IT incidents and business impacts: Validating a framework for continuity management in information systems

Information technology (IT) incidents that make data inaccessible may cause businesses to lose customers, reputation and market position. Previous studies on information management have identified data availability as a key priority, and the literature on disaster recovery and business continuity describes ways of preparing for and avoiding IT incidents. However, no frameworks for information system continuity management (ISCM) have yet been validated. This research draws on a framework for business continuity management, and extends it to the context of information systems. The framework is validated in a survey of IT managers and chief information officers in large private and public organisations operating in Finland. The results suggest that the embeddedness of continuity practices in an organisation has perceived business impacts whereas, in contradiction of previous theory, there is no such direct relation in the case of organisational alertness and preparedness. The theoretical contribution is to validate the ISCM framework statistically. On the practical level, social factors such as committed managers and employees are influential in decreasing negative business impacts. Further research on the embeddedness of continuity practices is called for. (C) 2013 Elsevier Ltd. All rights reserved

A Study of Information Systems Outsourcing Risks

Despite the considerable growth of Information Systems (IS) outsourcing in recent years, this trend is still the object of strong criticism. This study has as its aim to show the main risks computer outsourcing entails for the largest Spanish firms. In order to achieve that aim, we have reviewed the previous literature on this topic and later analysed the results of a survey covering 5,000 firms. According to the firms under analysis, the main concern in relation to IS outsourcing is the excessive dependence on the provider this type of contract may generate. Nevertheless, some characteristics of firms (mainly their size) somehow determine what risks are seen as the most relevant. The conclusions also suggest that total outsourcing can turn out to be a very dangerous strategy, mainly due to the dependence it creates. This is why IS managers should consider other alternatives such as having multiple providers or resorting to selective outsourcing

LIBRARY MANAGEMENT SOFTWARE: A COMPARATIVE STUDY OF CLOUD SERVICE AND IN-HOUSE SOFTWARE IMPLEMENTATION AT UPSA-GHANA

This study looks at Library Management Software, a comparative study of Cloud Service and In-house Software implementation at UPSA-Ghana with the help of key performance indicators. The purpose of this study is to identify the security effects of Cloud Software as a Service (SaaS), the benefits of Cloud Service as compared to In-house Software implementation within the context of Technology Acceptance Model (TAM). The study uses self-administered questionnaires to collect data and Statistical Package for the Social Sciences (SPSS) tool to analyze data collected from 52 respondents from UPSA. The results indicated that the users of the In-house library system face challenges such as system instability, lack of usability and user adaptation, system unreliability and malfunctioning, and poor training of staff to use the system. In terms of security inferences, maintenance expenses and procurement budgetary, majority of the respondents have indicated that In-house Software implementation were more advantageous than the Cloud Service. Nevertheless, there were indications that SaaS adoption would provide excellent service and minimize the frustration of staff. The study recommends user awareness creation of the services that SaaS offers, the need for the improvement of staff training on current IT developments and the motive for the acceptance of Cloud Services

The moderating effect of information technology capability on the relationship between business continuity management factors and organizational performance

Despite the enormous acknowledgement of the importance of Business Continuity Management (BCM) in sustaining organization survival, very limited studies have focused on the effects of BCM on organizational performance. Hence, the purpose of this study is to provide the empirical evidences that support the relationships that exist between BCM Factors and Organizational Performance with the moderating effects of Information Technology Capability (IT Capability) in organizations from various sectors in Malaysia. Based on the existing literature, BCM Factors are operationalized by Management Support, External Requirement, Organization Preparedness, and Embeddedness of Continuity Practices. A combination of selfadministered and mail survey was deployed involving 147 ISO 27001 and ISO 22301 certified organizations representing both public and private sectors. These organizations were selected as they are deemed to possess a considerably higher sense of commitment towards embracing BCM best practices to enhance their business resilience. At the end of the data collection phase, the study managed to obtain 77 usable responses constituting an effective response rate of 55 percent. The findings indicate that BCM Factors namely External Requirement and Embeddedness of Continuity Practices are significantly related to Overall Organizational Performance and Non-Financial Performance. However, only External Requirement is found significantly related to Financial Performance. The results also reveal that fully supported relationships are found between IT Capability and all Organizational Performance dimensions. In addition, the findings show that IT Capability moderates the relationship between BCM Factors and Organizational Performance. These results provide valuable insights to both practitioners and academia for further understanding the effects of BCM Factors and IT Capability on Organizational Performance. Finally, the research limitations are discussed and suggestions on extended area of research are recommended for future researchers

Information systems outsourcing risks: a study of large firms

Purpose – Despite the considerable growth of information systems (IS) outsourcing in recent years, this trend is still the object of strong criticism. This study has as its aim to show the main risks computer outsourcing entails in the case of the largest Spanish firms. Design/methodology/approach – In order to achieve that aim, reviews the previous literature on this topic and later analyses the results of a survey carried out using a questionnaire that was answered by 357 firms. Findings – According to the firms under analysis, the main concern in relation to IS outsourcing is the excessive dependence on the provider this type of contract can generate. Nevertheless, some characteristics of firms (mainly their size) determine to some extent what risks are seen as the most relevant. Originality/value – The conclusions suggest that total outsourcing can turn out to be a very dangerous strategy, mainly due to the dependence it creates. This is why IS managers should consider other alternatives such as having multiple providers or resorting to selective outsourcing

Outsourcing Information Technology and the Insider Threat

As one of our nation\u27s top critical infrastructures, telecommunications is an essential element of many aspects of our lives upon which we, as a society, are becoming increasingly dependent. Computers, digital telephone switches, and interconnected information technology (IT) systems impact finances, travel, infrastructure management, and missions of national defense. This research examined whether the trend in increased outsourcing of information technology systems is a significant contributing factor to a reportedly increasing amount of insider attacks. In light of changing social, global economic, and technological conditions, the paradigm in which risk analysis, management practices, and operational and personnel security practices are applied to protect information has shifted over the last decade. A comprehensive model of the discursive nature of the insider threat in the outsourced IT environment was developed using a qualitative grounded theory approach put forth by Glaser and Strauss in 1967. The theory generated by this research suggests a multidimensional real and growing threat resulting from outsourced IT as well as preconditions for continued future growth of the insider threat phenomenon

Key Decision-making Phases And Tasks For Outsourcing Information Technology

Outsourcing has become an attractive option for today\u27s organisation. Since outsourcing Information Technology (IT) is a relatively new phenomenon in Australia, little research has been conducted as to IT management strategies needed when considering outsourcing. To guide management in the decision whether or not to outsource IT, the study developed and tested a decision-making model comprising the phases of intelligence, analysis and planning, strategy selection, action, and evaluation and monitoring. The significance of decision phases and tasks contained in the model was established through a survey of major Australian organisations. The sample included Australia\u27s top 390 companies. Such organisations would be likely to have large IT installation and therefore would have greater knowledge of IT outsourcing. The model was also applied in four major case studies to contribute to the survey and to help in interpreting the survey results. Respondent experiences in making IT outsourcing decisions were discussed. The study found that the \u27action\u27 phase of IT outsourcing is the most important decision-making phase. It is largely determined by the track record and the ability of the potential vendor to provide high service levels for the client. The need for an acceptable level of service is also strongly apparent when management evaluates and monitors the outcome of IT outsourcing. In recognition of the importance of the action phase the study presented an expanded model. It shows an expanded representation of the activities, presented in life eyrie form, related to selecting a suitable vendor and entering into an outsourcing contract. The study concluded that the proposed model was sufficiently comprehensive and structured to be a useful guide for IS outsourcing decision making. It enabled decision makers to consider complex, wide ranging and interrelated decision criteria concerning IS outsourcing for their particular circumstances and needs. Knowledge of the above findings should provide the following benefits: *The identification and description of phases, tasks and subtasks provides a checklist of what needs to be taken into account during IT outsourcing decision-making; *The identification of key phases, tasks and sub tasks will help management and others to focus on critical areas that need to be managed well in order for IT outsourcing to be successful; *The identification of the action phase as the most important phase enables management attention to be particularly focussed; *The framework can be used on a \u27as needed\u27 basis thereby making it useful for different outsourcing decision scenarios and situations. The study concludes with the research limitations and suggestions for future research

The role of mobile service providers in combating mobile bullying among adolescent in South Africa

Modern-day mobile communications technology has advanced in rapid phases, triggered by the presence of mobile technology applications. This advancement has accelerated the notion of enriched data, information and services that individuals have access to. The value presented to users of mobile technology in terms of limitless access to a wealth of enriched data is beneficial to society. However, this benefit window also exposed the users into a virtual sphere that is riddled with a wide variety of subtle and overt risks; mobile service providers have lawful responsibilities and concrete moral obligations to protect their customers. It is for this purpose that the researcher focused on examining the extent to which mobile service providers are assisting society to combat the new phenomenon of mobile bullying. A deductive research approach was followed in this study, and a conceptual model was developed to examine the extent of the involvement of the mobile service providers in reducing mobile bullying. The sampling method used in this study is a purposive or judgemental sampling method to obtain data from four (4) major mobile service providers. In the empirical evidence, it has been found that service providers have sufficient knowledge of the law that governs them in distributing mobile content in order to protect minors from the harmful content. Furthermore, another key finding indicates that the service providers' input is inadequate by way of providing education programs to assist mobile users and society in an effort to combat the new phenomenon of mobile and cyber-bullying. This study can act as a base for future research into examining the extent of the role of mobile service providers in reducing mobile bullying, educating society about mobile bullying as well as informing mobile service providers about the importance of their role in combating mobile bullying

Planning and Evaluation of Information Security Investments

This thesis provides a theory-based understanding of information security investments within organizations concentrating on organizational planning and evaluation of information security investments. The underlying framework is the Cyber Security Investment Framework of Rowe and Gallaher (2006). This work is structured as follows: In Part I, the dissertation is motivated and the theory to frame this research is described in detail. Subsequently, in Part II, the publications which comprise this thesis are presented. Finally, in Part III, the fi�ndings of this dissertation are discussed

Development and validation of a conceptual framework for IT offshoring engagement success

“A thesis submitted to the University of Bedfordshire, in partial fulfilment of the requirements for the degree of Doctor of Philosophy”.The study presented in this thesis investigates Offshore Information Technology Outsourcing (IT offshoring) relationships from clients’ perspective. With more client companies outsourcing their IT operations offshore, issues associated with the establishment and management of IT offshoring relationships have become very important. With the growing volume of offshore outsourcing, the numbers of failures are also increasing. Therefore, both clients (service receivers) and suppliers (service providers) face increasing pressure to meet with the objectives of IT offshoring initiatives. Improving the quality of the relationship between client and supplier has frequently been suggested in the literature as probable solution area, however not much literature and empirical evidence is available in this respect. The aim of the study is to make a theoretical and practical contribution by studying the interplay between the critical factors influencing the relationship intensity level of the exchange partners and suggest measures that can potentially increase the success rate in IT offshoring engagements. The objectives of this study are: 1. To identify the relevant critical factors and explore its causes and effects (antecedents and consequences) on the relationship intensity significance level. 2. To develop an integrated conceptual framework combining the hypothetical relationship among these identified critical factors. 3. To empirically validate the conceptual framework. To accomplish the first objective and building the theoretical platform for the second objective, three research questions are identified and answered through empirical study backed by literature evidence. The second objective is addressed through an integrative conceptual framework by analysing the related studies across other disciplines, gaps in the existing theories and models in the outsourcing literature. Coupled with literature gap analysis, the researcher adopted some of the relevant features from across various disciplines of management and social sciences that are relevant to this study. After that, the third objective, the research hypotheses are validated with empirical examination conducted in Europe. Seven research hypotheses are developed based on literature analysis on the relationship of the key constructs in the conceptual framework. This study is explanatory and deductive in nature. It is underpinned mainly by a quantitative research design with structured questionnaire surveys conducted with stratified sampling of 136 client organisations in Europe. Individual client firm is the unit of analysis for this study. Data analysis was conducted using partial least squares (PLS) structural equation modelling techniques. In this research, empirical support was found for most of the research hypotheses and conclusions of the study is derived. An investigation into trust as a concept is used to denote relationship intensity, as the central construct of the framework. The validated conceptual framework and tested hypothesis results are the main contributions of this study. The results of this study will also be useful in terms of adopting the conceptual framework linked with hypotheses as a point of reference to begin with, in order to accomplish a healthy exchange relationship. However, a further deep dive and fine tuning the sub-units/composition characteristics of each critical factor may be needed for individual outsourcing initiative(s). This study is particularly relevant to the client-supplier firms already engaged in a relationship but can also be useful to those clients who are planning to begin their journey in IT offshoring in the near future, as a preparatory platform