0806 Information Systems > 080699 Information Systems not elsewhere classified
08 Information and Computing Sciences > 0806 Information Systems > 080609 Information Systems Management
15 Commerce, Management, Tourism and Services > 1503 Business and Management > 150312 Organisational Planning and Management
Socio-Economic Objective: E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences
Identification Number or DOI: 10.1016/j.giq.2019.101419
URI: http://eprints.usq.edu.au/id/eprint/37206

Actions (login required)

View Item Archive Repository Staff Only