Measuring sustainability for an effective Information System audit from public organization perspective

Book chapter


Lope Abdul Rahman, Alifah Aida, Islam, S. and Al-Nemrat, A. 2015. Measuring sustainability for an effective Information System audit from public organization perspective. in: Research Challenges in Information Science (RCIS), 2015 IEEE 9th International Conference on IEEE. pp. 42-51
AuthorsLope Abdul Rahman, Alifah Aida, Islam, S. and Al-Nemrat, A.
Abstract

Information System (IS) auditing is the assessment of various controls, risk, and system development within IS infrastructures. Incorporation of sustainability within the existing audit process aims to enhance the execution of the IS audit for an effective information system. Commonly, the performance of an IS service is evaluated through quantitative scales such as Likert Scale. However, such measurement does not provide an accurate value of the audit context due to lack of precision. Our work attempts to address this limitation. In particular, we propose a Sustainability-driven Information System Audit (SISA) approach that integrates Analytical Hierarchy Process (AHP) and the Fuzzy Set Theory (FST) to determine the performance of sustainability in IS focusing on the public organization. Sustainability consists of five dimensions as audit criteria, i.e., economic, environmental, resources, social and technology. These audit criteria are also contain sub-criteria such as cost, green IS...etc. In our case, the AHP is used to identify the relevance importance of the sustainability dimensions and its related attributes so that we can prioritize the relevant audit areas. The priority is then used to determine the level of the satisfactory of the IS sustainability using the FST. Finally, we provide a case study from the National Audit Department of Malaysia to demonstrate the applicability of our approach. The results show that this approach is useful for an effective audit towards sustainability, where auditors are able to produce effective justification for IS audit findings.

Keywordssustainability measurement; Information systems audit; sustainability
Book titleResearch Challenges in Information Science (RCIS), 2015 IEEE 9th International Conference on
Page range42-51
Year2015
PublisherIEEE
Publication dates
Print22 Jun 2015
Publication process dates
Deposited27 Feb 2017
Event9th International Conference on Research Challenges in Information Science (RCIS)
ISBN978-1-4673-6630-4
978-1-4673-6631-1
978-1-4673-6629-8
Digital Object Identifier (DOI)https://doi.org/10.1109/RCIS.2015.7128862
FunderNational Audit Department of Malaysia
Austrian Science Fund (FWF)
National Audit Department of Malaysia
Austrian Science Fund
Web address (URL)http://doi.org/10.1109/RCIS.2015.7128862
Additional information

© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Accepted author manuscript
License
CC BY-NC-ND
Permalink -

https://repository.uel.ac.uk/item/855qq

Download files

  • 231
    total views
  • 438
    total downloads
  • 1
    views this month
  • 1
    downloads this month

Export as

Related outputs

The Impact of CISO Appointment Announcements on the Market Value of Firms
Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2022. The Impact of CISO Appointment Announcements on the Market Value of Firms. 17th International Conference on Cyber Warfare and Security (ICCWS 2022). Albany, New York, USA 17 - 18 Mar 2022 Academic Conferences International (ACI).
The Impact of Data Breach Announcements on Company Value in European Markets
Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2021. The Impact of Data Breach Announcements on Company Value in European Markets. WEIS 2021: The 20th Annual Workshop on the Economics of Information Security. 28 - 29 Jun 2021
The Impact of GDPR Infringement Fines on the Market Value of Firms
Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2021. The Impact of GDPR Infringement Fines on the Market Value of Firms. ECCWS 2021- Proceeding of the 20th European Conference on Cyber Warfare and Security. 24 - 25 Jun 2021 Academic Conferences International (ACI). https://doi.org/10.34190/EWS.21.088
Asset Criticality and Risk Prediction for an Effective Cyber Security Risk Management of Cyber Physical System
Kure, H. I., Islam, S., Ghazanfar, M., Raza, A. and Pasha, M. 2021. Asset Criticality and Risk Prediction for an Effective Cyber Security Risk Management of Cyber Physical System. Neural Computing and Applications. 34, p. 493–514. https://doi.org/10.1007/s00521-021-06400-0
Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security
Yeboah-Ofori, A., Islam, S., Lee, S. W., Shamszaman, Z. U., Muhammad, K., Altaf, M. and Al-Rakhami, M. S. 2021. Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security. IEEE Access. 9, pp. 94318-94337. https://doi.org/10.1109/ACCESS.2021.3087109
An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System
Kure, H., Islam, S. and Razzaque, Mohammad 2018. An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Applied Sciences. 8 (6), p. Art. 898. https://doi.org/10.3390/app8060898
E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries
Joshi, P. and Islam, S. 2018. E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries. Sustainability. 10 (6), p. Art. 1882. https://doi.org/10.3390/su10061882
Variance Ranking for Multi-Classed Imbalanced Datasets: A Case Study of One-Versus-All
Ebenuwa, S., Sharif, S., Al-Nemrat, A., Al-Bayatti, A. H., Alalwan, N., Alzahrani, A. I. and Alfarraj, O. 2019. Variance Ranking for Multi-Classed Imbalanced Datasets: A Case Study of One-Versus-All. Symmetry. 11 (Art. 1504). https://doi.org/10.3390/sym11121504
Assets focus risk management framework for critical infrastructure cybersecurity risk management
Kure, H. and Islam, S. 2019. Assets focus risk management framework for critical infrastructure cybersecurity risk management. IET Cyber-Physical Systems. 4 (4), pp. 332-340. https://doi.org/10.1049/iet-cps.2018.5079
Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure
Kure, H. and Islam, S. 2019. Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure. Journal of Universal Computer Science. 25 (11), pp. 1478-1502.
A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control
Uddin, M., Islam, S. and Al-Nemrat, A. 2019. A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control. IEEE Access. 7 (Art. 166676). https://doi.org/10.1109/ACCESS.2019.2947377
Variance Ranking Attributes Selection Techniques for Binary Classification Problem in Imbalance Data
Ebenuwa, S., Sharif, M., Alazab, Mamoun and Al-Nemrat, A. 2019. Variance Ranking Attributes Selection Techniques for Binary Classification Problem in Imbalance Data. IEEE Access. 7, pp. 24649-24666. https://doi.org/10.1109/ACCESS.2019.2899578
Cyber Security Threat Modeling for Supply Chain Organizational Environments
Yeboah-Ofori, A. and Islam, S. 2019. Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet. 11 (3), p. Art. 63. https://doi.org/10.3390/fi11030063
Deep Learning Approach for Intelligent Intrusion Detection System
Vinayakumar, R., Alazab, Mamoun, Soman, K. P., Poornachandran, Prabaharan, Al-Nemrat, A. and Venkatraman, Sitalakshmi 2019. Deep Learning Approach for Intelligent Intrusion Detection System. IEEE Access. 7, pp. 41525-41550. https://doi.org/10.1109/ACCESS.2019.2895334
Managing Social Engineering Attacks- Considering Human Factors and Security Investment
Alavi, R., Islam, S., Mouratidis, Haralambos and Lee, Sin Wee 2015. Managing Social Engineering Attacks- Considering Human Factors and Security Investment. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) Plymouth University. pp. 161-171
Agile Changes of Security Landscape: A Human Factors and Security Investment View
Alavi, R. and Islam, S. 2016. Agile Changes of Security Landscape: A Human Factors and Security Investment View. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) Plymouth University.
Content Discovery Advertisements: An Explorative Analysis
Jadhav Balaji, R., Baravalle, Andres, Al-Nemrat, A. and Falcarin, P. 2017. Content Discovery Advertisements: An Explorative Analysis. in: Jahankhani, Hamid, Carlile, Alex, Emmett, David, Hosseinian-Far, Amin, Brown, Guy, Sexton, Graham and Jamal, Arshad (ed.) Global Security, Safety and Sustainability - The Security Challenges of the Connected World Springer Verlag.
A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives
Islam, S., Weippl, Edgar R. and Krombholz, Katharina 2014. A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives. in: Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services New York, NY, USA Association for Computing Machinery (ACM). pp. 185-189
Sustainability forecast for cloud migration
Rahman, Alifah Aida Lope Abdul and Islam, S. 2015. Sustainability forecast for cloud migration. in: IEEE 9th International Symposium on the Maintenance and Evolution of Service-Oriented and Cloud-Based Environments (MESOCA) IEEE. pp. 31-35
Cloud Security Audit for Migration and Continuous Monitoring
Ismail, Umar Mukhtar, Islam, S. and Mouratidis, Haralambos 2015. Cloud Security Audit for Migration and Continuous Monitoring. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE.
Integration operators for generating RDF/OWL-based user defined mediator views in a grid environment
Tawil, Abdel-Rahman H., Taweel, Adel, Naeem, U., Montebello, Matthew, Bashroush, R. and Al-Nemrat, A. 2014. Integration operators for generating RDF/OWL-based user defined mediator views in a grid environment. Journal of Intelligent Information Systems. 43 (1), pp. 1-32. https://doi.org/10.1007/s10844-013-0300-5
Security countermeasures in the cyber-world
Bendovschi, Andreea and Al-Nemrat, A. 2016. Security countermeasures in the cyber-world. in: 2016 IEEE International Conference on Cybercrime and Computer Forensic (ICCCF) IEEE. pp. 1-7
ARP cache poisoning mitigation and forensics investigation
Mangut, Heman Awang, Al-Nemrat, A., Benzaid, Chafika and Tawil, Abdel-Rahman H. 2015. ARP cache poisoning mitigation and forensics investigation. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE. pp. 1392-1397
Cybercrime Profiling: Decision-Tree Induction, Examining Perceptions of Internet Risk and Cybercrime Victimisation
Al-Nemrat, A. and Benzaid, Chafika 2015. Cybercrime Profiling: Decision-Tree Induction, Examining Perceptions of Internet Risk and Cybercrime Victimisation. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE. pp. 1380-1385
Intelligent Detection of MAC Spoofing Attack in 802.11 Network
Benzaid, Chafika, Boulgheraif, Abderrahman, Dahmane, Fatma Zohra, Al-Nemrat, A. and Zeraoulia, Khaled 2016. Intelligent Detection of MAC Spoofing Attack in 802.11 Network. in: Proceedings of the 17th International Conference on Distributed Computing and Networking Association for Computing Machinery (ACM).
Forensic Malware Analysis: The Value of Fuzzy Hashing Algorithms in Identifying Similarities
Sarantinos, Nikolaos, Benzaid, Chafika, Arabiat, Omar and Al-Nemrat, A. 2017. Forensic Malware Analysis: The Value of Fuzzy Hashing Algorithms in Identifying Similarities. in: 2016 IEEE Trustcom/BigDataSE/ISPA IEEE. pp. 1782-1787
Towards Cloud Security Monitoring: A Case Study
Ismail, Umar Mukhtar, Islam, S. and Islam, S. 2016. Towards Cloud Security Monitoring: A Case Study. in: 2016 Cybersecurity and Cyberforensics Conference (CCC) IEEE.
A framework to support selection of cloud providers based on security and privacy requirements
Mouratidis, Haralambos, Islam, S., Kalloniatis, Christos and Gritzalis, Stefanos 2013. A framework to support selection of cloud providers based on security and privacy requirements. Journal of Systems and Software. 86 (9), pp. 2276-2293.
Evaluating cloud deployment scenarios based on security and privacy requirements
Kalloniatis, Christos, Mouratidis, Haralambos and Islam, S. 2013. Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Engineering. 18 (4), pp. 299-319. https://doi.org/10.1007/s00766-013-0166-7
Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts
Kalloniatis, Christos, Mouratidis, Haralambos, Vassilis, Manousakis, Islam, S., Gritzalis, Stefanos and Kavakli, Evangelia 2013. Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts. Computer Standards and Interfaces. 36 (4), pp. 759-775. https://doi.org/10.1016/j.csi.2013.12.010
An information security risk-driven investment model for analysing human factors
Alavi, R., Islam, S. and Mouratidis, Haralambos 2016. An information security risk-driven investment model for analysing human factors. Information and Computer Security. 24 (2), pp. 205-227.
A Scalable Malware Classification based on Integrated Static and Dynamic Features
Bounouh, Tewfik, Brahimi, Zakaria, Al-Nemrat, A. and Benzaid, Chafika 2017. A Scalable Malware Classification based on Integrated Static and Dynamic Features. 11th International Conference on Global Security, Safety, and Sustainability (ICGS3) 2017. London, UK 18 - 20 Jan 2017 Springer International Publishing. https://doi.org/10.1007/978-3-319-51064-4_10
A Risk Management Framework for Cloud Migration Decision Support
Islam, S., Fenz, Stefan, Weippl, Edgar and Mouratidis, Haralambos 2017. A Risk Management Framework for Cloud Migration Decision Support. Journal of Risk and Financial Management. 10 (2), p. 10. https://doi.org/10.3390/jrfm10020010
A Framework for Security Transparency in Cloud Computing
Ismail, U., Islam, S., Ouedraogo, Moussa and Weippl, Edgar 2016. A Framework for Security Transparency in Cloud Computing. Future Internet. 8 (1), p. 5.
Fast authentication in wireless sensor networks
Benzaid, Chafika, Lounis, Karim, Al-Nemrat, A., Badache, Nadjib and Alazab, Mamoun 2014. Fast authentication in wireless sensor networks. Future Generation Computer Systems. 55, pp. 362-375.
Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners
Islam, S., Fenz, Stefan, Weippl, Edgar and Kalloniatis, Christos 2016. Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners. International Journal of Secure Software Engineering. 7 (3), pp. 44-73. https://doi.org/10.4018/IJSSE.2016070103
An Analysis of Honeypot Programs and the Attack Data Collected
Moore, C. and Al-Nemrat, A. 2015. An Analysis of Honeypot Programs and the Attack Data Collected. in: Jahankhani, Hamid, Carlile, Alex, Akhgar, Babak, Taal, Amie, Hessami, Ali G. and Hosseinian-Far, Amin (ed.) Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security Springer International Publishing.
Assurance of security and privacy requirements for cloud deployment models
Islam, S., Ouedraogo, M., Kalloniatis, C., Mouratidis, H. and Gritzalis, S. 2015. Assurance of security and privacy requirements for cloud deployment models. IEEE Transactions on Cloud Computing. 6, pp. 387-400. https://doi.org/10.1109/TCC.2015.2511719
Statistical Sampling Approach to Investigate Child Pornography Cases
Sarantinos, N., Al-Nemrat, A. and Naeem, U. 2013. Statistical Sampling Approach to Investigate Child Pornography Cases. 2013 Fourth Cybercrime and Trustworthy Computing Workshop (CTC). Sydney NSW, Australia 21 - 22 Nov 2013 IEEE. https://doi.org/10.1109/CTC.2013.14
An empirical study on the implementation and evaluation of a goal-driven software development risk management model
Islam, S., Mouratidis, Haralambos and Weippl, Edgar R. 2013. An empirical study on the implementation and evaluation of a goal-driven software development risk management model. Information and Software Technology. 56 (2), pp. 117-133. https://doi.org/10.1016/j.infsof.2013.06.003
Human Factors in Software Security Risk Management
Islam, S. 2008. Human Factors in Software Security Risk Management. in: Proceedings of the first international workshop on Leadership and management in software architecture Association for Computing Machinery (ACM). pp. 13-16
Software Development Risk Management Model – A Goal Driven Approach
Islam, S. 2009. Software Development Risk Management Model – A Goal Driven Approach. ESEC/FSE'09 Joint 12th European Software Engineering Conference (ESEC) and 17th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE-17). Amsterdam, The Netherlands 24 - 28 Aug 2009 Association for Computing Machinery (ACM).
Offshore-Outsourced Software Development Risk Management Model
Islam, S. 2009. Offshore-Outsourced Software Development Risk Management Model. pp. 514-519
Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint
Islam, S. 2009. Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint. 4th IEEE International Conference on Global Software Engineering. Limerick, Ireland 13 - 16 Jul 2009
Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec
Islam, S. 2009. Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. Requirements Engineering Journal. 15 (1), pp. 63-93.
Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations
Islam, S., Mouratidis, Haralambos and Wager, Stefan 2010. Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations. in: Wieringa, Roel and Persson, Anne (ed.) Requirements Engineering: Foundation for Software Quality Springer.
A Framework to Support Alignment of Secure Software Engineering with Legal Regulations
Islam, S. and Mouratidis, Haralambos 2010. A Framework to Support Alignment of Secure Software Engineering with Legal Regulations. Software and Systems Modeling. 10 (3), pp. 369-394.
Integrating Risk Management Activities into Requirements Engineering
Islam, S. 2010. Integrating Risk Management Activities into Requirements Engineering. Fourth International Conference on Research Challenges in Information Science (RCIS), pp. 299-310
Measuring Security Requirements for Software Security
Islam, S. and Falcarin, P. 2011. Measuring Security Requirements for Software Security. IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS). London 01 - 02 Sep 2011
Towards a Framework for Offshore Outsource Software Development Risk Management Model
Islam, S. 2011. Towards a Framework for Offshore Outsource Software Development Risk Management Model. Journal of Software. 6 (1), pp. 38-47.
Supporting Requirements Engineers in Recognising Security Issues
Islam, S. 2011. Supporting Requirements Engineers in Recognising Security Issues. in: Lecture Notes in Computer Science Springer.
Enhancing Security Requirements Engineering by Organisational Learning
Islam, S. 2012. Enhancing Security Requirements Engineering by Organisational Learning. Requirements Engineering Journal. 17 (1), pp. 35-36.
A CASE tool to support automated modelling and analysis of security requirements
Pavlidis, M., Islam, S. and Mouratidis, H. 2012. A CASE tool to support automated modelling and analysis of security requirements. in: Nurcan, S. (ed.) IS Olympics: Information Systems in a Diverse World Springer. pp. 95-109