A novel neural network based system for assessing risks associated with information technology security breaches

Security remains a top priority for organizations as their information systems continue to be plagued by security breaches. This dissertation developed a unique approach to assess the security risks associated with information systems based on dynamic neural network architecture. The risks that are considered encompass the production computing environment and the client machine environment. The risks are established as metrics that define how susceptible each of the computing environments is to security breaches. ^ The merit of the approach developed in this dissertation is based on the design and implementation of Artificial Neural Networks to assess the risks in the computing and client machine environments. The datasets that were utilized in the implementation and validation of the model were obtained from business organizations using a web survey tool hosted by Microsoft. This site was designed as a host site for anonymous surveys that were devised specifically as part of this dissertation. Microsoft customers can login to the website and submit their responses to the questionnaire. ^ This work asserted that security in information systems is not dependent exclusively on technology but rather on the triumvirate people, process and technology. The questionnaire and consequently the developed neural network architecture accounted for all three key factors that impact information systems security. ^ As part of the study, a methodology on how to develop, train and validate such a predictive model was devised and successfully deployed. This methodology prescribed how to determine the optimal topology, activation function, and associated parameters for this security based scenario. The assessment of the effects of security breaches to the information systems has traditionally been post-mortem whereas this dissertation provided a predictive solution where organizations can determine how susceptible their environments are to security breaches in a proactive way. ^

Office of Information Technology

Outline detailing the planning and implementation process for the establishment of the College of Medicine's Office of Information Technology. Includes a timeline of the Office of IT's development, a strategic roadmap, and a technology analysis.

Understanding the dynamics of information technology implementation: The case of clinical information systems

The ultimate intent of this dissertation was to broaden and strengthen our understanding of IT implementation by emphasizing research efforts on the dynamic nature of the implementation process. More specifically, efforts were directed toward opening the "black box" and providing the story that explains how and why contextual conditions and implementation tactics interact to produce project outcomes. In pursuit of this objective, the dissertation was aimed at theory building and adopted a case study methodology combining qualitative and quantitative evidence. Precisely, it examined the implementation process, use and consequences of three clinical information systems at Jackson Memorial Hospital, a large tertiary care teaching hospital.^ As a preliminary step toward the development of a more realistic model of system implementation, the study proposes a new set of research propositions reflecting the dynamic nature of the implementation process.^ Findings clearly reveal that successful implementation projects are likely to be those where key actors envision end goals, anticipate challenges ahead, and recognize the presence of and seize opportunities. It was also found that IT implementation is characterized by the systems theory of equifinality, that is, there are likely several equally effective ways to achieve a given end goal. The selection of a particular implementation strategy appears to be a rational process where actions and decisions are largely influenced by the degree to which key actors recognize the mediating role of each tactic and are motivated to action. The nature of the implementation process is also characterized by the concept of "duality of structure," that is, context and actions mutually influence each other. Another key finding suggests that there is no underlying program that regulates the process of change and moves it form one given point toward a subsequent and already prefigured end. For this reason, the implementation process cannot be thought of as a series of activities performed in a sequential manner such as conceived in stage models. Finally, it was found that IT implementation is punctuated by a certain indeterminacy. Results suggest that only when substantial efforts are focused on what to look for and think about, it is less likely that unfavorable and undesirable consequences will occur. ^

The impact of information technology on organizations: A study of enterprise resource planning system influences on job design and organizational culture

The primary purpose of this research is to study the linkage between perceived job design characteristics and information system environment characteristics before and after the replacement of a legacy information system with a new type of information system (referred to as an Enterprise Resource Planning or ERP system). A public state University implementing an academic version of an ERP system was selected for the study. Three survey instruments were used to examine the perception of the information system, the job characteristics, and the organizational culture before and after the system implementation. The research participants included two large departments resulting in a sample of 130 workers. Research questions were analyzed using multivariate procedures including factor analysis, path analysis, step-wise regression, and matched pair analysis. ^ Results indicated that the ERP system has introduced new elements into the working environment that has changed the perception of how the job design characteristics and organization culture dimensions are viewed by the workers. The understanding of how the perceived system characteristics align with an individual's perceived job design characteristics is supported by each of the system characteristics significantly correlated in the proposed direction. The stronger support of this relationship becomes visible in the causal flow of the effects seen in the path diagram and in the step-wise regression. The perceived job design characteristics aligning with dimensions of organizational culture are not as strong as the literature suggests. Although there are significant correlations between the job and culture variables, only one relationship can be seen in the causal flow. ^ This research has demonstrated that system characteristics of ERP do contribute to the perception of change in an organization and do support organizational culture behaviors and job characteristics. ^

Information Technology Trends: Impact on Hotel Corporations

Hospitality organizations are embracing technology in all its aspects to ensure that they can effectively compete in today's market The author cites the results of a survey of corporate executives designed to assess how technology is affecting their organizations.

An Analysis of Information Technology Publications in Leading Hospitality Journals

In response to the recent wide-scale applications of lnformation Technology (I/T) in the hospitality industry, this study analyzed articles in leading hospitality research journals, including the International Journal of Hospitality Management, Cornell Hotel and Restaurant Administration Quarterly, and the Journal of Hospitality & Tourism Research published in the period 1985 to 2004. A total of 1,896 full-length papers were published in these journals during the study period. Excluding book reviews, research notes, and comments from editors and readers, 130 full-length IT-related papers were identified. These papers were then grouped into six defined categories of IT. The findings revealed that during the entire study period, the largest number of publications were in general business applications, whereas the highest growth rate from the first decade to the second decade were in articles on networking

Differential Impacts of Information Technology Services in the Korean Hotel Industry: A Study of Management Perceptions

Successful introduction of information technology applications in various operations of hotel management is vital to most service firms. In recent decades, technologies of information, automation, and communication are increasingly recognized as essential components of a hotel company’s strategic plan. In this study, 62 super-deluxe hotels (5 star), deluxe hotels (4 star), and tourist hotels (3 star) in Korea are examined for differences in the impact of information technology services on guest’ satisfaction, guest convenience, and operational efficiency. The findings generally suggest that the impacts of information technology-enhanced services vary according to the category of hotels in Korea. The results of the study are expected to assist managers in the selections and implementation of information technology systems in their hotel.

Biometrics for Hospitality and Tourism: A New Wave of Information Technology

The technologies that empower biometrics have been around for a number of years, but until recently these technologies have been viewed as exotic. In the not too distant future biometrics will be used to regulate internal processes and to improve services in the hospitality and tourism industries. This paper provides an understanding of the current use of biometrics in general and its practical value for the future in hospitality and tourism. The study presents a review of current practices of biometrics with special reference to the hospitality and tourism businesses, addresses key issues imposed by this technology, and identifies business and marketing implications for these industries.

Strategic positioning of Taiwan in the outsourcing market: Evidence from information technology services and electronic manufacturing outsourcing to China

In outsourcing relationships with China, the Electronic Manufacturing (EM) and Information Technology Services (ITS) industry in Taiwan may possess such advantages as the continuing growth of its production value, complete manufacturing supply chain, low production cost and a large-scale Chinese market, and language and culture similarity compared to outsourcing to other countries. Nevertheless, the Council for Economic Planning and Development of Executive Yuan (CEPD) found that Taiwan's IT services outsourcing to China is subject to certain constraints and might not be as successful as the EM outsourcing (Aggarwal, 2003; CEPD, 2004a; CIER, 2003; Einhorn and Kriplani, 2003; Kumar and Zhu, 2006; Li and Gao, 2003; MIC, 2006). Some studies examined this issue, but failed to (1) provide statistical evidence about lower prevalence rates of IT services outsourcing, and (2) clearly explain the lower prevalence rates of IT services outsourcing by identifying similarities and differences between both types of outsourcing contexts. This research seeks to fill that gap and possibly provide potential strategic guidelines to ITS firms in Taiwan. This study adopts Transaction Cost Economics (TCE) as the theoretical basis. The basic premise is that different types of outsourcing activities may incur differing transaction costs and realize varying degrees of outsourcing success due to differential attributes of the transactions in the outsourcing process. Using primary data gathered from questionnaire surveys of ninety two firms, the results from exploratory analysis and binary logistic regression indicated that (1) when outsourcing to China, Taiwanese firms' ITS outsourcing tends to have higher level of asset specificity, uncertainty and technical skills relative to EM outsourcing, and these features indirectly reduce firms' outsourcing prevalence rates via their direct positive impacts on transaction costs; (2) Taiwanese firms' ITS outsourcing tends to have lower level of transaction structurability relative to EM outsourcing, and this feature indirectly increases firms' outsourcing prevalence rates via its direct negative impacts on transaction costs; (3) frequency does influence firms' transaction costs in ITS outsourcing positively, but does not bring impacts into their outsourcing prevalence rates, (4) relatedness does influence firms' transaction costs positively and prevalence rates negatively in ITS outsourcing, but its impacts on the prevalence rates are not caused by the mediation effects of transaction costs, and (5) firm size of outsourcing provider does not affect firms' transaction costs, but does affect their outsourcing prevalence rates in ITS outsourcing directly and positively. Using primary data gathered from face-to-face interviews of executives from seven firms, the results from inductive analysis indicated that (1) IT services outsourcing has lower prevalence rates than EM outsourcing, and (2) this result is mainly attributed to Taiwan's core competence in manufacturing and management and higher overall transaction costs of IT services outsourcing. Specifically, there is not much difference between both types of outsourcing context in the transaction characteristics of reputation and most aspects of overall comparison. Although there are some differences in the feature of firm size of the outsourcing provider, the difference doesn't cause apparent impacts on firms' overall transaction costs. The medium or above medium difference in the transaction characteristics of asset specificity, uncertainty, frequency, technical skills, transaction structurability, and relatedness has caused higher overall transaction costs for IT services outsourcing. This higher cost might cause lower prevalence rates for ITS outsourcing relative to EM outsourcing. Overall, the interview results are consistent with the statistical analyses and provide support to my expectation that in outsourcing to China, Taiwan's electronic manufacturing firms do have lower prevalence rates of IT services outsourcing relative to EM outsourcing due to higher transaction costs caused by certain attributes. To solve this problem, firms' management should aim at identifying alternative strategies and strive to reduce their overall transaction costs of IT services outsourcing by initiating appropriate strategies which fit their environment and needs.

Assessing an automated, information -sharing technology in the post "9 -11" era: Do local law enforcement officers think it meets their needs?

In the wake of the “9-11” terrorists' attacks, the U.S. Government has turned to information technology (IT) to address a lack of information sharing among law enforcement agencies. This research determined if and how information-sharing technology helps law enforcement by examining the differences in perception of the value of IT between law enforcement officers who have access to automated regional information sharing and those who do not. It also examined the effect of potential intervening variables such as user characteristics, training, and experience, on the officers' evaluation of IT. The sample was limited to 588 officers from two sheriff's offices; one of them (the study group) uses information sharing technology, the other (the comparison group) does not. Triangulated methodologies included surveys, interviews, direct observation, and a review of agency records. Data analysis involved the following statistical methods: descriptive statistics, Chi-Square, factor analysis, principal component analysis, Cronbach's Alpha, Mann-Whitney tests, analysis of variance (ANOVA), and Scheffe' post hoc analysis. ^ Results indicated a significant difference between groups: the study group perceived information sharing technology as being a greater factor in solving crime and in increasing officer productivity. The study group was more satisfied with the data available to it. As to the number of arrests made, information sharing technology did not make a difference. Analysis of the potential intervening variables revealed several remarkable results. The presence of a strong performance management imperative (in the comparison sheriff's office) appeared to be a factor in case clearances and arrests, technology notwithstanding. As to the influence of user characteristics, level of education did not influence a user's satisfaction with technology, but user-satisfaction scores differed significantly among years of experience as a law enforcement officer and the amount of computer training, suggesting a significant but weak relationship. ^ Therefore, this study finds that information sharing technology assists law enforcement officers in doing their jobs. It also suggests that other variables such as computer training, experience, and management climate should be accounted for when assessing the impact of information technology. ^

Cuba’s Role in Venezuela’s Control of the Internet and Online Social Networks

The arrival of Cuba’s Information Technology (IT) and Communications Minister Ramiro Valdés to Venezuela in the Spring of 2010 to serve as a ‘consultant’ to the Venezuelan government awakened a new reality in that country. Rampant with deep economic troubles, escalating crime, a murder rate that has doubled since Chávez took over in 1999, and an opposition movement led by university students and other activists who use the Internet as their primary weapon, Venezuela has resorted to Cuba for help. In a country where in large part traditional media outlets have been censored or are government-controlled, the Internet and its online social networks have become the place to obtain, as well as disseminate, unfiltered information. As such, Internet growth and use of its social networks has skyrocketed in Venezuela, making it one of Latin America’s highest Web users. Because of its increased use to spark political debate among Venezuelans and publish information that differs with the official government line, Chávez has embarked on an initiative to bring the Internet to the poor and others who would otherwise not have access, by establishing government-sponsored Internet Info Centers throughout the country, to disseminate information to his followers. With the help of Cuban advisors, who for years have been a part of Venezuela’s defense, education, and health care initiatives, Chávez has apparently taken to adapting Cuba’s methodology for the control of information. He has begun to take special steps toward also controlling the type of information flowing through the country’s online social networks, considering the implementation of a government-controlled single Internet access point in Venezuela. Simultaneously, in adapting to Venezuela’s Internet reality, Chávez has engaged online by creating his own Twitter account in an attempt to influence public opinion, primarily of those who browse the Web. With a rapidly growing following that may soon reach one million subscribers, Chávez claims to have set up his own online trench to wage cyber space battle.

The Use of the Internet in the U.S Lodging Industry

The internet has been heralded as the communications and marketing tool of the future for the hospitality industry. Both corporate executives and information technology experts feel the hotel of the future cannot do without a presence on the Web. Yet, do the actions of hospitality operators in the field reflect this optimism? This article reports on a study done among property managers in the U.S. lodging industry to determine the actual use of the internet in hotel properties of various types and sizes. Additionally, it addresses development and maintenance issues related to internet use.

On Optimizing Compatible Security Policies in Wireless Networks

This paper deals with finding the maximum number of security policies without conflicts. By doing so we can remove security loophole that causes security violation. We present the problem of maximum compatible security policy and its relationship to the problem of maximum acyclic subgraph, which is proved to be NP-hard. Then we present a polynomial-time approximation algorithm and show that our result has approximation ratio for any integer with complexity .

Development of hardware in the loop real-time control techniques for hybrid power systems involving distributed demands and sustainable energy sources

The future power grid will effectively utilize renewable energy resources and distributed generation to respond to energy demand while incorporating information technology and communication infrastructure for their optimum operation. This dissertation contributes to the development of real-time techniques, for wide-area monitoring and secure real-time control and operation of hybrid power systems. ^ To handle the increased level of real-time data exchange, this dissertation develops a supervisory control and data acquisition (SCADA) system that is equipped with a state estimation scheme from the real-time data. This system is verified on a specially developed laboratory-based test bed facility, as a hardware and software platform, to emulate the actual scenarios of a real hybrid power system with the highest level of similarities and capabilities to practical utility systems. It includes phasor measurements at hundreds of measurement points on the system. These measurements were obtained from especially developed laboratory based Phasor Measurement Unit (PMU) that is utilized in addition to existing commercially based PMU’s. The developed PMU was used in conjunction with the interconnected system along with the commercial PMU’s. The tested studies included a new technique for detecting the partially islanded micro grids in addition to several real-time techniques for synchronization and parameter identifications of hybrid systems. ^ Moreover, due to numerous integration of renewable energy resources through DC microgrids, this dissertation performs several practical cases for improvement of interoperability of such systems. Moreover, increased number of small and dispersed generating stations and their need to connect fast and properly into the AC grids, urged this work to explore the challenges that arise in synchronization of generators to the grid and through introduction of a Dynamic Brake system to improve the process of connecting distributed generators to the power grid.^ Real time operation and control requires data communication security. A research effort in this dissertation was developed based on Trusted Sensing Base (TSB) process for data communication security. The innovative TSB approach improves the security aspect of the power grid as a cyber-physical system. It is based on available GPS synchronization technology and provides protection against confidentiality attacks in critical power system infrastructures. ^