The information security policy unpacked:a critical study of the content of university policies

Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.

Benchmarking for information systems management using issues framework studies:cContent and methodology

As a means of benchmarking their position and assisting with anticipating an uncertain future, the identification of critical information systems (IS) management issues frameworks is becoming an increasingly important research task for both academics and industrialists. This paper provides a description and summary of previous work on identifying IS issues frameworks by reviewing 20 research investigations in terms of what they studied and how they were conducted. It also suggests some possible directions and methodologies for future research. The summary and suggestions for further work are applicable for issues framework research in the IS management field as well as in other business and management areas.

eHealth as a challenge to `expert' power: a focus group study of internet use for health information and management

Objective To investigate current use of the internet and eHealth amongst adults. Design Focus groups were conducted to explore participants' attitudes to and reasons for health internet use. Main outcome measures The focus group data were analysed and interpreted using thematic analysis. Results Three superordinate themes exploring eHealth behaviours were identified: decline in expert authority, pervasiveness of health information on the internet and empowerment. Results showed participants enjoyed the immediate benefits of eHealth information and felt empowered by increased knowledge, but they would be reluctant to lose face-to-face consultations with their GP. Conclusions Our findings illustrate changes in patient identity and a decline in expert authority with ramifications for the practitioner–patient relationship and subsequent implications for health management more generally.

Information systems management positions - a market perspective

Information systems (IS) managers have become key senior executives for organising the IT resources for delivering support to businesses. Understanding characteristics of IS managers’ employment positions is hence an increasingly important topic in computer personnel research. An investigation in Singapore that included a job advertisement analysis, surveys and case studies was thus conducted to investigate such aspects. This article presents the findings of the job advertisement analysis concerning what kinds of IS managers the market is seeking and what are the basic conditions for such management positions. The literature in this area asserts that job advertisements represent firms’ wishes and the nature of the conditions required of different IS personnel. The results of this analysis therefore reflect a collective market perspective about the changing IS managerial workplace. The results of the analysis benefit both firms and IS employees in formulating personnel development plans and actions, and raise issues for further research.

CORD an object model supporting statistical summary information for management decision making

Information systems have developed to the stage that there is plenty of data available in most organisations but there are still major problems in turning that data into information for management decision making. This thesis argues that the link between decision support information and transaction processing data should be through a common object model which reflects the real world of the organisation and encompasses the artefacts of the information system. The CORD (Collections, Objects, Roles and Domains) model is developed which is richer in appropriate modelling abstractions than current Object Models. A flexible Object Prototyping tool based on a Semantic Data Storage Manager has been developed which enables a variety of models to be stored and experimented with. A statistical summary table model COST (Collections of Objects Statistical Table) has been developed within CORD and is shown to be adequate to meet the modelling needs of Decision Support and Executive Information Systems. The COST model is supported by a statistical table creator and editor COSTed which is also built on top of the Object Prototyper and uses the CORD model to manage its metadata.

Dialogue, partnership and empowerment for network and information security:the changing role of the private sector from objects of regulation to regulation shapers

The protection of cyberspace has become one of the highest security priorities of governments worldwide. The EU is not an exception in this context, given its rapidly developing cyber security policy. Since the 1990s, we could observe the creation of three broad areas of policy interest: cyber-crime, critical information infrastructures and cyber-defence. One of the main trends transversal to these areas is the importance that the private sector has come to assume within them. In particular in the area of critical information infrastructure protection, the private sector is seen as a key stakeholder, given that it currently operates most infrastructures in this area. As a result of this operative capacity, the private sector has come to be understood as the expert in network and information systems security, whose knowledge is crucial for the regulation of the field. Adopting a Regulatory Capitalism framework, complemented by insights from Network Governance, we can identify the shifting role of the private sector in this field from one of a victim in need of protection in the first phase, to a commercial actor bearing responsibility for ensuring network resilience in the second, to an active policy shaper in the third, participating in the regulation of NIS by providing technical expertise. By drawing insights from the above-mentioned frameworks, we can better understand how private actors are involved in shaping regulatory responses, as well as why they have been incorporated into these regulatory networks.

Reinforcing the security of corporate information resources:a critical review of the role of the acceptable use policy

Increasingly users are seen as the weak link in the chain, when it comes to the security of corporate information. Should the users of computer systems act in any inappropriate or insecure manner, then they may put their employers in danger of financial losses, information degradation or litigation, and themselves in danger of dismissal or prosecution. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of inappropriate behaviours, and in so doing, protecting corporate information, is through the formulation and application of a formal ‘acceptable use policy (AUP). Whilst the AUP has attracted some academic interest, it has tended to be prescriptive and overly focussed on the role of the Internet, and there is relatively little empirical material that explicitly addresses the purpose, positioning or content of real acceptable use policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and composition of a sample of authentic policies – taken from the higher education sector – rather than simply making general prescriptions about what they ought to contain. There are two important conclusions to be drawn from this study: (1) the primary role of the AUP appears to be as a mechanism for dealing with unacceptable behaviour, rather than proactively promoting desirable and effective security behaviours, and (2) the wide variation found in the coverage and positioning of the reviewed policies is unlikely to be fostering a coherent approach to security management, across the higher education sector.

Business information systems:technology, development and management in the E-business

This major text assumes no prior knowledge of IS or IT and builds both business and Information systems knowledge to enable the reader to choose the right systems, to develop them and to manage them effectively. The three-part structure to the book covers: Introduction to business information systems Business information systems development Business information systems management Suitable for any IS, BIS or MIS course from UG to MBA level within a Business or Computer Science Department.

Building user commitment to implementing a knowledge management strategy

In the IS literature, commitment is typically considered to involve organizational or managerial support for a system and not that of its users. This paper however reports on a field study involving 16 organizations that attempted to build user involvement in developing a knowledge management strategy by having them design it. Twenty-two IT-supported group workshops (involving 183 users) were run to develop action plans for better knowledge management that users would like to see implemented. Each workshop adopted the same problem structuring technique to assist group members develop a politically feasible action plan to which they were psychologically and emotionally dedicated. In addition to reviewing the problem structuring method, this paper provides qualitative insight into the factors a knowledge management strategy should have to encourage user commitment. © 2004 Elsevier B.V. All rights reserved.

The impact of information and communication technology (ICT), education and regulation on economic freedom in Islamic Middle Eastern countries

Our study investigated the impact of ICT expansion on economic freedom in the Middle East (Bahrain, Iran, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Syria, United Arab Emirates, and Yemen). Our empirical analysis used archival data from 1995 to 2005; it showed that ICT expansion in the Middle East has been effective both in bridging the digital divide and also in promoting economic freedom in a region that was vulnerable to political, social, and global conflict. However, differences between countries, such as the educational attainment of their citizens and institutional resistance to technology acceptance, both enhanced and restricted the relationship between ICT and economic freedom.

Senior managers’ perception on green information systems (IS) adoption and environmental performance:results from a field survey

Based on a Belief-Action-Outcome framework, we produced a model that shows senior managers' perception of both the antecedents to and the consequences of Green IS adoption by a firm. This conceptual model and its associated hypotheses were empirically tested using a dataset generated from a survey of 405 organizations. The results suggest that coercive pressure influences the attitude toward Green IS adoption while mimetic pressure does not. In addition, we found that there was a significant relationship between Green IS adoption, attitude, and consideration of future consequences. Finally, we found that only long term Green IS adoption was positively related to environmental performance. © 2013 Elsevier B.V.

A case study analysis on information and communication technology usage in small logistics service companies

The impact of ICT (information and communications technology) on the logistics service industry is reshaping its organisation and structure. Within this process, the nature of changes resulting from ICT dissemination in small 3PLs (third party logistics providers) is still unclear, although a large number of logistics service markets, especially in the EU context, are populated by a high number of small 3PLs. In addition, there is still a gap in the literature where the role of technological capability in small 3PLs is seriously underestimated. This gives rise to the need to develop investigation in this area. The paper presents the preliminary results of a case study analysis on ICT usage in a sample of 7 small Italian 3PLs. The results highlight some of the barriers to effective ICT implementation, as well as some of the critical success factors.

Human resource management in emerging markets:an introduction

The shifting of global economic power from mature, established markets to emerging markets (EMs) is a fundamental feature of the new realities in the global political economy. Due to a combination of reasons (such as scarcity of reliable information on management systems of EMs, the growing contribution of human resource management (HRM) towards organisational performance, amongst others), the understanding about the dynamics of management of HRM in the EMs context and the need for proactive efforts by key stakeholders (e.g., multinational and local firms, policy makers and institutions such as trade unions) to develop appropriate HRM practice and policy for EMs has now become more critical than ever. It is more so given the phenomenal significance of the EMs predicted for the future of the global economy. For example, Antoine van Agtmael predicts that: in about 25 years the combined gross national product (GNP) of emergent markets will overtake that of currently mature economies causing a major shift in the centre of gravity of the global economy away from the developed to emerging economies. (van Agtmael 2007: 10–11) Despite the present (late 2013 and early 2014) slowdown in the contribution of EMs towards the global industrial growth (e.g., Das, 2013; Reuters, 2014), EMs are predicted to produce 70 per cent of world GDP growth and a further ten years later, their equity market capitalisation is expected to reach US$ 80 trillion, 1.2 times more than the developed world (see Goldman Sachs, 2010).