Improving information security management in nonprofit organisations

All organisations, irrespective of size and type, need effective information security management (ISM) practices to protect vital organisational in- formation assets. However, little is known about the information security management practices of nonprofit organisations. Australian nonprofit organisations (NPOs) employed 889,900 people, managed 4.6 million volunteers and contributed $40,959 million to the economy during 2006-2007 (Australian Bureau of Statistics, 2009). This thesis describes the perceptions of information security management in two Australian NPOs and examines the appropriateness of the ISO 27002 information security management standard in an NPO context. The overall approach to the research is interpretive. A collective case study has been performed, consisting of two instrumental case studies with the researcher being embedded within two NPOs for extended periods of time. Data gathering and analysis was informed by grounded theory and action research, and the Technology Acceptance Model was utilised as a lens to explore the findings and provide limited generalisability to other contexts. The major findings include a distinct lack of information security management best practice in both organisations. ISM Governance and risk management was lacking and ISM policy was either outdated or non- existent. While some user focused ISM practices were evident, reference to standards, such as ISO 27002, were absent. The main factor that negatively impacted on ISM practices was the lack of resources available for ISM in the NPOs studied. Two novel aspects of information security dis- covered in this research were the importance of accuracy and consistency of information. The contribution of this research is a preliminary understanding of ISM practices and perceptions in NPOs. Recommendations for a new approach to managing information security management in nonprofit organisations have been proposed.

International students using online information resources to learn

This qualitative study views international students as information-using learners, through an information literacy lens. Focusing on the experiences of 25 international students at two Australian universities, the study investigates how international students use online information resources to learn, and identifies associated information literacy learning needs. An expanded critical incident approach provided the methodological framework for the study. Building on critical incident technique, this approach integrated a variety of concepts and research strategies. The investigation centred on real-life critical incidents experienced by the international students whilst using online resources for assignment purposes. Data collection involved semi-structured interviews and an observed online resource-using task. Inductive data analysis and interpretation enabled the creation of a multifaceted word picture of international students using online resources and a set of critical findings about their information literacy learning needs. The study’s key findings reveal: • the complexity of the international students’ experience of using online information resources to learn, which involves an interplay of their interactions with online resources, their affective and reflective responses to using them, and the cultural and linguistic dimensions of their information use. • the array of strengths as well as challenges that the international students experience in their information use and learning. • an apparent information literacy imbalance between the international students’ more developed information skills and less developed critical and strategic approaches to using information • the need for enhanced information literacy education that responds to international students’ identified information literacy needs. Responding to the findings, the study proposes an inclusive informed learning approach to support reflective information use and inclusive information literacy learning in culturally diverse higher education environments.

The self-Googling phenomenon : investigating the performance of personalized information resources

This paper investigates self–Googling through the monitoring of search engine activities of users and adds to the few quantitative studies on this topic already in existence. We explore this phenomenon by answering the following questions: To what extent is the self–Googling visible in the usage of search engines; is any significant difference measurable between queries related to self–Googling and generic search queries; to what extent do self–Googling search requests match the selected personalised Web pages? To address these questions we explore the theory of narcissism in order to help define self–Googling and present the results from a 14–month online experiment using Google search engine usage data.

Information security management : a case study of an information security culture

This thesis argues that in order to establish a sound information security culture it is necessary to look at organisation's information security systems in a socio- technical context. The motivation for this research stems from the continuing concern of ineffective information security in organisations, leading to potentially significant monetary losses. It is important to address both technical and non- technical aspects when dealing with information security management. Culture has been identified as an underlying determinant of individuals' behaviour and this extends to information security culture, particularly in developing countries. This research investigates information security culture in the Saudi Arabia context. The theoretical foundation for the study is based on organisational and national culture theories. A conceptual framework for this study was constructed based on Peterson and Smith's (1997) model of national culture. This framework guides the study of national, organisational and technological values and their relationships to the development of information security culture. Further, the study seeks to better understand how these values might affect the development and deployment of an organisation's information security culture. Drawing on evidence from three exploratory case studies, an emergent conceptual framework was developed from the traditional human behaviour and the social environment perspectives used in social work, This framework contributes to in- formation security management by identifying behaviours related to four modes of information security practice. These modes provide a sound basis that can be used to evaluate individual organisational members' behaviour and the adequacy of ex- isting security measures. The results confirm the plausibility of the four modes of practice. Furthermore, a final framework was developed by integrating the four modes framework into the research framework. The outcomes of the three case stud- ies demonstrate that some of the national, organisational and technological values have clear impacts on the development and deployment of organisations' informa- tion security culture. This research, by providing an understanding the in uence of national, organi- sational and technological values on individuals' information security behaviour, contributes to building a theory of information security culture development within an organisational context. The research reports on the development of an inte- grated information security culture model that highlights recommendations for developing an information security culture. The research framework, introduced by this research, is put forward as a robust starting point for further related work in this area.

International students using online information resources to learn : complex experience and learning needs

This paper reports the findings of a qualitative study which investigated 25 international students’ use of online information resources for study purposes at two Australian universities. Using an expanded critical incident approach, the study viewed international students through an information literacy lens, as information-using learners. The findings are presented in two complementary parts: as a word picture that describes their whole experience of using online information resources to learn; and as a tabulated set of critical findings that summarises their associated information literacy learning needs. The word picture shows international students’ resource use as a complex interplay of eight inter-related elements: students; information-learning environment; interactions (with online resources); strengths-challenges; learning-help; affective responses; reflective responses; cultural-linguistic dimensions. In using online resources, the international students experience an array of strengths and challenges, and an apparent information literacy imbalance between their more developed information skills and less developed critical information use. The critical findings about information literacy needs provide a framework for developing an inclusive informed learning approach that responds to international students’ complex information using experiences and needs. While the study is situated in Australia, the findings are of potential interest to educators, information professionals and researchers worldwide who seek to support learning in culturally diverse higher education contexts.

International human resource management in the introductory HRM course

This paper explores the extent to which students in the introductory HRM course in US institutions are likely to be exposed to information on international and cross-cultural aspects of HRM. Two methods are used: (1) an analysis of international content in fifteen popular introductory HRM textbooks and (2) a survey of professors teaching introductory HRM. The vast majority of responding instructors said their classes got some exposure to international issues in HRM, and most introductory texts included some relevant content. Critiques of international boxed features and dedicated IHRM chapters are provided, and suggestions for improving the quality and depth of IHRM content in introductory textbooks are made.

Identifying the knowledge management structures in enterprise systems projects

Enterprise System (ES) implementation and management are knowledge intensive tasks that inevitably draw upon the experience of a wide range of people with diverse knowledge capabilities. Knowledge Management (KM) has been identified as a critical success factor in ES projects. Despite the recognized importance of managing knowledge for ES benefits realization, systematic attempts to conceptualize KM-structures have been few. Where the adequacy of KM-structures is assessed, the process and measures are typically idiosyncratic and lack credibility. Using the ‘KM-process’, itself based in sociology of knowledge, this paper conceptualizes four main constructs to measure the adequacy of KM-structures. The SEM model is tested using 310 responses gathered from 27 ES installations that had implemented SAP R/3. The findings reveal six constructs for KM-structure. Furthermore, the paper demonstrates the application of KM-structures in the context of ES using the Adaptive Structuration Theory. The results demonstrate that having adequate KM-structures in place, while necessary, is not sufficient. These rules and resources must be appropriated to have greater positive influence on the Enterprise System. Furthermore, the study provides empirical support for knowledge-based theory by illustrating the importance of knowledge use/re-use (vs. knowledge creation) as the most important driver in the process of KM.