Scientific Research in Information Systems : A Beginner's Guide

- ​Covers entire research process from start to end - Places particular emphasis on motivational components, modes of inquiry in scholarly conduct, theorizing and planning research - Includes aspects such as publication and ethical challenges This book is designed to introduce doctoral and other higher-degree research students to the process of scientific research in the fields of Information Systems as well as fields of Information Technology, Business Process Management and other related disciplines within the social sciences. It guides research students in their process of learning the life of a researcher. In doing so, it provides an understanding of the essential elements, concepts and challenges of the journey into research studies. It also provides a gateway for the student to inquire deeper about each element covered​. Comprehensive and broad but also succinct and compact, the book is focusing on the key principles and challenges for a novice doctoral student.

An exploratory study into audit challenges in IT governance : a Delphi approach

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the Australian public sector. Based on literature research and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

Learning personalized tag ontology from user tagging information

The cross-sections of the Social Web and the Semantic Web has put folksonomy in the spot light for its potential in overcoming knowledge acquisition bottleneck and providing insight for "wisdom of the crowds". Folksonomy which comes as the results of collaborative tagging activities has provided insight into user's understanding about Web resources which might be useful for searching and organizing purposes. However, collaborative tagging vocabulary poses some challenges since tags are freely chosen by users and may exhibit synonymy and polysemy problem. In order to overcome these challenges and boost the potential of folksonomy as emergence semantics we propose to consolidate the diverse vocabulary into a consolidated entities and concepts. We propose to extract a tag ontology by ontology learning process to represent the semantics of a tagging community. This paper presents a novel approach to learn the ontology based on the widely used lexical database WordNet. We present personalization strategies to disambiguate the semantics of tags by combining the opinion of WordNet lexicographers and users’ tagging behavior together. We provide empirical evaluations by using the semantic information contained in the ontology in a tag recommendation experiment. The results show that by using the semantic relationships on the ontology the accuracy of the tag recommender has been improved.

Analysis of Object-Specific Authorization Protocol (OSAP) using coloured Petri nets

The use of Trusted Platform Module (TPM) is be- coming increasingly popular in many security sys- tems. To access objects protected by TPM (such as cryptographic keys), several cryptographic proto- cols, such as the Object Specific Authorization Pro- tocol (OSAP), can be used. Given the sensitivity and the importance of those objects protected by TPM, the security of this protocol is vital. Formal meth- ods allow a precise and complete analysis of crypto- graphic protocols such that their security properties can be asserted with high assurance. Unfortunately, formal verification of these protocols are limited, de- spite the abundance of formal tools that one can use. In this paper, we demonstrate the use of Coloured Petri Nets (CPN) - a type of formal technique, to formally model the OSAP. Using this model, we then verify the authentication property of this protocol us- ing the state space analysis technique. The results of analysis demonstrates that as reported by Chen and Ryan the authentication property of OSAP can be violated.

An automated tool for assessing security-critical designs and programs

This paper describes in detail our Security-Critical Program Analyser (SCPA). SCPA is used to assess the security of a given program based on its design or source code with regard to data flow-based metrics. Furthermore, it allows software developers to generate a UML-like class diagram of their program and annotate its confidential classes, methods and attributes. SCPA is also capable of producing Java source code for the generated design of a given program. This source code can then be compiled and the resulting Java bytecode program can be used by the tool to assess the program's overall security based on our security metrics.

Public, private, or hybrid? What the upstream oil and gas industry can learn from other sectors about ‘the cloud’

Despite the compelling case for moving towards cloud computing, the upstream oil & gas industry faces several technical challenges—most notably, a pronounced emphasis on data security, a reliance on extremely large data sets, and significant legacy investments in information technology (IT) infrastructure—that make a full migration to the public cloud difficult at present. Private and hybrid cloud solutions have consequently emerged within the industry to yield as much benefit from cloud-based technologies as possible while working within these constraints. This paper argues, however, that the move to private and hybrid clouds will very likely prove only to be a temporary stepping stone in the industry’s technological evolution. By presenting evidence from other market sectors that have faced similar challenges in their journey to the cloud, we propose that enabling technologies and conditions will probably fall into place in a way that makes the public cloud a far more attractive option for the upstream oil & gas industry in the years ahead. The paper concludes with a discussion about the implications of this projected shift towards the public cloud, and calls for more of the industry’s services to be offered through cloud-based “apps.”

Information support for health management in regional Sri Lanka : health managers’ perspectives

Good management, supported by accurate, timely and reliable health information, is vital for increasing the effectiveness of Health Information Systems (HIS). When it comes to managing the under resourced health systems of developing countries, information-based decision making is particularly important. This paper reports findings of a self-report survey that investigated perceptions of local health managers (HMs) of their own regional HIS in Sri Lanka. Data were collected through a validated, pre-tested postal questionnaire, and distributed among a selected group of HMs to elicit their perceptions of the current HIS in relation to information generation, acquisition and use, required reforms to the information system and application of information and communication technology (ICT). Results based on descriptive statistics indicated that the regional HIS was poorly organised and in need of reform; that management support for the system was unsatisfactory in terms of relevance, accuracy, timeliness and accessibility; that political pressure and community and donor requests took precedence over vital health information when management decisions were made; and use of ICT was unsatisfactory. HIS strengths included user-friendly paper formats, a centralised planning system and an efficient disease notification system; weaknesses were lack of comprehensiveness, inaccuracy, and lack of a feedback system. Responses of participants indicated that HIS would be improved by adopting an internationally accepted framework and introducing ICT applications. Perceived barriers to such improvements were high initial cost of educating staff to improve computer literacy, introduction of ICTs, and HIS restructure. We concluded that the regional HIS of Central Province, Sri Lanka had failed to provide much needed information support to HMs. These findings are consistent with similar research in other developing countries and reinforce the need for further research to verify causes of poor performance and to design strategic reforms to improve HIS in regional Sri Lanka.

A Delphi study into the audit challenges of IT governance in the Australian public sector

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the public sector. Based on literature and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

Cloud computing in the upstream oil & gas industry : a proposed way forward

Despite the compelling case for moving towards cloud computing, the upstream oil & gas industry faces several technical challenges—most notably, a pronounced emphasis on data security, a reliance on extremely large data sets, and significant legacy investments in information technology infrastructure—that make a full migration to the public cloud difficult at present. Private and hybrid cloud solutions have consequently emerged within the industry to yield as much benefit from cloud-based technologies as possible while working within these constraints. This paper argues, however, that the move to private and hybrid clouds will very likely prove only to be a temporary stepping stone in the industry's technological evolution. By presenting evidence from other market sectors that have faced similar challenges in their journey to the cloud, we propose that enabling technologies and conditions will probably fall into place in a way that makes the public cloud a far more attractive option for the upstream oil & gas industry in the years ahead. The paper concludes with a discussion about the implications of this projected shift towards the public cloud, and calls for more of the industry's services to be offered through cloud-based “apps.”

e-Technology v t-Engagement : a snapshot of Australia's digital economy readiness

Before e-Technology’s effects on users can be accurately measured, those users must be fully engaged with the relevant systems and services. That is they must be able to function as part of the digital economy. The paper refers to this ‘user functionality’ as t-Engagement. Not all users are t-Engaged and in many instances achieving t-Engagement will require assistance from external sources. This paper identifies the current state of Australia’s regional digital economy readiness and highlights the role of Local Government Authorities (‘LGAs’) in enabling t-Engagement. The paper analyses responses to the 2012 BTA, NBN and Digital Economy Survey by LGA and other regional organizations within Australia. The paper’s particular focus is on the level of use by Local Government Authorities of federal, state and other programs designed to enable t-Engagement. The analysis confirms the role of LGAs in enabling t-Engagement and in promoting Australia’s digital economy. The paper concludes by reinforcing the need to ensure ongoing meaningful federal and State support of regional initiatives, as well as identifying issues requiring specific attention.

Feasibility of using telecommunications technology in a Cardiac-Diabetes Self-Management Program

Background: Evidence demonstrates self-management programs are an effective approach to assist patients with chronic diseases such as type 2 diabetes or cardiac conditions to modify their lifestyle for better managing their conditions. Using information technology (IT) has great potential to support self-management programs and assist patients to fulfill their goals in managing their conditions more efficiently and effectively. Examples of different types of technology used in self-management programs that have limited research support include: text messages, telephone followup, web-based programs, and other internet-assisted education. But little is known about the applicability and feasiability of different forms of technology for patients with chronic diseases such as those with type 2 diabetes and critical cardiac conditions. Furthermore, although there is some evidence of the benefits of using IT in supporting self-management programs, further research on the use of IT in such programs is recommended. Objective: To develop and pilot test an integrated Cardiac- Diabetes Self-Management Program (CDSMP) incorporating telephone and text-message follow-up. Methods: A pilot study using randomised controlled trial is conducted in the coronary care unit (CCU) in a Brisbane metropolitan hospital in Australia to collect data on patients with type 2 diabetes admitted to CCU. The main outcomes included self-efficacy levels, knowledge, and quality of life. Results: Initial results reveal that patients with diabetes admitted to the CCU in the experimental group did improve their self-efficacy, and knowledge levels. Acknowledgements: This Project is funded by QUT Early Career Researcher Research Grant

Service management and engineering in information systems research

Service research in information systems (IS) has received attention over many years (e.g. Kettinger and Lee, 1994), but more recently has increased substantially in both diversity and volume (Rai and Sambamurthy, 2006). A service-oriented view of information technology (IT) is gradually taking hold in both academia and industry. This is concomitant with the growth of service-related phenomena and concepts (Lusch and Vargo, 2006), stimulating a global discourse about 'service science' as a new, cross-disciplinary field of research (Chesbrough and Spohrer, 2006).

Visualising security incidents through event aggregation

Extracting and aggregating the relevant event records relating to an identified security incident from the multitude of heterogeneous logs in an enterprise network is a difficult challenge. Presenting the information in a meaningful way is an additional challenge. This paper looks at solutions to this problem by first identifying three main transforms; log collection, correlation, and visual transformation. Having identified that the CEE project will address the first transform, this paper focuses on the second, while the third is left for future work. To aggregate by correlating event records we demonstrate the use of two correlation methods, simple and composite. These make use of a defined mapping schema and confidence values to dynamically query the normalised dataset and to constrain result events to within a time window. Doing so improves the quality of results, required for the iterative re-querying process being undertaken. Final results of the process are output as nodes and edges suitable for presentation as a network graph.