Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Understanding the impact of strategic alignment on the operational performance of post implemented technological innovations

Purpose – The purpose of this paper is to examine the role of three strategies - organisational, business and information system – in post implementation of technological innovations. The findings reported in the paper are that improvements in operational performance can only be achieved by aligning technological innovation effectiveness with operational effectiveness. Design/methodology/approach – A combination of qualitative and quantitative methods was used to apply a two-stage methodological approach. Unstructured and semi structured interviews, based on the findings of the literature, were used to identify key factors used in the survey instrument design. Confirmatory factor analysis (CFA) was used to examine structural relationships between the set of observed variables and the set of continuous latent variables. Findings – Initial findings suggest that organisations looking for improvements in operational performance through adoption of technological innovations need to align with operational strategies of the firm. Impact of operational effectiveness and technological innovation effectiveness are related directly and significantly to improved operational performance. Perception of increase of operational effectiveness is positively and significantly correlated with improved operational performance. The findings suggest that technological innovation effectiveness is also positively correlated with improved operational performance. However, the study found that there is no direct influence of strategiesorganisational, business and information systems (IS) - on improvement of operational performance. Improved operational performance is the result of interactions between the implementation of strategies and related outcomes of both technological innovation and operational effectiveness. Practical implications – Some organisations are using technological innovations such as enterprise information systems to innovate through improvements in operational performance. However, they often focus strategically only on effectiveness of technological innovation or on operational effectiveness. Such a focus will be detrimental in the long-term of the enterprise. This research demonstrated that it is not possible to achieve maximum returns through technological innovations as dimensions of operational effectiveness need to be aligned with technological innovations to improve their operational performance. Originality/value – No single technological innovation implementation can deliver a sustained competitive advantage; rather, an advantage is obtained through the capacity of an organisation to exploit technological innovations’ functionality on a continuous basis. To achieve sustainable results, technology strategy must be aligned with organisational and operational strategies. This research proposes the key performance objectives and dimensions that organisations should focus to achieve a strategic alignment. Research limitations/implications – The principal limitation of this study is that the findings are based on investigation of small sample size. There is a need to explore the appropriateness of influence of scale prior to generalizing the results of this study.

Exploring the impact of shared domain knowledge on strategic alignment in the Australian public sector

In this age of ever-increasing information technology (IT) driven environments, governments/or public sector organisations (PSOs) are expected to demonstrate the business value of the investment in IT and take advantage of the opportunities offered by technological advancements. Strategic alignment (SA) emerged as a mechanism to bridge the gap between business and IT missions, objectives, and plans in order to ensure value optimisation from investment in IT and enhance organisational performance. However, achieving and sustaining SA remains a challenge requiring even more agility nowadays to keep up with turbulent organisational environments. The shared domain knowledge (SDK) between the IT department and other diverse organisational groups is considered as one of the factors influencing the successful implementation of SA. However, SDK in PSOs has received relatively little empirical attention. This paper presents findings from a study which investigated the influence of SDK on SA within organisations in the Australian public sector. The developed research model examined the relationship of SDK between business and IT domains with SA using a survey of 56 public sector professionals and executives. A key research contribution is the empirical demonstration that increasing levels of SDK between IT and business groups leads to increased SA.

Beyond the fashionable : strategic planning for critical information literacy education

The challenge for all educators is to fuse the learning of information literacy to an academic education in such a way that the outcome is systematic and sustainable learning for students. This challenge can be answered through long-term commitment to information literacy education bound to organisation-wide, renewable strategic planning and driven through systemic reform. This chapter seeks to explore the two sides of reforming information literacy education in an academic environment. Specifically, it will examine how one Australian university has undertaken the implementation of a rigorous strategic, systemic approach to information literacy learning and teaching.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

Towards a Business Process Management Maturity Model

Business Process Management (BPM) has been identified as the number one business priority by a recent Gartner study (Gartner, 2005). However, BPM has a plethora of facets as its origins are in Business Process Reengineering, Process Innovation, Process Modelling, and Workflow Management to name a few. Organisations increasingly recognize the requirement for an increased process orientation and require appropriate comprehensive frameworks, which help to scope and evaluate their BPM initiative. This research project aims toward the development of a holistic and widely accepted BPM maturity model, which facilitates the assessment of BPM capabilities. This paper provides an overview about the current model with a focus on the actual model development utilizing a series of Delphi studies. The development process includes separate studies that focus on further defining and expanding the six core factors within the model, i.e. strategic alignment, governance, method, Information Technology, people and culture.

Construction supply chain economic policy implementation for sectoral change : moving beyond the rhetoric

Construction sector policy makers have the opportunity to create improvements and develop economic, social and environmental sustainability through supply chain economics. The idea of the supply chain concept to improve firm behaviour and industry performance is not new. However there has been limited application and little or no measurement to monitor successful implementation. Often purchasing policies have been developed with sound strategic procurement principles but even these have had limited penetration in to the processes and practices of infrastructure agencies. The research reported in this paper documents an action research study currently being undertaken in the Australian construction sector which aims to explore supply chain economic policy implementation for sectoral change by two government agencies. The theory which informs this study is the emerging area of construction supply chain economics. There are five stages to the project including; demand analysis, chain analysis, government agency organizational audit, supplier strategy and strategic alignment. The overall objective is towards the development of a Supplier Group Strategy Map for two public sector agencies. Two construction subsectors are examined in detail; construction and demolition waste and precast concrete. Both of these subsectors are critical to the economic and environmental sustainability performance of the construction sector and the community as a whole in the particular jurisdictions. The local and state government agencies who are at the core of the case studies rely individually on the performance of these sectors. The study is set within the context of a sound state purchasing policy that has however, had limited application by the two agencies. Partial results of the study are presented and early findings indicate that the standard risk versus expenditure procurement model does not capture the complexities of project, owner and government risk considerations. A new model is proposed in this paper, which incorporates the added dimension of time. The research results have numerous stakeholders; they will hold particular value for those interested in regional construction sector economics, government agencies who develop and implement policy and who have a large construction purchasing imprint and the players involved in the two subsectors. Even though this is a study in Australia it has widespread applicability as previous research indicates that procurement reform is of international significance and policy implementation is problematic.

Means of achieving Business Process Management success factors

Business Process Management (BPM) in recent years has become a highest priority area for most organizations. Since this concept is multidisciplinary, success in this endeavour requires considering different factors. A number of studies have been conducted to identify these factors; however, most are limited to the introduction of high-level factors or to the identification of the means of success within only a specific context. This paper presents a holistic framework of success factors as well as the associated means for achieving success. This framework introduces nine factors, namely culture, leadership, communication, Information Technology, strategic alignment, people, project management, performance measurement and methodology. Each of these factors are characterized further by defining some sub-constructs and under each sub construct the means for achieving success are also introduced. This framework including means for achieving success can be useful for BPM project stakeholders in adequately planning the initiative and checking the progress during the implementation.

A critical analysis of global BPM demand

Business Process Management is accepted globally as an organisational approach that can be used to enhance productivity and drive cost efficiencies. Whilst there are numerous research articles that discuss this management approach, none clearly articulate the preferred BPM capabilities sought across geographic regions. This study aims to address this through a structured content analysis of leading on-line recruitment websites, supported by essential BPM capabilities - identified through leading academic BPM capability frameworks. Whilst the skills of process modelling, documentation and improvement were commonly sought, Enterprise level factors such as strategic alignment and process governance were less frequently mentioned. In addition, there are geographical differences in the BPM skill set requirements with an emphasis on process governance and organisational culture in European countries. This analysis can be used by prospective and current BPM professionals to understand organisational requirements globally, and academics to structure BPM education to suit these differing geographic demands.

Software as a service (SaaS) for small and medium enterprises (SMEs) : the role of intermediaries

Software as a Service (SaaS) is anticipated to provide significant benefits to small and medium enterprises (SMEs) due to ease of access to high-end applications, 7*24 availability, utility pricing, etc. However, underlying SaaS is the assumption that SMEs will directly interact with the SaaS vendor and use a self-service model. In practice, we see the rise of SaaS intermediaries who support SMEs with using SaaS. This paper reports on an empirical study of the role of intermediaries in terms of how they support SMEs in sourcing and leveraging SaaS for their business. The knowledge contributions of this paper are: (1) the identification and description of the role of SaaS intermediaries and (2) the specification of different roles of SaaS intermediaries, in particular a more basic role with technology orientation and operational alignment perspective and (3) a more added value role with customer orientation and strategic alignment perspective.

Prioritizing process improvement : an example from the Australian financial services sector

Process improvement has become a number one business priority, and more and more project requests are raised in organizations, seeking approval and resources for process-related projects. Realistically, the total of the requested funds exceeds the allocated budget, the number of projects is higher than the available bandwidth, and only some of these (very often only few) can be supported and most never see any light. Relevant resources are scarce, and correct decisions must be made to make sure that those projects that are of best value are implemented. How can decision makers make the right decision on the following: Which project(s) are to be approved and when to commence work on them? Which projects are most aligned with corporate strategy? How can the project’s value to the business be calculated and explained? How can these decisions be made in a fair, justifiable manner that brings the best results to the company and its stakeholders? This chapter describes a business value scoring (BVS) model that was built, tested, and implemented by a leading financial institution in Australia to address these very questions. The chapter discusses the background and motivations for such an initiative and describes the tool in detail. All components and underlying concepts are explained, together with details on its application. This tool has been successfully implemented in the case organization. The chapter provides practical guidelines for organizations that wish to adopt this approach.

Expertise in Business Process Management

As organizations attempt to become more business process-oriented, existing role descriptions are revised and entire new business process-related roles emerge. A lot of attention is often being paid to the technological aspect of Business Process Management (BPM), but relatively little work has been done concerning the people factor of BPM and the specification of BPM expertise in particular. This study tries to close this gap by proposing a comprehensive BPM expertise model, which consolidates existing theories and related work. This model describes the key attributes characterizing “BPM expertise” and outlines their structure, dynamics, and interrelationships. Understanding BPM expertise is a predecessor to being able to develop and apply it effectively. This is the cornerstone of human capital and talent management in BPM.

The Six Core Elements of Business Process Management

The previous chapters gave an insightful introduction into the various facets of Business Process Management. We now share a rich understanding of the essential ideas behind designing and managing processes for organizational purposes. We have also learned about the various streams of research and development that have influenced contemporary BPM. As a matter of fact, BPM has become a holistic management discipline. As such, it requires that a plethora of facets needs to be addressed for its successful und sustainable application. This chapter provides a framework that consolidates and structures the essential factors that constitute BPM as a whole. Drawing from research in the field of maturity models, we suggest six core elements of BPM: strategic alignment, governance, methods, information technology, people, and culture. These six elements serve as the structure for this BPM Handbook.

The Service Portfolio of a BPM Center of Excellence

A key concept for the centralized provision of Business Process Management (BPM) is the Center of Excellence (CoE). Organizations establish a CoE (aka BPM Support Office) as their BPM maturity increases in order to ensure a consistent and cost-effective way of offering BPM services. The definition of the offerings of such a center and the allocation of roles and responsibilities play an important role within BPM Governance. In order to plan the role of such a BPM CoE, this chapter proposes the productization of BPM leading to a set of fifteen distinct BPM services. A portfolio management approach is suggested to position these services. The approach allows identifying specific normative strategies for each BPM service, such as further training or BPM communication and marketing. A public sector case study provides further insights into how this approach has been used in practice. Empirical evidence from a survey with 15 organizations confirms the coverage of this set of BPM services and shows typical profiles for such BPM Centers of Excellence.