Information Systems Security Compliance in E-Government

The aim of this research paper is the development of a Fuzzy Logic model framed on Activity Theory to predict and benchmark compliance of Government agencies activities, with information systems security (ISS) standard, AS17799 (2006). The ISS standard has 10 main categories and 127 controls for which survey questions were asked in an online process. This project is a longitudinal study that commenced in 2002. The questions for the Fuzzy Logic project were piloted in August 2002, followed by three annual surveys from November 2002. The paper describes the development of an enhanced Fuzzy Logic model using Activity Theory. The results from the Fuzzy Logic model helped to focus attention and monitor the progress of agencies that appear unlikely to reach ISS compliance. The main contribution of this study is the simplification of a complex system guided by Activity Theory using a fuzzy logic tool for analysis of a large number of inputs across a large number of agencies. A practical contribution to the New South Wales Government was that the Fuzzy Logic tool removed the complexity in computation, saved time and resources. Our approach using Fuzzy Logic also permits input from expert’s embracing an organisations human capital.