The aim of this research paper is the development of a Fuzzy Logic model framed on Activity Theory to predict and benchmark compliance of Government agencies activities, with information systems (IS) security standard, AS17799 (2006) categories. IS security standard has 10 main categories and 127 controls for which survey questions were asked in an online process. This longitudinal study facilitated seven surveys from 2001 to 2004. The paper describes the development of an enhanced Fuzzy Logic model using Activity Theory to frame the 10 IS security categories. The results from the Fuzzy Logic model helped to focus attention and monitor the progress of agencies that appear unlikely to reach IS security compliance. The main contribution of this study is the simplification of a complex system guided by Activity Theory using a fuzzy logic tool for analysis of a large number of inputs across a similarly large number of subunits (agencies). Practical contribution to the New South Wales Government was that the Fuzzy Logic tool removed the complexity in computation and saved time and resources. Our approach using Fuzzy Logic also permits input from expert’s embracing an organizations human capital.
Smith, Stephen; Jamieson, Rodger; Nguyen, Hung; and Winchester, Donald, "INFORMATION SYSTEMS SECURITY COMPLIANCE IN E-GOVERNMENT" (2009). PACIS 2009 Proceedings. 77.