The regulatory challenges of Australian information security practice

Mark Burdon, Jodie Siganto, Lizzie Coles-Kemp

Research output: Contribution to journalArticlepeer-review

146 Downloads (Pure)

Abstract

Information security is not directly regulated in Australia and is instead subject to a patchwork of different legal and regulatory frameworks. How Australian information security practitioners construct and action information security therefore becomes important to the overall operation of a fragmented regulatory framework. How then do Australian information security practitioners understand information security and make compliance-oriented decisions? Our exploratory interview research examined how nine Australian information security practitioners understood and constructed their role as delegated regulators of organisational information security processes. Participants expressed a number of concerns that reveal a very different world to that traditionally portrayed as the discipline and practice of information security. We examine these concerns and discuss what they mean in the context of the Australian environment.
Original languageEnglish
Pages (from-to)623-633
Number of pages11
JournalComputer Law and Security Review
Volume32
Issue number4
Early online date6 Jun 2016
DOIs
Publication statusPublished - Aug 2016

Cite this