173 resultados para strategic delegation
Resumo:
Predicate encryption has an advantage over traditional public-key or identity-based encryption, since predicate encryption systems provide more flexible control over access to encrypted data. We focus on delegation capabilities in predicate systems. More specifically, we investigate delegatable encryption systems supporting disjunctive predicate evaluations. We present formal security definitions of delegatable predicate encryption and provide the first delegatable predicate encryption scheme which supports disjunctive predicate evaluations in the public-key setting. We analyze the security of the proposed system and give a security proof. In addition, we present a delegatable predicate encryption in the symmetric-key setting and discuss the related security issues.
Resumo:
Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.
Resumo:
The concept of asset management is not a new but an evolving idea that has been attracting attention of many organisations operating and/or owning some kind of infrastructure assets. The term asset management have been used widely with fundamental differences in interpretation and usage. Regardless of the context of the usage of the term, asset management implies the process of optimising return by scrutinising performance and making key strategic decisions throughout all phases of an assets lifecycle (Sarfi and Tao, 2004). Hence, asset management is a philosophy and discipline through which organisations are enabled to more effectively deploy their resources to provide higher levels of customer service and reliability while balancing financial objectives. In Australia, asset management made its way into the public works in 1993 when the Australian Accounting Standard Board issued the Australian Accounting Standard 27 – AAS27. Standard AAS27 required government agencies to capitalise and depreciate assets rather than expense them against earnings. This development has indirectly forced organisations managing infrastructure assets to consider the useful life and cost effectiveness of asset investments. The Australian State Treasuries and the Australian National Audit Office was the first organisation to formalise the concepts and principles of asset management in Australia in which they defined asset management as “ a systematic, structured process covering the whole life of an asset”(Australian National Audit Office, 1996). This initiative led other Government bodies and industry sectors to develop, refine and apply the concept of asset management in the management of their respective infrastructure assets. Hence, it can be argued that the concept of asset management has emerged as a separate and recognised field of management during the late 1990s. In comparison to other disciplines such as construction, facilities, maintenance, project management, economics, finance, to name a few, asset management is a relatively new discipline and is clearly a contemporary topic. The primary contributors to the literature in asset management are largely government organisations and industry practitioners. These contributions take the form of guidelines and reports on the best practice of asset management. More recently, some of these best practices have been made to become a standard such as the PAS 55 (IAM, 2004, IAM, 2008b) in UK. As such, current literature in this field tends to lack well-grounded theories. To-date, while receiving relatively more interest and attention from empirical researchers, the advancement of this field, particularly in terms of the volume of academic and theoretical development is at best moderate. A plausible reason for the lack of advancement is that many researchers and practitioners are still unaware of, or unimpressed by, the contribution that asset management can make to the performance of infrastructure asset. This paper seeks to explore the practices of organisations that manage infrastructure assets to develop a framework of strategic infrastructure asset management processes. It will begin by examining the development of asset management. This is followed by the discussion on the method to be adopted for this paper. Next, is the discussion of the result form case studies. It first describes the goals of infrastructure asset management and how they can support the broader business goals. Following this, a set of core processes that can support the achievement of business goals are provided. These core processes are synthesised based on the practices of asset managers in the case study organisations.
Resumo:
Organisations owning and managing infrastructure asset are constantly striving to obtain the greatest lifetime value from their infrastructure assets. Many such organisations have adopted the concept of “asset management” with the aim of improving the performance of their infrastructure assets. This paper evaluates the adoption of asset management to improve performance in the context of organisations managing infrastructure assets. Relevant previous research studies on main barriers to the adoption of asset management are reviewed. Analysis of these findings, together with deductive reasoning, leads to the development of the proposed improvement strategies. Three issues were identified as barrier to the advancement of the concept of asset management. They are (1) lack of recognition, (2) fragmentation; and (3) growing complexity. To overcome these issues, this paper suggests that the organisations manage infrastructure assets must (1) adopt a more strategic approach in the management of infrastructure assets, (2) develop a framework of strategic infrastructure asset management processes, and (3) identify the core capabilities needed in the management of infrastructure assets. This paper presents the direction for further research to advance the concept of asset management in the management of infrastructure asset.
Resumo:
Purpose – The purpose of this paper is to examine the role of three strategies - organisational, business and information system – in post implementation of technological innovations. The findings reported in the paper are that improvements in operational performance can only be achieved by aligning technological innovation effectiveness with operational effectiveness. Design/methodology/approach – A combination of qualitative and quantitative methods was used to apply a two-stage methodological approach. Unstructured and semi structured interviews, based on the findings of the literature, were used to identify key factors used in the survey instrument design. Confirmatory factor analysis (CFA) was used to examine structural relationships between the set of observed variables and the set of continuous latent variables. Findings – Initial findings suggest that organisations looking for improvements in operational performance through adoption of technological innovations need to align with operational strategies of the firm. Impact of operational effectiveness and technological innovation effectiveness are related directly and significantly to improved operational performance. Perception of increase of operational effectiveness is positively and significantly correlated with improved operational performance. The findings suggest that technological innovation effectiveness is also positively correlated with improved operational performance. However, the study found that there is no direct influence of strategiesorganisational, business and information systems (IS) - on improvement of operational performance. Improved operational performance is the result of interactions between the implementation of strategies and related outcomes of both technological innovation and operational effectiveness. Practical implications – Some organisations are using technological innovations such as enterprise information systems to innovate through improvements in operational performance. However, they often focus strategically only on effectiveness of technological innovation or on operational effectiveness. Such a focus will be detrimental in the long-term of the enterprise. This research demonstrated that it is not possible to achieve maximum returns through technological innovations as dimensions of operational effectiveness need to be aligned with technological innovations to improve their operational performance. Originality/value – No single technological innovation implementation can deliver a sustained competitive advantage; rather, an advantage is obtained through the capacity of an organisation to exploit technological innovations’ functionality on a continuous basis. To achieve sustainable results, technology strategy must be aligned with organisational and operational strategies. This research proposes the key performance objectives and dimensions that organisations should focus to achieve a strategic alignment. Research limitations/implications – The principal limitation of this study is that the findings are based on investigation of small sample size. There is a need to explore the appropriateness of influence of scale prior to generalizing the results of this study.
Resumo:
Establishing the core principals of “entrepreneurial management” within an organization describes a certain strategic choice that affects a company in six dimensions, according to Stevenson (1983). Our aim is to empirically measure entrepreneurial management (it’s existence and degree) and to link this measured strategic choice (for or against) entrepreneurial management with firm performance. Our argument here is that companies that follow core principals of entrepreneurial management should outperform other more administrative firms in certain measures of strategic performance. This paper builds on an empirical investigation published by Brown, Davidson & Wiklund (2001), who have developed and tested a reliable measurement instrument for Stevenson’s definition of “entrepreneurial management” (Stevenson 1983, Stevenson & Jarillo 1990). In the first part of our paper we aim to replicate and to some extent improve this study. In the second part we link the measured degree of “entrepreneurial management” with firm performance. To our knowledge, even so Stevenson’s definition of entrepreneurial management is commonly acknowledged and Brown et al. (2001) developed a reliable instrument to empirically capture this behavioral approach to management, the construct of entrepreneurial management never before has been linked to firm performance in an empirical study. Since most papers on corporate entrepreneurship and firm performance are based on Covin & Slevin’s (1991) or Miller’s (1983) concept of entrepreneurial orientation, we contribute to the literature on corporate entrepreneurship in a novel way, given the fact that the entrepreneurial management dimensions measured in our study can theoretically and empirically be clearly distinguished from the construct of entrepreneurial orientation as defined by Covin & Selvin (1991).
Resumo:
This article explores how the boards of small firms actually undertake to perform strategic tasks. Board strategic involvement has seldom been investigated in the context of small firms. We seek to make a contribution by investigating antecedents of board strategic involvement. The antecedents are “board working style” and “board quality attributes”, which go beyond the board composition features of board size, CEO duality, the ratio of non-executive to executive directors and ownership. Hypotheses were tested on a sample of 497 Norwegian firms (from 5 to 30 employees). Our results show that board working style and board quality attributes rather than board composition features enhance board strategic involvement. Moreover, board quality attributes outperform board working style in fostering board strategic involvement
Resumo:
The concept of strategic entrepreneurship has received increased attention over the past ten yeras. Viewed as the intersection of entrepreneurship and strategy this field of research is populated by conceptual studies which focus mainly on the nature and perceived benefits of strategic entrepreneurship. Similarly the study of entrepreneurship in a public sector context has gained increasing support in recent years but also remains underexplored. To address these gaps this thesis considers : what are the underlying elements and financial implications of strategic entrepreneurship in New Zealand's state-owned enterprises, New Zealand's SOE sector comprising 17 government-owned,commercially focused organisations, is considered to be a prime subject for this research. Well known for their implementation of new public management, many New Zealand SOEs have also been publicly recognised as both innovative and entrepreneurial. The research question is addressed by first developing a preliminary framework of strategic entrepreneurship from literature on entrepreneurhsip and strategy. The framework is then examined in the context of case studies on activity.
Resumo:
The paper addresses the issue of providing access control via delegation and constraint management across multiple security domains. Specifically, this paper proposes a novel Delegation Constraint Management model to manage and enforce delegation constraints across security domains. An algorithm to trace the authority of delegation constraints is introduced as well as an algorithm to form a delegation constraint set and detect/prevent potential conflicts. The algorithms and the management model are built upon a set of formal definitions of delegation constraints. In addition, a constraint profile based on XACML is proposed as a means to express the delegation constraint. The paper also includes a protocol to exchange delegation constraints (in the form of user commitments) between the involved entities in the delegation process.
Resumo:
Delegation, from the technical point of view, is widely considered as a potential approach in addressing the problem of providing dynamic access control decisions in activities with a high level of collaboration, either within a single security domain or across multiple security domains. Although delegation continues to attract significant attention from the research community, presently, there is no published work that presents a taxonomy of delegation concepts and models. This paper intends to address this gap by presenting a set of taxonomic criteria relevant to the concept of delegation and applies the taxonomy to a selection of significant delegation models published in the literature.
Resumo:
This paper introduces a model to facilitate delegation, including ad-hoc delegation, in cross security domain activities. Specifically, this paper proposes a novel delegation constraint management model to manage and track delegation constraints across security domains. An algorithm to trace the authority of delegation constraints is introduced as well as an algorithm to form a delegation constraint set and detect/prevent potential conflicts. The algorithms and the management model are built upon a set of formal definitions of delegation constraints.
Resumo:
Delegation, from a technical point of view, is widely considered as a potential approach in addressing the problem of providing dynamic access control decisions in activities with a high level of collaboration, either within a single security domain or across multiple security domains. Although delegation continues to attract significant attention from the research community, presently, there is no published work that presents a taxonomy of delegation concepts and models. This article intends to address this gap by presenting a set of taxonomic criteria relevant to the concept of delegation. This article also applies the taxonomy to a selection of significant delegation models published in the literature.
Resumo:
Delegation is a powerful mechanism to provide flexible and dynamic access control decisions. Delegation is particularly useful in federated environments where multiple systems, with their own security autonomy, are connected under one common federation. Although many delegation schemes have been studied, current models do not seriously take into account the issue of delegation commitment of the involved parties. In order to address this issue, this paper introduces a new mechanism to help parties involved in the delegation process to express commitment constraints, perform the commitments and track the committed actions. This mechanism looks at two different aspects: pre-delegation commitment and post-delegation commitment. In pre-delegation commitment, this mechanism enables the involved parties to express the delegation constraints and address those constraints. The post-delegation commitment phase enables those parties to inform the delegator and service providers how the commitments are conducted. This mechanism utilises a modified SAML assertion structure to support the proposed delegation and constraint approach.
