Reinforcing the security of corporate information resources:a critical review of the role of the acceptable use policy

Increasingly users are seen as the weak link in the chain, when it comes to the security of corporate information. Should the users of computer systems act in any inappropriate or insecure manner, then they may put their employers in danger of financial losses, information degradation or litigation, and themselves in danger of dismissal or prosecution. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of inappropriate behaviours, and in so doing, protecting corporate information, is through the formulation and application of a formal ‘acceptable use policy (AUP). Whilst the AUP has attracted some academic interest, it has tended to be prescriptive and overly focussed on the role of the Internet, and there is relatively little empirical material that explicitly addresses the purpose, positioning or content of real acceptable use policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and composition of a sample of authentic policies – taken from the higher education sector – rather than simply making general prescriptions about what they ought to contain. There are two important conclusions to be drawn from this study: (1) the primary role of the AUP appears to be as a mechanism for dealing with unacceptable behaviour, rather than proactively promoting desirable and effective security behaviours, and (2) the wide variation found in the coverage and positioning of the reviewed policies is unlikely to be fostering a coherent approach to security management, across the higher education sector.

Electronic information sharing in local government authorities:factors influencing the decision-making process

Local Government Authorities (LGAs) are mainly characterised as information-intensive organisations. To satisfy their information requirements, effective information sharing within and among LGAs is necessary. Nevertheless, the dilemma of Inter-Organisational Information Sharing (IOIS) has been regarded as an inevitable issue for the public sector. Despite a decade of active research and practice, the field lacks a comprehensive framework to examine the factors influencing Electronic Information Sharing (EIS) among LGAs. The research presented in this paper contributes towards resolving this problem by developing a conceptual framework of factors influencing EIS in Government-to-Government (G2G) collaboration. By presenting this model, we attempt to clarify that EIS in LGAs is affected by a combination of environmental, organisational, business process, and technological factors and that it should not be scrutinised merely from a technical perspective. To validate the conceptual rationale, multiple case study based research strategy was selected. From an analysis of the empirical data from two case organisations, this paper exemplifies the importance (i.e. prioritisation) of these factors in influencing EIS by utilising the Analytical Hierarchy Process (AHP) technique. The intent herein is to offer LGA decision-makers with a systematic decision-making process in realising the importance (i.e. from most important to least important) of EIS influential factors. This systematic process will also assist LGA decision-makers in better interpreting EIS and its underlying problems. The research reported herein should be of interest to both academics and practitioners who are involved in IOIS, in general, and collaborative e-Government, in particular. © 2013 Elsevier Ltd. All rights reserved.

An investigation into the adoption and implementation of electronic commerce in Saudi Arabian small and medium enterprises

Saudi Arabian Small and Medium Enterprises (SMEs) will face fierce competition from new entrants to local markets as a result of their accession to the Word Trade Organisation (WTO), and electronic commerce (e-commerce) technologies can reinforce SME's competitive edge. This study investigates the state of e-commerce adoption and analyses the factors that determine the extent to which SMEs in Saudi Arabia are inclined towards deploying e-commerce technologies. This could assist future firms in designing effective implementation projects. Seven SMEs' e-commerce adoption levels are studied as a case. The Technology-Organization-Environment (TOE) framework was used as the major source of inspiration in our analysis of e-commerce adoption amongst Saudi SMEs. In addition to advancing research on e-commerce in Saudi Arabia, this chapter also highlights several directions for future inquiry and implications for managers and policymakers.

When electronic management tools work - and don't work - in social-based distribution channels:a study of IT manufacturers and resellers

Electronic information tools have become increasingly popular with channel manufacturers in their efforts to manage resellers. Although these tools have been found to increase the efficiency of communications, researchers and practitioners alike have questioned their effectiveness. To investigate how top-down electronic information affects social channel relationships we consider the use of such tools in information technology distribution channels. Using electronic communications theory and channel governance theory we hypothesize that the usefulness of the tools is a function of the type of information inherent in each tool (demand creation information or supply fulfillment information) and the particular communications characteristics of this information.

Designing a methodology for an office communication and information system:for executives in the Malaysian public sector : the Prime Minister's office

Modern managers are under tremendous pressure in attempting to fulfil a profoundly complex managerial task, that of handling information resources. Information management, an intricate process requiring a high measure of human cognition and discernment, involves matching a manager's lack of information processing capacity against his information needs, with voluminous information at his disposal. The nature of the task will undoubtedly become more complex in the case of a large organisation. Management of large-scale organisations is therefore an exceedingly challenging prospect for any manager to be faced with. A system that supports executive information needs will help reduce managerial and informational mismatches. In the context of the Malaysian public sector, the task of overall management lies with the Prime Minister and the Cabinet. The Prime Minister's Office is presently supporting the Prime Minister's information and managerial needs, although not without various shortcomings. The rigid formalised structure predominant of the Malaysian public sector, so opposed to dynamic treatment of problematic issues as faced by that sector, further escalates the managerial and organisational problem of coping with a state of complexity. The principal features of the research are twofold: the development of a methodology for diagnosing the problem organisation' and the design of an office system. The methodological development is done in the context of the Malaysian public sector, and aims at understanding the complexity of its communication and control situation. The outcome is a viable model of the public sector. `Design', on the other hand, is developing a syntax or language for office systems which provides an alternative to current views on office systems. The design is done with reference to, rather than for, the Prime Minister's Office. The desirable outcome will be an office model called Office Communication and Information System (OCIS).

The information security policy unpacked:a critical study of the content of university policies

Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.

A concept-based framework for retrieving evidence to support emergency physician decision making at the point of care

The goal of evidence-based medicine is to uniformly apply evidence gained from scientific research to aspects of clinical practice. In order to achieve this goal, new applications that integrate increasingly disparate health care information resources are required. Access to and provision of evidence must be seamlessly integrated with existing clinical workflow and evidence should be made available where it is most often required - at the point of care. In this paper we address these requirements and outline a concept-based framework that captures the context of a current patient-physician encounter by combining disease and patient-specific information into a logical query mechanism for retrieving relevant evidence from the Cochrane Library. Returned documents are organized by automatically extracting concepts from the evidence-based query to create meaningful clusters of documents which are presented in a manner appropriate for point of care support. The framework is currently being implemented as a prototype software agent that operates within the larger context of a multi-agent application for supporting workflow management of emergency pediatric asthma exacerbations. © 2008 Springer-Verlag Berlin Heidelberg.

The post-adoption phase of the broadband in small businesses

In spite of the increasing significance of broadband, many small and medium enterprises (SMEs) are unaware of or unappreciative of its benefits. This is potentially a problem for governments, Internet Service Providers and other supply side institutions. The current study empirically verifies applicability of an extended IS continuance model controlling for organizational variables based on the Technology-Organization-Environment framework to examine factors influencing broadband post-adoption behavior of SMEs in Singapore. Strong support for the model has been manifested by the results, providing insight into influential factors. Results of the study suggest that perceived usefulness is a strong predictor of users’ continuance intention, followed by satisfaction with broadband usage as a significant but weaker predictor. SMEs in a more competitive business environment and whose key executive possesses greater IT knowledge are more likely to use broadband.

Purchasing green transport and logistics services:implications from the environmental sustainability attitude of 3PLs

Environmental sustainability is an area of increasing importance for third party logistics (3PL) companies. As the design and implementation of services requires interaction between buyer and 3PL, the 3PLs are in a critical position to support the efforts towards greening operations of different supply chain participants. However the literature in this field reflects a gap between the perspectives of buyers and 3PLs. This chapter attempts to fill this void through an explorative case study analysis on the environmental attitude of 3PLs in order to derive implications for buyers’ behavior. The results indicate that the buyer’s role is critical in different ways in the development of green initiatives among 3PLs. An increased orientation towards longer-term contracts and joint development would likely enhance the level of green initiatives. Indirectly, the buyer has the opportunity to influence its 3PLs through interaction with employees on different levels in the company, including top management.

A new dynamic framework for managing ERP development and enterprise strategy

The enterprise management (EM) approach provides a holistic view of organizations and their related information systems. In order to align information technology (IT) innovation with global markets and volatile virtualization, traditional firms are seeking to reconstruct their enterprise structures alongside repositioning strategy and establish new information system (IS) architectures to transform from single autonomous entities into more open enterprises supported by new Enterprise Resource Planning (ERP) systems. This chapter shows how ERP engage-abilities cater to three distinctive EM patterns and resultant strategies. The purpose is to examine the presumptions and importance of combing ERP and inter-firm relations relying on the virtual value chain concept. From a review of the literature on ERP development and enterprise strategy, exploratory inductive research studies in Zoomlion and Lanye have been conducted. In addition, the authors propose a dynamic conceptual framework to demonstrate the adoption and governance of ERP in the three enterprise management forms and points to a new architectural type (ERPIII) for operating in the virtual enterprise paradigm.

A framework for enabling dynamic e-business strategies via new enterprise paradigms and ERP solutions

In the global Internet economy, e-business as a driving force to redefine business models and operational processes is posing new challenges for traditional organizational structures and information system (IS) architectures. These are showing promises of a renewed period of innovative thinking in e-business strategies with new enterprise paradigms and different Enterprise Resource Planning (ERP) systems. In this chapter, the authors consider and investigate how dynamic e-business strategies, as the next evolutionary generation of e-business, can be realized through newly diverse enterprise structures supported by ERP, ERPII and so-called "ERPIII" solutions relying on the virtual value chain concept. Exploratory inductive multi-case studies in manufacturing and printing industries have been conducted. Additionally, it proposes a conceptual framework to discuss the adoption and governance of ERP systems within the context of three enterprise forms for enabling dynamic and collaborative e-business strategies, and particularly demonstrate how an enterprise can dynamically migrate from its current position to the patterns it desires to occupy in the future - a migration that must and will include dynamic e-business as a core competency, but that also relies heavily on ERP-based backbone and other robust technological platform and applications.