Home

Menu
About us Contact and Enquiries Department History News Intranet Future Students Undergraduate What would I do with an IS Degree Graduate Stories Postgraduate Introducing the MIS Why do the MIS The Learning Environment MIS Programs and Subjects Careers and Industry Past and Present Students Entry Requirements How to Apply Facilities and Services Contacts Tell me more about the MIT Research Honours Master of Philosophy (MPhil) PhD Application Process Scholarships Current Students Breadth Options Undergraduate Science Informatics Dip Informatics BIS Subjects Resources Postgraduate Subjects Resources Courses BIS Honours Research and Industry Seminars Research Groups Interaction Design Organisational Information Security Group Agent Research Group Situated Systems Project Usability Lab Index of Research Interests Work With Us Industry Projects People Academic Professional Students Undergraduate Postgraduate Student Societies & Alumni Alumni (UMISA) ISSS ISRPG Resources and Facilities Helpdesk Student Resource Information Undergraduate Postgraduate Research Honours Building & Labs Access Human Ethics Health & Safety Web Helpdesk

Welcome to OISG Info Page

What is the Organisational Information Security Group?
The Organizational Information Security Group (OISG) consists of experts with extensive research and professional experience in security and business processes. The OISG integrates its unique and diverse skill set towards researching innovative methods of advancing information security within organizations. The OISG is at the forefront of Australian Research in security frameworks that apply to infrastructure protection and organizational information security. The OISG maintains strengths in security governance, security culture, risk management, and business continuity planning. These knowledge areas makes OISG uniquely suited to addressing the needs of organizations seeking to augment their information security.

What do we do?
The need for an integrated strategic approach to security is recognized as the only viable method of protecting organizational infrastructure including people, data and technology. Without such an approach organizations will be exposed to severe threats affecting their business continuity. The Organizational Information Security Group (OISG) is focused on extending the fundamental concepts underlying information security practice within organizations. For more details on the research that we do, kindly proceed on to the OISG Website.

Who's Involved?
Our cross-disciplinary team is composed of both staff and students all focused on understanding the business impact of security and explaining how and why benefits and problems occur.

Name	Interests
Dr. Atif Ahmad	Critical Infrastructure Protection Risk Management Forensics Evidence
Mr. Sean Maynard	Information Security Policy Evaluation Security Culture
Dr. A.B. (Tobias) Ruighaver	Security Governance Incident Investigation Security Culture Risk Management
Dr. Wally Smith	Emergency Management
Dr. Rens Scheepers	Security Aspects of Knowledge Processes
Dr. Andrew Lonie	Metrics in Information Security E-crime Investigation
Mr. Terence Tan	Security Governance Incident Handling
Mr. Zhiqi (Pedro) Tao	Wireless Security
Mr. Piya Shedden	Risk Accessment
Mr. Sangseo Park	Defensive Security Strategy

Recent Key Publications (2003 - 2008)

(For older publications, kindly visit the OISG Website)

Maynard, S.B. and Ruighaver, A.B. (2007) "Security Policy Quality: A Multiple Constituency Perspective". In Assuring Business processes, Proc. of the 6th Annual Security Conference , Ed. G. Dhillon. Washington DC: Global Publishing, USA. 11-12 April 2007.
Ruighaver, A.B.; Maynard, S.B. and Chang, S. (2007) "Organisational security culture: Extending the end-user perspective". Computers & Security, Volume 26, Issue 1, February 2007, Pages 56-62.
Maynard S. and Ruighaver, A.B. (2006) "What Makes a Good Information Security Policy: A Preliminary Framework for Evaluating Security Policy Quality". 5th Annual Security Conference, Las Vegas, Nevada USA, 19-20 April 2006.
Ruighaver, A.B. and Maynard, S. (2006) "Organizational Security Culture: More Than Just an End-User Phenomenon". Proceedings of the 21st IFIP TC-11 International Information Security Conference (IFIP/SEC 2006), May 22 2006, Karlstad, Sweden, pages 425-430.
Shedden, P. Ahmad, A and Ruighaver, A.B. (2006) " Risk Management Standards– The Perception Of Ease Of Use". 5th Annual Security Conference, Las Vegas, Nevada USA, 19-20 April 2006.
Lonie A, Wei D, Maynard SB & Ruighaver AB. (2005). A case study of organisational response to electronic and non-electronic financial crimes. In BCV Campbell, J++++ Underwood & D Bunker (eds), Proceedings of the 16th Australasian Conference on Information Systems ACIS 2005 . 1-10. NSW, Australia : Australasian Chapter of the Association for Information Systems
Koh, K. Ruighaver, A.B. Maynard, S. and Ahmad, A.(2005) ‘Security Governance: Its impact on Security Culture' Proceedings of the 3 rd Australian Information Security Management Conference, Perth , Australia , September 2005.
Tan CCT & Ruighaver AB. (2005). A framework for investigating the development of security strategy context in organisations. In G Pye & M Warren (eds), Conference Proceedings of the 6th Australian Information Warfare & Security Conference: Protecting the Australian Homeland . 216-226. Geelong , Australia : School of Information Systems, Deakin University .
Tan CCT & Ruighaver AB. (2005). Understanding the scope of strategic context in security governance. In B Cusack (ed), IT Audit: A Strategic Foundation for Corporate Governance . 65-77. Auckland , New Zealand : School of Computer & Information Science, Auckland University of Techn.
Tao Z & Ruighaver AB. (2005). Wireless intrusion detection: Not as easy as traditional network intrusion detection. In R Harris (ed), Proceedings of Tencon 2005: 2005 IEEE Region 10 . 1-5. Melbourne , Australia : Swinburne University .
Tao Z & Ruighaver AB. (2005). Detecting rogue access points that endanger the maginot line of wireless authentication. In CV Valli & A Woodward (eds), Proceedings of the 3rd Australian Information Security Management Conference . 103-110. Churchlands , Australia : Edith Cowan University.
Ahmad, A., Fah, H.,Teo, W.,Ruighaver, A.B. (2004), "On the Importance of Protecting Critical Infrastructure-related Engineering Descriptor Information (CIEDI)." Journal of Information Warfare , 2004.
Ahmad, A., Ruighaver, A.B. (2004), “Towards Identifying Criteria for the Evidential Weight of System Event Logs,?Proceedings of the 2nd Ausrtralian Computer Network, Information & Forensics Conference , Perth , Nov 25, 2004 .
Tan,T.C.C. and Ruighaver, A.B. (2004) "Developing a framework for understanding Security Governance," 2nd Australian Information Security Management Conference 2004, Western Australia , Australia .
Scheepers, R. Venkitachalam, K. and Gibbs, M.R. (2004). Knowledge strategy in organizations: refining the model of Hansen, Nohria and Tierney. Journal of Strategic Information Systems , 13 (3), 201-222.
Venkitachalam, K. & Scheepers, R. (2004). Formulating an Organizational Knowledge Strategy: The Influence of Existing IT Infrastructure. In: (Leino, T, Saarinen, T. & Klein, S. (Eds.)) Proceedings of the 12th European Conference on Information Systems, Turku, Finland (published on CDROM: ISBN: 951-564-192-6).
Tan, T.C.C., Ruighaver, A.B., Ahmad, A.(2003), “Incident Handling: Where the Need for Planning is often not Recognised, Proceedings of the 1st Australian Computer Network, Information & Forensics Conference , Perth, Nov 24, 2003. (*Best Paper Award*)
Ahmad, A., Ruighaver, A.B.(2003), “Improved Event Logging for Security and Forensics: Developing Audit Management Infrastructure Requirements,?ISOneWorld , Las Vegas , USA , Apr 23-25, 2003 .
Ahmad, A., Ruighaver, A.B.(2003), “Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation,?Proceedings of the 1st Australian Computer Network, Information & Forensics Conference , Perth , Nov 24, 2003 .
Chia, P. Maynard, S., and Ruighaver, A.B. (2003) "Understanding Organisational Security Culture" in Information Systems: The Challenges of Theory and Practice, Hunter, M. G. and Dhanda, K. K. (eds), Information Institute, Las Vegas , USA , pages 335 - 365.
Maynard, S., and Ruighaver, A.B. (2003) "Development and Evaluation of Information System Security Policies" in Information Systems: The Challenges of Theory and Practice, Hunter, M. G. and Dhanda, K. K. (eds), Information Institute, Las Vegas, USA, pages 366 - 393.
Maynard, S., and Ruighaver, A.B. (2003) "Development and Evaluation of Information System Security Policies" in Information Systems: The Challenges of Theory and Practice, Hunter, M. G. and Dhanda, K. K. (eds), Information Institute, Las Vegas, USA, pages 366 - 393.
Maynard, S., and Ruighaver, A.B. (2002) "Evaluating IS Security Policy Development". Third Australian Information Warfare and Security Conference, Perth , Australia , 28-29 November 2002.

More publication on OISG Website

top of page

Faculty of Science Department of Information Systems

Menu

Welcome to OISG Info Page

What is the Organisational Information Security Group?

What do we do?

Who's Involved?

Recent Key Publications (2003 - 2008)

Faculty of Science
Department of Information Systems