Speaker: Faisal Khan
Host: Prof Shazia Sadiq
Seminar Type: Thesis Review
Abstract:
Information Technology has added unlimited possibilities to our lives and business. Substantial automation in almost every walk of life has added ease and speed to the way everyday tasks are undertaken. Technology enabled processes, on the other hand, generate sizable amount of information that needs to be well managed to make sure it is meaningful, purposeful, and of high value for the stakeholders. Unmanaged data is prone to several kinds of risks and challenges. Mostly these risks are considered to be able to affect confidentiality (protection against unauthorised disclosure), integrity (protection against unauthorised/undetected modifications) and availability (protection against unavailability and inaccessibility) of the information. An assurance that these three factors related to information are well managed, is generally considered necessary to make well-informed business decisions using the information. However, the risks related to the quality of information are not considered as important by the information risk and security theorists and practitioners. In recent times, there have been incidents where poor information quality posed threats to the businesses although the confidentiality, integrity, and availability of data were intact. In some cases, the said risk realised and severely affected the businesses leading to the seizure of their existence, and/or adverse outcomes for clients and stakeholders of the affected businesses. Laws and regulations are gradually being enacted worldwide to make organisations and businesses liable for having adequate arrangements in place to ensure that quality of their business information is of appropriate level to meet the requirements of all the stakeholders including government and regulators. Currently available information risks frameworks primarily address confidentiality, integrity and availability aspects of data while information quality frameworks address information quality goals with less focus on information risks aspects. The aim of this study is to develop an integrated framework that would address the risks related to confidentiality, integrity, availability and quality of enterprise information in an integrated manner to unify the organisational efforts for effectively managing risks to and quality of information.
Biography:
Faisal Khan received Bachelor of Commerce and MPA in Management Information Systems from University of Karachi, Pakistan in 1997 and 2003, respectively. He holds information risk certifications such as CISSP, CISM and CISA. He has worked for the Reserve Bank of Pakistan from 2004 to 2016 in various information systems, security, audit, risk and governance roles. Currently he is leading cyber security function at a Queensland Government agency. His research interests are information risks management, data quality, governance and compliance. Currently, he is an M.Phil student working on an integrated framework to manage information risks.