Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Understanding the impact of strategic alignment on the operational performance of post implemented technological innovations

Purpose – The purpose of this paper is to examine the role of three strategies - organisational, business and information system – in post implementation of technological innovations. The findings reported in the paper are that improvements in operational performance can only be achieved by aligning technological innovation effectiveness with operational effectiveness. Design/methodology/approach – A combination of qualitative and quantitative methods was used to apply a two-stage methodological approach. Unstructured and semi structured interviews, based on the findings of the literature, were used to identify key factors used in the survey instrument design. Confirmatory factor analysis (CFA) was used to examine structural relationships between the set of observed variables and the set of continuous latent variables. Findings – Initial findings suggest that organisations looking for improvements in operational performance through adoption of technological innovations need to align with operational strategies of the firm. Impact of operational effectiveness and technological innovation effectiveness are related directly and significantly to improved operational performance. Perception of increase of operational effectiveness is positively and significantly correlated with improved operational performance. The findings suggest that technological innovation effectiveness is also positively correlated with improved operational performance. However, the study found that there is no direct influence of strategiesorganisational, business and information systems (IS) - on improvement of operational performance. Improved operational performance is the result of interactions between the implementation of strategies and related outcomes of both technological innovation and operational effectiveness. Practical implications – Some organisations are using technological innovations such as enterprise information systems to innovate through improvements in operational performance. However, they often focus strategically only on effectiveness of technological innovation or on operational effectiveness. Such a focus will be detrimental in the long-term of the enterprise. This research demonstrated that it is not possible to achieve maximum returns through technological innovations as dimensions of operational effectiveness need to be aligned with technological innovations to improve their operational performance. Originality/value – No single technological innovation implementation can deliver a sustained competitive advantage; rather, an advantage is obtained through the capacity of an organisation to exploit technological innovations’ functionality on a continuous basis. To achieve sustainable results, technology strategy must be aligned with organisational and operational strategies. This research proposes the key performance objectives and dimensions that organisations should focus to achieve a strategic alignment. Research limitations/implications – The principal limitation of this study is that the findings are based on investigation of small sample size. There is a need to explore the appropriateness of influence of scale prior to generalizing the results of this study.

Exploring the impact of shared domain knowledge on strategic alignment in the Australian public sector

In this age of ever-increasing information technology (IT) driven environments, governments/or public sector organisations (PSOs) are expected to demonstrate the business value of the investment in IT and take advantage of the opportunities offered by technological advancements. Strategic alignment (SA) emerged as a mechanism to bridge the gap between business and IT missions, objectives, and plans in order to ensure value optimisation from investment in IT and enhance organisational performance. However, achieving and sustaining SA remains a challenge requiring even more agility nowadays to keep up with turbulent organisational environments. The shared domain knowledge (SDK) between the IT department and other diverse organisational groups is considered as one of the factors influencing the successful implementation of SA. However, SDK in PSOs has received relatively little empirical attention. This paper presents findings from a study which investigated the influence of SDK on SA within organisations in the Australian public sector. The developed research model examined the relationship of SDK between business and IT domains with SA using a survey of 56 public sector professionals and executives. A key research contribution is the empirical demonstration that increasing levels of SDK between IT and business groups leads to increased SA.

e-Leadership through strategic alignment: an empirical study of small and medium sized enterprises in the digital age

Small and medium sized enterprises (SMEs) play an important role in the European economy. A critical challenge faced by SME leaders, as a consequence of the continuing digital technology revolution, is how to optimally align business strategy with digital technology to fully leverage the potential offered by these technologies in pursuit of longevity and growth. There is a paucity of empirical research examining how e-leadership in SMEs drives successful alignment between business strategy and digital technology fostering longevity and growth. To address this gap, in this paper we develop an empirically derived e-leadership model. Initially we develop a theoretical model of e-leadership drawing on strategic alignment theory. This provides a theoretical foundation on how SMEs can harness digital technology in support of their business strategy enabling sustainable growth. An in-depth empirical study was undertaken interviewing 42 successful European SME leaders to validate, advance and substantiate our theoretically driven model. The outcome of the two stage process – inductive development of a theoretically driven e-leadership model and deductive advancement to develop a complete model through in-depth interviews with successful European SME leaders – is an e-leadership model with specific constructs fostering effective strategic alignment. The resulting diagnostic model enables SME decision makers to exercise effective e-leadership by creating productive alignment between business strategy and digital technology improving longevity and growth prospects.

Revising the Program Portfolio: Elevating Academic Program Performance and Strategic Alignment

At many institutions, program review is an underproductive exercise. Review of existing programs is often a check-the-box formality, with inconsistent criteria and little connection to institutional priorities or funding considerations. Decisions about where to concentrate resources across the portfolio can be highly politicized. This report profiles how academic planning exemplars use program review as a strategic tool, integrating data on academic quality, student demand, and resource utilization to improve the economics of challenged programs and prioritize programs for investment and expansion.

Exploring the World's Largest ERP Implementation: the Role of ERP in Strategic Alignment

As one of the largest and most complex organizations in the world, the Department of Defense (DoD) faces many challenges in solving its well-documented financial and related business operations and system problems. The DoD is in the process of implementing modern multifunction enterprise resource planning (ERP) systems to replace many of its outdated legacy systems. This paper explores the ERP implementations of the DoD and seeks to determine the impact of the ERP implementations on the alignment of the DoD’s business and IT strategy. A brief overview of the alignment literature and background on ERP are followed by case study analysis of the DoD ERP development and current implementation status. Lastly, the paper explores the current successes and failures of the ERP implementation and the impact on the DoD’s goal of strategic alignment.

A composite framework for the strategic alignment of information systems development

Information systems are corporate resources, therefore information systems development must be aligned with corporate strategy. This thesis proposes that effective strategic alignment of information systems requires information systems development, information systems planning and strategic management to be united. Literature in these areas is examined, breaching the academic boundaries which separate these areas, to contribute a synthesised approach to the strategic alignment of information systems development. Previous work in information systems planning has extended information systems development techniques, such as data modelling, into strategic planning activities, neglecting techniques of strategic management. Examination of strategic management in this thesis, identifies parallel trends in strategic management and information systems development; the premises of the learning school of strategic management are similar to those of soft systems approaches to information systems development. It is therefore proposed that strategic management can be supported by a soft systems approach. Strategic management tools and techniques frame individual views of a strategic situation; soft systems approaches can integrate these diverse views to explore the internal and external environments of an organisation. The information derived from strategic analysis justifies the need for an information system and provides a starting point for information systems development. This is demonstrated by a composite framework which enables each information system to be justified according to its direct contribution to corporate strategy. The proposed framework was developed through action research conducted in a number of organisations of varying types. This suggests that the framework can be widely used to support the strategic alignment of information systems development, thereby contributing to organisational success.

Towards a Contingency Theory perspective of Quality Management in Enabling Strategic Alignment

The aim of this paper is to explore the role of Quality Management (QM) theory and practice using a contingency theory perspective. The study is grounded in the role of QM in improving strategic alignment within Small and Medium Sized Enterprises (SMEs) using Contingency Theory rather than adopting best practice approaches. An inductive theory building research methodology was used involving multiple case analyses of five SMEs, involving repeat interviews (n=45), focus groups (n=5) and document analysis. From the findings, it was found that Contingency Variables (strategy, culture, lifecycle and customer focus) and their respective typologies were found to interact with QM practices in helping to shape strategic alignment between the SMEs and their environments. This shaping process based on contingency approaches occurred in a manner unique to each SME and their respective environments rather than in an overarching best practice manner.

Beyond the fashionable : strategic planning for critical information literacy education

The challenge for all educators is to fuse the learning of information literacy to an academic education in such a way that the outcome is systematic and sustainable learning for students. This challenge can be answered through long-term commitment to information literacy education bound to organisation-wide, renewable strategic planning and driven through systemic reform. This chapter seeks to explore the two sides of reforming information literacy education in an academic environment. Specifically, it will examine how one Australian university has undertaken the implementation of a rigorous strategic, systemic approach to information literacy learning and teaching.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

Exploring business and IT alignment mechanisms: toward a learning perspective

Numerous studies have attempted to develop strategic alignment mechanisms. The strategic alignment mechanism is broken down into two categories namely: strategy process and strategy content. Our review shows that alignment research has been carried out in isolation. We see this as having had the effect of limiting the extent to which executives can understand elements of performance. We confer with a number of researchers in postulating that using a mechanism such as multilevel learning to combine strategy content and strategy process under one metaphor can greatly facilitate, through exploration and exploitation, the understanding not only of human interactions within a firm, but also of the interaction existent between a firm and its environment. The findings in this study further support the idea of integrating strategy process and content to have a better understating of alignment maturity and impact on business performance. It also elaborates the affect of misalignment in companies on performance.