An analysis of information security in selected Australian organisations

Darragh, Warren J. (2009) An analysis of information security in selected Australian organisations. [Thesis (PhD/Research)]

Text (Introductory Pages)

Download (2MB)
Text (Main Document)

Download (2MB)


Previous, mainly quantitative, research has indicated that information security threats and incidents are having a significant impact on the conduct of electronic business - and office automation in general - both nationally and internationally. However, as revealed by this study's extensive review of the relevant literature, our understanding of the information security situation in Australian organisations has been quite limited. There has been very little detailed research into security threats and incidents and, equally importantly, the strategies the Australian IT industry is using to deal with them.

In addressing that deficiency, this study used a qualitative, case-based research methodology involving a variety of Australian organisations. The case based approach, using in-depth interviews, facilitated a thorough examination of the information security risks (threats and incidents) and enabled assessment and analysis of management actions (countermeasures) to mitigate the identified risks.

The major findings with regard to this study's research issues are:

 The case-study organisations are generally highly reliant on IT for the conduct of their business and therefore would be heavily impacted if it was unavailable
 They face a variety of information security threats with viruses being the most prevalent threat. The hacking threat was not as evident as reported in the literature
 There are some differences between the Australian information security experience and that reported in the literature for international organisations in particular many of the very large business overseas operate on a much larger scale than those in Australia
 The organisations do not believe that they are specific targets for security attacks; rather they believe that are 'targets of opportunity'
 A wide range of countermeasures are employed; generally, the larger the organisation the greater the diversity and complexity of countermeasures. However, the majority do not have a clear link between risks and countermeasures
 The majority of the organisations do not have a specific security budget.

Whilst Australian organisations were generally well prepared and versed on security issues, the findings indicate the need for the application of best practice across the industry as a whole. A degree of cynicism regarding the nature of the hacking threat was evident – with many participants believing that the threat is overstated. Indeed this study uncovered little direct evidence of the organisations involved being subjected to actual hacker attacks.

The framework developed for this study and its findings are readily adaptable for use by industry. By following the process specified in the framework, organisations will be better able to identify both likely and unlikely threats and incidents and deploy appropriate countermeasures.

Statistics for USQ ePrint 6531
Statistics for this ePrint Item
Item Type: Thesis (PhD/Research)
Item Status: Live Archive
Additional Information: Master of Information Technology (Research) thesis.
Faculty/School / Institute/Centre: Historic - Faculty of Business - No Department (Up to 31 Dec 2010)
Faculty/School / Institute/Centre: Historic - Faculty of Business - No Department (Up to 31 Dec 2010)
Supervisors: Fitzgerald, Edmond
Date Deposited: 06 Jan 2010 05:24
Last Modified: 27 Jul 2016 03:05
Uncontrolled Keywords: information security; organisations; Australia
Fields of Research (2008): 08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
Fields of Research (2020): 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460499 Cybersecurity and privacy not elsewhere classified

Actions (login required)

View Item Archive Repository Staff Only