ISSN (Print): 2374-1953

ISSN (Online): 2374-1988

Editor-in-Chief: Sergii Kavun

Website: http://www.sciepub.com/journal/AJIS

   

Article

ASP: Advanced Security Protocol for Security and Privacy in Cloud Computing

1M.Tech-Computer Science and Engineering, Lakshmi Narain College of Technology-Indore (RGPV, Bhopal), MP, India

2Department of Computer Science and Engineering, Lakshmi Narain College of Technology-Indore (RGPV, Bhopal), MP, India


American Journal of Information Systems. 2016, 4(2), 17-31
doi: 10.12691/ajis-4-2-1
Copyright © 2016 Science and Education Publishing

Cite this paper:
Shyam Nandan Kumar, Amit Vajpayee. ASP: Advanced Security Protocol for Security and Privacy in Cloud Computing. American Journal of Information Systems. 2016; 4(2):17-31. doi: 10.12691/ajis-4-2-1.

Correspondence to: Shyam  Nandan Kumar, M.Tech-Computer Science and Engineering, Lakshmi Narain College of Technology-Indore (RGPV, Bhopal), MP, India. Email: shyamnandan.mec@gmail.com

Abstract

Security concern has become the biggest obstacle to adoption of cloud because all information and data are completely under the control of cloud service providers. To provide optimal services on cloud, this paper introduces a new distributed and scalable data sharing scheme for data owners in clouds that supports anonymous authentication. Proposed ASP (Advanced Security Protocol) protocol is a cryptographic access control protocol based on key-updating scheme referred to as Advanced Key Update (AKU). The main advantage of the AKU scheme its support for efficient delegation and revocation of privileges in hierarchies without requiring complex cryptographic data structures. Proposed ASP protocol also includes a new digital signature scheme that enables cloud providers to ensure that requests are submitted by authorized end-users, without learning their identities. User Revocation facility is also supported by proposed ASP. In this paper various existing approaches and issues related to data encryption and message authentications are also discussed. At last, experiment results are analyzed and performances are evaluated. The main aim of the paper is to provide more visibility and control to the end-users and close the gap between capabilities of existing solutions and new requirements of cloud-based systems.

Keywords

References

[1]  Shyam Nandan Kumar, and Amit Vajpayee, “A Survey on Secure Cloud: Security and Privacy in Cloud Computing.” American Journal of Systems and Software, vol. 4, no. 1 (2016): 14-26.
 
[2]  Shyam Nandan Kumar, “Cryptography during Data Sharing and Accessing Over Cloud.” International Transaction of Electrical and Computer Engineers System, vol. 3, no. 1 (2015): 12-18.
 
[3]  Shyam Nandan Kumar, “DecenCrypto Cloud: Decentralized Cryptography Technique for Secure Communication over the Clouds.” Journal of Computer Sciences and Applications, vol. 3, no. 3 (2015): 73-78.
 
[4]  Shyam Nandan Kumar, “Review on Network Security and Cryptography.” International Transaction of Electrical and Computer Engineers System, vol. 3, no. 1 (2015): 1-11.
 
[5]  Shyam Nandan Kumar, “World towards Advance Web Mining: A Review.” American Journal of Systems and Software, vol. 3, no. 2 (2015): 44-61.
 
Show More References
[6]  “The NIST Definition of Cloud Computing”. National Institute of Standards and Technology. Retrieved 24 July 2011.
 
[7]  Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy. O’Reilly Media, Inc., Sebastopol, CA.
 
[8]  A. Verma and S. Kaushal, “Cloud Computing Security Issues and Challenges: A Survey”, Proceedings of Advances in Computing and Communications, Vol. 193, pp. 445-454, 2011.
 
[9]  Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou. “Achieving secure, scalable and fine-grained data access control in cloud computing”. In Proceedings of the 29th conference on Information communications, INFOCOM'10, pp. 534-542, Piscataway, NJ, USA, 2010. IEEE Press.
 
[10]  Wayne Jansen, Timothy Grance, “NIST Guidelines on Security and Privacy in Public Cloud Computing”, Draft Special Publication 800-144, 2011.
 
[11]  RFC 3174, US Secure Hash Algorithm 1 (SHA1) http://www.ietf.org/rfc/rfc3174.txt.
 
[12]  Joan Daemen and Vincent Rijmen. Rijndael/aes. “In Encyclopedia of Cryptography and Security”. 2005.
 
[13]  Jon Marler, “Securing the Cloud: Addressing Cloud Computing Security Concerns with Private Cloud”, Rackspace Knowledge Centre, March 27, 2011, Article Id: 1638.
 
[14]  A. Sahai and B. Waters, “Fuzzy identity-based encryption”, in EUROCRYPT, ser. Lecture Notes in Computer Science, vol. 3494. Springer, pp. 457-473, 2005.
 
[15]  V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption for Fine-Grained Access Control of Encrypted data,” in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS ’06). ACM, 2006, pp. 89-98.
 
[16]  R. Ostrovsky, A. Sahai, and B. Waters, “Attribute-based encryption with non-monotonic access structures,” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07), pp. 195-203, November 2007.
 
[17]  J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in Proceedings of the IEEE Symposium on Security and Privacy (SP '07), pp. 321-334, May 2007.
 
[18]  L. Cheung and C. Newport, “Provably secure ciphertext policy ABE,” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07), pp. 456-465, November 2007.
 
[19]  B. Waters, “Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization,” in Public Key Cryptography (PKC '11), pp. 53-70, Springer, Berlin, Germany, 2011.
 
[20]  A. Lewko, T. Okamoto, A. Sahai, and B. Waters, “Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption,” in Advances in Cryptology: EUROCRYPT 2010, vol. 6110 of Lecture Notes in Computer Science, pp. 62-91, Springer, Berlin, Germany, 2010.
 
[21]  K. Emura, A. Miyaji, K. Omote, A. Nomura, and M. Soshi, “A ciphertext-policy attribute-based encryption scheme with constant ciphertext length,” International Journal of Applied Cryptography, vol. 2, no. 1, pp. 46-59, 2010.
 
[22]  M. Chase, “Multi-authority attribute based encryption,” in Theory of Cryptography, vol. 4392 of Lecture Notes in Computer Science, pp. 515-534, Springer, Berlin, Germany, 2007.
 
[23]  J. Han, W. Susilo, Y. Mu, and J. Yan, “Privacy-preserving decentralized key-policy attribute-based encryption,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 11, pp. 2150-2162, 2012.
 
[24]  V. Bozovic, D. Socek, R. Steinwandt, and V. I. Villanyi, “Multi-authority attribute-based encryption with honest-but-curious central authority,” International Journal of Computer Mathematics, vol. 89, no. 3, pp. 268-283, 2012.
 
[25]  H. Lin, Z. Cao, X. Liang, and J. Shao, “Secure threshold multi authority attribute based encryption without a central authority,” Information Sciences, vol. 180, no. 13, pp. 2618-2632, 2010.
 
[26]  M. Chase and S. S. M. Chow, “Improving privacy and security in multi-authority attribute-based encryption,” in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09), pp. 121-130, Chicago, Ill, USA, November 2009.
 
[27]  N. Attrapadung and H. Imai, “Dual-policy attribute based encryption,” in Applied Cryptography and Network Security, pp. 168-185, Springer, Berlin, Germany, 2009.
 
[28]  Guojun Wang, Qin Liu, Jie Wu and Minyi Guo, “Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers”, 2011.
 
[29]  M. Mambo and E. Okamoto, “Proxy cryptosystems: delegation of the power to decrypt ciphertexts,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 80, no. 1, pp. 54-62, 1997.
 
[30]  M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic proxy cryptography,” in Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT '98), pp. 127-144, Espoo, Finland, 1998.
 
[31]  Tatsuaki Okamoto and Katsuyuki Takashima, “Decentralized Attribute-Based Signatures” , Public-Key Cryptography – PKC 2013, Springer Berlin Heidelberg, pp 125-142.
 
[32]  Xiaofeng Chen, Jin Li, Xinyi Huang, Jingwei Li, Yang Xiang and Duncan S. Wong, “Secure Outsourced Attribute-Based Signatures”, pp: 3285-3294, IEEE, vol. 25, (2014).
 
[33]  Wenyi Liu, Uluagac, A.S. and Beyah, R., “MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data”, IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2014, pp. 518-523, Toronto, ON.
 
[34]  S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute based data sharing with attribute revocation” in ACM ASIACCS, pp. 261-270, 2010.
 
[35]  A. B. Lewko and B. Waters, “Decentralizing attribute-based encryption”, in EUROCRYPT, ser. Lecture Notes in Computer Science, vol. 6632. Springer, pp. 568-588, 2011.
 
[36]  H. K. Maji, M. Prabhakaran, and M. Rosulek, “Attribute-based signatures”, in CT-RSA, ser. Lecture Notes in Computer Science, vol. 6558. Springer, pp. 376-392, 2011.
 
[37]  Amazon S3 . http://aws.amazon.com/s3/.
 
[38]  Michael Backes, Christian Cachin, and Alina Oprea. “Secure Key-Updating for Lazy Revocation”,. In Research Report RZ 3627, IBM Research, pages 327-346. Springer, 2005.
 
[39]  Marina Blanton, Nelly Fazio, and Keith B. Frikken. “Dynamic and Efficient Key Management for Access Hierarchies”. In Proceedings of the ACM Conference on Computer and Communications Security, 2005.
 
[40]  Dan Boneh and Matthew Franklin. “Identity-based encryption from the weil pairing”. SIAM J. Comput., 32: 586-615, March 2003.
 
[41]  Craig Gentry and Alice Silverberg. “Hierarchical ID-based cryptography”. In ASI- ACRYPT, pp. 548-566, 2002.
 
[42]  SQL Data Services/Azure Services Platform. http://http://www.windowsazure.com.
 
[43]  Amazon SimpleDB. http://aws.amazon.com/simpledb/.
 
[44]  Google App Engine. http://appengine.google.com.
 
[45]  Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A. Wallach, Mike Burrows, Tushar Chandra, Andrew Fikes, and Robert E. Gruber. Bigtable: “A distributed storage system for structured data”. In Proceedings of the 7th symposium on Operating systems design and implementation - volume 7, pp. 205-218, 2006.
 
[46]  P. Sharma, S. K. Sood, and S. Kaur, “Security Issues in Cloud Computing”, Proceedings of High Performance Architecture and Grid Computing, Vol. 169, pp. 36-45, 2011.
 
[47]  Alessandro Perilli, Claudio Criscione, “Securing the Private Cloud”, Article on Secure Networks, Virtualization.info. http://virtualization.info/en/security/privatecloud.pdf.
 
[48]  Thomas W. Shinder, “Security Issues in Cloud Deployment models”, TechNet Articles, Wiki, Microsoft, Aug, 2011.
 
[49]  Craig Gentry, A FULLY HOMOMORPHIC ENCRYPTION SCHEME”, PhD Thesis, STANFORD UNIVERSITY, September 2009.
 
[50]  Cloud Security Alliance (2012), “SecaaS implementation guidance, category 1: identity and Access management”. Available: https://downloads.cloudsecurityalliance.org/initiatives/secaas/SecaaS_Cat_1_IAM_Implementation _Guidance.pdf.
 
[51]  Ron Rivest (2002-10-29). “Lecture Notes 15: Voting, Homomorphic Encryption.
 
[52]  B. R. Kandukuri, P. V. Ramakrishna, and A. Rakshit, “Cloud security issues”, in Proceedings of the IEEE International Conference on Services Computing (SCC '09), pp. 517-520, September 2009.
 
[53]  Win-Bin Huang and Wei-Tsung Su, “Identity-based access control for digital content based on ciphertext-policy attribute-based encryption”, International Conference on Information Networking (ICOIN), IEEE, pp. 87-91, Cambodia, 2015.
 
[54]  Jie Xu, Qiaoyan Wen, Wenmin Li, Zhengping Jin, “Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption with Verifiable Delegation in Cloud Computing”, IEEE Transactions on Parallel and Distributed Systems, vol. 27, issue: 1, pp. 119-129, 2015.
 
[55]  Win-Bin Huang, Wei-Tsung Su, and Chiang-Sheng Liang, “A threshold-based key generation approach for ciphertext-policy attribute-based encryption”, Seventh International Conference on Ubiquitous and Future Networks (ICUFN), IEEE, pp. 908-913, Sapporo, 2015.
 
[56]  Juanjuan Li, Zhenhua Liu, and Longhui Zu, “Chosen-Ciphertext Secure Multi-use Unidirectional Attribute-Based Proxy Re-Encryptions”, Ninth Asia Joint Conference on Information Security (ASIA JCIS), IEEE, pp. 96-103, Wuhan, 2014.
 
[57]  Han Yiliang, Jiang Di , Yang Xiaoyuan, “The Revocable Attribute Based Encryption Scheme for Social Networks”, International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec), IEEE, pp. 44-51, Hangzhou, 2015.
 
[58]  Lin You, and Lijun Wang, “Hierarchical authority key-policy attribute-based encryption”, IEEE 16th International Conference on Communication Technology (ICCT), pp. 868-872, Hangzhou, 2015.
 
Show Less References

Article

An Institutional Perspective to Understand FOSS Adoption in Public Sectors: Case Studies in Ethiopia and India

1Department of Informatics, University of Oslo, Oslo, Norway


American Journal of Information Systems. 2016, 4(2), 32-44
doi: 10.12691/ajis-4-2-2
Copyright © 2016 Science and Education Publishing

Cite this paper:
Selamawit Molla Mekonnen, Zegaye Seifu Wubishet. An Institutional Perspective to Understand FOSS Adoption in Public Sectors: Case Studies in Ethiopia and India. American Journal of Information Systems. 2016; 4(2):32-44. doi: 10.12691/ajis-4-2-2.

Correspondence to: Selamawit  Molla Mekonnen, Department of Informatics, University of Oslo, Oslo, Norway. Email: selamawm@ifi.uio.no

Abstract

This paper is aimed at understanding institutional influences on Free and Open Source Software (FOSS) adoption in public sectors. It explores strategies, policies, and technical infrastructure so as to harness FOSS as an alternative technical solution in organizations such as the health sector. The study was conducted in India/Kerala and Ethiopia following interpretive qualitative research tradition. Data was collected at micro and macro level. While the micro level explored the acceptance of specific FOSS in Kerala and rejection in Ethiopia, the macro level studied how institutions outside the health sector were drawn upon to legitimize decisions. Data collection was conducted while at the same time analyzing and refining the data to find common themes for both settings. Subsequently, the themes were categorized interpretively into regulative, normative and cultural-cognitive institutions as provided by Scott (2001). The result shows regulative and normative institutions influence FOSS adoption in public sectors positively and that integrating FOSS with the proprietary dominated public sector of developing countries should begin by cultivating the normative institutional aspect. The normative aspect focuses on issues related to FOSS education and professional associations. Moreover, the study shows, technology by itself can facilitate its own adoption once it has gained large installed base; expanding the institutional framework to include a technological element. Practically, the study contributes to our understanding of the field level challenges in realizing the potential of FOSS for the benefits of public sector organizations in general and health sectors in particular in developing countries.

Keywords

References

[1]  Cook, I. and G. Horobin, Implementing eGovernment without promoting dependence: Open source software in developing countries in Southeast Asia. Public Administration and Development, 2006. 26(4): p. 279-289.
 
[2]  Cook, I. and G. Horobin, Implementing eGovernment with out promoting dependence:open source software in developing countries in Southeast Asia. Public Administration and Development, 2006. 26(4): p. 279-289.
 
[3]  Camara, G. and F. Fonseca, Information policies and Open source Software in developing Countries. Journal of the American Society for Information Science and Technology, 2007. 58(1): p. 121-132.
 
[4]  Scacchi, W., et al., Understanding Free and Open Source Software Development Porcesses. Software Process Improvement and Practice, 2006. 11: p. 95-105.
 
[5]  Abbott, P., How can African countries advance their outsourcing industries: An overview of possible approaches. The African Journal of Information Systems, 2013. 5(1): p. 2.
 
Show More References
[6]  Mengesha, N.T., Technology Capacity Development through OSS Implementation: The Case of Public Higher Education Institutions in Ethiopia. The African Journal Of Information Systems, 2010. 2(1): p. 2.
 
[7]  Effah, J. and G. Abbeyquaye, How FOSS Replaced Proprietary Software at a University: An Improvisation Perspective in a Low-income Country. The African Journal of Information Systems, 2014. 6(1): p. 2.
 
[8]  Twaakyondo, H.M. and J.H. Lungo, Open source software in health information systems: Opportunities and challenges. Tanzania Journal of Engineering and Technology, 2008. 2(1): p. 36-45.
 
[9]  Sheikh, Y.H. and A.D. Bakar, Open Source Software Solution for Healthcare: The Case of Health Information System in Zanzibar, in e-Infrastructure and e-Services for Developing Countries. 2011, Springer. p. 146-155.
 
[10]  Scott, W.R., Institutions and organizations. 2001: Sage Thousand Oaks, CA.
 
[11]  DeVaujany, F., et al., Applying and theorising institutional frameworks in IS research. Information Technology & People, 2014. 27(3).
 
[12]  Pishdad, A., et al. Identifying Gaps in Institutional Theory. in Proceedings of the 25th Australasian Conference on Information Systems, 2014. Auckland, New Zealand.
 
[13]  North, D.C., Institutions, institutional change and economic performance. 1990: Cambridge university press.
 
[14]  Greenwood, R., R. Suddaby, and C.R. Hinings, Theorizing change: The role of professional associations in the transformation of institutionalized fields. Academy of management journal, 2002. 45(1): p. 58-80.
 
[15]  Sahay, S., et al., Interplay of institutional logics and implications for deinstitutionalization: case study of HMIS implementation in Tajikistan. Information Technologies & International Development, 2010. 6(3): p. pp. 19-32.
 
[16]  Palthe, J., Regulative, Normative, and Cognitive Elements of Organizations: Implications for Managing Change. Management and Organizational Studies, 2014. 1(2): p. p59.
 
[17]  Hsu, C., Y.-T. Lin, and T. Wang, A legitimacy challenge of a cross-cultural interorganizational information system. European Journal of Information Systems, 2015. 24: p. 278-294.
 
[18]  Suddaby, R., Challenges for institutional theory. Journal of Management Inquiry, 2010. 19(1): p. 14-20.
 
[19]  Hsu, C., Y.-T. Lin, and T. Wang, A legitimacy challenge of a cross-cultural interorganizational information system. European Journal of Information Systems, 2015. 24(3): p. 278-294.
 
[20]  Jepperson, R.L., Institutions, institutional effects, and institutionalism. The new institutionalism in organizational analysis, 1991. 6: p. 143-163.
 
[21]  Avgerou, C., Information systems and global diversity. 2002: OUP Oxford.
 
[22]  Oliver, C., The antecedents of deinstitutionalization. Organization studies, 1992. 13(4): p. 563-588.
 
[23]  Grisot, M., H. O., and A. Thorseng, Innovation of,in,on infrastructures: articulating the role of architecture in information infrastructure evolution. Journal of the Association for Information Systems, 2014. 15(special issue): p. 197-219.
 
[24]  Hanseth, O. and E. Monteiro, Understanding information infrastructure. Unpublished Manuscript, Retrieved on 6th September from http://heim. ifi. uio. no/~ oleha/Publications/bok. pdf, 1998.
 
[25]  Aanestad, M. and T.B. Jensen, Building nation-wide information infrastructures in healthcare through modular implementation strategies. The Journal of Strategic Information Systems, 2011. 20(2): p. 161-176.
 
[26]  Dahlbom, B. and L. Mathiassen, Computers in context: The Philospphy and Practice of System Design. 1993, Cambridge, Massachusetts: Blackwell Publisher
 
[27]  Maguire, S., C. Hardy, and T.B. Lawrence, Institutional entrepreneurship in emerging fields: HIV/AIDS treatment advocacy in Canada. Academy of management journal, 2004. 47(5): p. 657-679.
 
[28]  Hardy, C. and S. Maguire, Institutional entrepreneurship. The Sage handbook of organizational institutionalism, 2008: p. 198-217.
 
[29]  Walsham, G., Interpreting information systems in organizations. Vol. 19. 1993: Wiley Chichester.
 
[30]  Walsham, G., Doing interpretive research. European journal of information systems, 2006. 15(3): p. 320-330.
 
[31]  Orlikowski, W.J. and J.J. Baroudi, Studying information technology in organizations: Research approaches and assumptions. Information systems research, 1991. 2(1): p. 1-28.
 
[32]  Klein, H.K. and M.D. Myers, A set of principles for conducting and evaluating interpretive field studies in information systems. MIS quarterly, 1999: p. 67-93.
 
[33]  Creswell, J.W., Research design: Qualitative, quantitative, and mixed methods approaches. 2013: Sage publications.
 
[34]  Braa, J., E. Monterio, and S. Sahay, Networks of action: sustainable health information systems across developing countries. . MIS quarterly, 2004. 28: p. 337-362.
 
[35]  Walsham, G., Interpretive case studies in IS research: nature and method. European Journal of information systems, 1995. 4(2): p. 74-81.
 
[36]  Elliott, R. and L. Timulak, Descriptive and interpretive approaches to qualitative research. A handbook of research methods for clinical and health psychology, 2005: p. 147-159.
 
[37]  Walsham, G., What is Interpretive Research? . (n.d), University of Oslo: Retrieved from http://www.uio.no/studier/emner/matnat/ifi/INF5740/h04/.../Lecture_1.pp.
 
[38]  Henfridsson, O. and B. Bygstad, The Generative Mechanisms of Digital Infrastructure Evolution. Mis Quarterly, 2013. 37(3): p. 907-931.
 
[39]  Silva, L. and J. Backhouse. Becoming part of the furniture:the institutionalization of information systems. in IFIP TC8 WG 8.2 international conference on information systems and qualitative research. 1997. Philadelphia: Chapman & Hall, Ltd.
 
[40]  Wubishet, Z., Conceptualizing the Governance of Free and Open Source Software Development: A Framework Based on Case Studies of Three Software Projects in Norway, in Department of Informatics. 2011, Norway: Oslo.
 
[41]  Arthur, W.B., Competing technologies, increasing returns, and lock-in by historical events. The economic journal, 1989. 99(394): p. 116-131.
 
[42]  Aanestad, A., Cultivating Networks: Implementing Surgical Telemedicine., in Department of Informatics. 2002, University of Oslo: Oslo.
 
[43]  Farrell, J. and G. Saloner, Standardization, compatibility, and innovation. The RAND Journal of Economics, 1985: p. 70-83.
 
Show Less References

Article

ICT Governance Drivers and Effective ICT Governance at the University of Rwanda

1School of Computing and Informatics University of Nairobi, Kenya


American Journal of Information Systems. 2016, 4(2), 45-58
doi: 10.12691/ajis-4-2-3
Copyright © 2016 Science and Education Publishing

Cite this paper:
Jean Bosco Nk. Ndushabandi, Agnes N. Wausi. ICT Governance Drivers and Effective ICT Governance at the University of Rwanda. American Journal of Information Systems. 2016; 4(2):45-58. doi: 10.12691/ajis-4-2-3.

Correspondence to: Jean  Bosco Nk. Ndushabandi, School of Computing and Informatics University of Nairobi, Kenya. Email: j.b.ndushabandi@ur.ac.rw

Abstract

Investments in information and communication technology (ICT) based systems and processes are essential for business organizations. Yet many organizations have not been able to derive maximum benefit from their substantial spending on ICT. Some organizations have seen their systems end up as technical or organizational failures. This paper aims at examining the relationship between ICT governance drivers and ICT governance at the University of Rwanda. Adopting the actor network theory perspective to ICT in organizations, we developed a conceptual framework for a holistic approach to examine the ICT governance concept. Empirical data was collected via a survey questionnaire with the respondents being participants from the six colleges, representatives’ central administration consisting of top and senior authorities, middle managers as well as academic and ICT staff, thereby enabling an institutional level unit of analysis. The findings revealed a significant positive relationship between ICT strategic alignment and ICT governance; a significant positive relationship between ICT performance management and ICT governance; a significant positive relationship between ICT resource management and ICT governance and a high and significant positive relationship between ICT strategic alignment together with ICT performance management and ICT resource management and ICT governance with ICT resource management being a better predictor of ICT governance than the ICT strategic alignment and ICT performance management. This research therefore recommends that while putting in place ICT governance structures it is important to get the support of top, senior and middle managers as well as involve all stakeholders in the development and implementation of ICT governance at the Institution.

Keywords

References

[1]  Gartner, “Executive Report Series Winning Asset Management Strategies, 8.0 IT Spending:How Do You Stack Up?,” 2003 Gartner, Inc. and/or its affiliates, 2003.
 
[2]  Trusted_Advisor, “What would be a basic framework or model for establishing an effective IT Governance function?,” David Consulted Group, 2013.
 
[3]  Weill Peter, “Don't just Lead, Govern: How Top-Performing Firm Govern IT,” CISR Working Paper No. 341, 2004.
 
[4]  A. Al-Hatmi, Public IT Investment: The Success of IT Projects, Singapore: Pertridge Publishing, 2014.
 
[5]  R. Bhatia, “IT Governance Implementation Formulating and Presenting Practical Business Cases,” ISACA JOURNALVOLUME 1, 2013.
 
Show More References
[6]  Weill Peter & Ross Jeanne W, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results,, Harvard busness School Publishing, 2004.
 
[7]  De Haes S. & Van Grembergen W., “An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment,” Information Systems Management, vol. 26,, pp. 123-137, 2009.
 
[8]  Mohamad H. & A. Simon & N. Letch, “A Network Analysis of IT Governance Practices: A Case Study of an IT Centralisation Project,” 23rd Australasian Conference on Information Systems Geelong, 2012.
 
[9]  B. Latour., Ressembling the Social: An Introduction to Actor Network Theory, New York: Oxford University Press Inc., 2005.
 
[10]  Whittle A. & Spicer A., “Is actor network theory critique?,” Organization Studies, 29(4), pp. 611-629, 2008.
 
[11]  A-Ritzer, “ACTOR NETWORK THEORY,” Encyclopedia.qxd, 2004.
 
[12]  Mohamad H. H.& Letch N.& Simon A., “The Role of IT Governance and IT Infrastructure in the Process of Strategic Alignment,” 24th Australasian Conference on Information Systems, 2013.
 
[13]  &. M. A. S. Majed Alyahya, “A Conceptual Model for Business and Information Technology Strategic Alignment from the Perspective of Small and Medium Enterprises,” International Journal of Business, Humanities and Technology Vol. 3 No. 7, 2013.
 
[14]  Luc Kordel, “IT Governance Hands-on:Using COBIT to Implement IT Governance,” Information Systems Audit and Control Association: All rights reserved. www.isaca.org., 2004.
 
[15]  Henderson & Venkatraman, “Strategic Alignment: Leveraging information technology for transforming organizations,,” IBM Systems Journal, Vol. 32, No. 1,, pp. 4-16, 1993.
 
[16]  Handerson & Venkatraman, “Strategic alignment: Leveraging Information technology for transforming organisations,” Reprinted from IBM System Journal Vol38 No 2&3, 1999.
 
[17]  Luftman J., “Assessing Business Alignment Maturity,” Communications of AIS, Volume 4, Article 14, 2000.
 
[18]  J. B.-Z. T. D. R. &. R. E. H. Luftman, “IT governance: An alignment maturity perspective.,” International Journal on IT/Business Alignment and Governance, 1(2), pp. 13-25, 2010.
 
[19]  Peterson R. R, “Information Strategies and Tactics for Information Technology Governance.,” Strategies for Information Technology Governance, ed. W. Van Grembergen, Idea Group Publishing, Hershey, pp. 37-80, 2004.
 
[20]  ITGI, “ Board Briefing on IT Governance,” On-line available at www.itgi.org, 2001.
 
[21]  ITGI., “Board Briefing on IT Governance 2nd Edition,” www.itgi.org and www.isaca.org, 2003.
 
[22]  VAN GREMBERGEN W, “Introduction to the Minitrack: IT Governance and its Mechanisms,,” Proceedings of the 35 Hawaii International Conference on System Sciences (HICCS), IEEE., 2002.
 
[23]  Van Grembergen W.& S. De Haes & E. Guldentops., Structures, Processes and Relational Mechanisms for IT Governance,Van Grembergen, W. (Ed.),, Pennsylvania, USA: Strategies for Information Technology Governance, Idea Group Publishing, 2003.
 
[24]  W. &. D. H. S. Van Grembergen, “A research journey into enterprise governance of IT, business/IT alignment and value creation.,” International Journal on IT/Business Alignment and Governance 1(1), pp. 1-13, 2010.
 
[25]  Steve Clarke., Information Systems Strategic Management an integrated approach, London: Routledge, 2001.
 
[26]  P. G. J. H. Acklesh Prasad., “ON IT GOVERNANCE STRUCTURES AND THEIR EFFECTIVENESS IN COLLABORATIVE ORGANIZATIONAL STRUCTURES,” International Journal of Accounting Information Systems, vol. 13, no. 3, pp. 199-220, 2012.
 
[27]  Samuel D. L. & Aris B. S., “INFORMATION TECHNOLOGY GOVERNANCE: THE EFFECTIVENESS IN BANKING SECTOR,” The Proceedings of The 7th ICTS, Bali,, 2013.
 
[28]  ISACA, “COBIT 5 ISACA's New Framework for IT Governance, Risk, Security and Auditing: An Overview.,” COBIT @ ISACA, 2012.
 
[29]  Sherry Lee Price, Performance Management Strategies: A Competitive Advantage for High Technology Firms. A Study in the Okanagan Valley Region of British Columbia,, In partial fulfilment of the award of Doctor of Business Administration, Faculty of Business, University of Southern Queensland , 2006.
 
[30]  Wayne W. Eckerson, “performance management strategies: How to Create and Deploy Effective Metrics,” First quarter 2009, TDWI best practices report, www.tdwi.org, 2009.
 
[31]  Abel Gitau Mugenda, Social Science Research Theory and Practice, Nairobi: Applied Research and Training Services, 2011.
 
[32]  &. R. R. G. Joseph A. Gliem, “Calculating, Interpreting, and Reporting Cronbach’s Alpha Reliability Coefficient for Likert-Type Scales,” in Midwest Research-to-Practice Conference in Adult, Continuing, and Community Education, Columbus, 2003.
 
[33]  TUDelft, “Assessment of the ICT status at University of Rwanda,” UR SIDA, Kigali, 2015.
 
[34]  Steven de Haes et Al, “IT Governance and Business-IT Alignment in SMEs,” ISACA Journal Volume 6, pp. 38-44, 2010.
 
[35]  Shankar B. C. at Al, “How Does Alignment of Business and IT Strategies Impact Aspects of IT Effectiveness?,” International Journal of Applied Management and Technology Volume 12, Issue 1,, p. 1-15, 2013.
 
[36]  Ronald Y. & Judith B. C., “Process and Politics: IT Gogernance in Higher Education,” EDUCAUSE CENTER FOR APPLIED RESEARCH, pp. 1-10, 2008.
 
[37]  Nkufa E & Rusu L., “Critical Success Factors for Effective It Governance in the Public Sector Organizations in Developing Country: The Case of Tanzania.,” In proceedings of the European Conference on Information Systems., 2010.
 
[38]  U. Sekaran, RESEARCH METHODS FOR BUSINESS: A Skill-Building Approach. Fourth Edition, Danvers: Hermitage Publishing Services, 2003.
 
[39]  Sean Whitaker, “The Benefits of Tailoring Making a Project Management Methodology Fit,” Project Management Institute, Inc, pp. 1-24, 2014.
 
[40]  Karessa C. & David W., “Improving performance in project-based management: synthesizing strategic theories,” International Journal of Productivity and Performance Management, pp. 1-17, 2014.
 
[41]  Van Grembergen W & De Haes S, “A research journey into enterprise governance of IT, business/IT alignment and value creation.,” International Journal on IT/Business Alignment and Governance 1(1), pp. 1-13, 2010.
 
[42]  Mohd Fairuz & Taizan Chan., “Barriers to Formal IT Governance Practice – Insights from a Qualitative Study,” 46th Hawaii International Conference on System Sciences, pp. 1-10, 2013.
 
[43]  Jerry Luftman et al, “IT governance: An alignment maturity perspective.,” International Journal on IT/Business Alignment and Governance, 1(2), pp. 13-25, 2010.
 
Show Less References