An action research program to improve information systems security compliance across government agencies

Information Systems Security (ISSec) compliance is an important aspect of implementing e-government. This paper presents results from an action research project using longitudinal surveys as interventions to enhance understanding and improve security across the whole of the NSW government, in Australia. The ISO Standard AS/NZS ISO/IEC 17799:2001 Information Technology -Code of practice for information security management, was used a framework for developing the survey research instrument. The major findings are that this action research program led to an improvement in ISSec compliance by agencies, increased understanding and knowledge as agencies became more aware of ISSec issues, improved agencies ISSec policies and plans, as well as improved business continuity plans. This research is innovative as it is the first time that ISSec has been explored using an action research framework across whole of government.10 page(s