A systematic review of Information security knowledge-sharing research

It is crucial for knowledge to be shared in the information security domain. In effect, sharing ensures that knowledge and skills are propagated through the organisation. Here, we report on a systematic literature review we carried out to gain insight into the literature related to information security knowledge sharing within organisations. The literature highlights the importance of security knowledge sharing in terms of enhancing organisational security awareness, and identifies gaps that can be addressed by researchers in the area

Information security culture: A systematic literature review

Information security culture becomes an enabler towards minimising the protection of security risk and incidents. This research will systematically identify and analyse published research exploring factors influencing information security culture. A systematic literature review is conducted throughout this process.40 papers were used in our synthesis of evidence with nine compatibility factors has been found to influence information security culture in organisation setting. One thousand two hundred and four studies were identified as 40 fulfilled the inclusion criteria. Of these, most (13%) were assessed being high quality, and three were rated very poor.Nine common factors were identified which are cultural differences, security awareness, security behaviour, top management commitment, trust, information sharing, security knowledge, security policy, and belief.The most common factors found was security behaviour that highly influences information security culture from analysis conducted.The result of this study also shows the gap that there is lack of studies conducted in healthcare informatics environments setting. Findings are useful in developing theoretical model that shows factors influencing information security culture in healthcare informatics environmen

Terrorism affected regions : the impact of different supply chain risk management strategies on financial performance

Purpose: Current geo-political events, such as terrorism and climatologic adversities, have highlighted the potential risks to supply chains (SCs), and their disastrous financial impacts on supply chains. Within supply chains, risk management plays a major role in successfully managing business processes in a proactive manner and ensuring the business continuity and financial performance (FP). The purpose of this study is to explore the supply chain risks and strategies in a terrorism-affected region (TAR), and to examine supply chain risk management (SCRM) strategies and their impacts on FP, including the war on terror (WoT) and its impacts on the local logistics industry. In addition, this study investigates the knowledge gaps in the published research on terrorism-related risk in supply chains, and develops a framework of strategies and effective decision-making to enable practitioners to address terrorism-related risks for SCRM.Methodology: The study initially adopts a novel combination of triangulated methods comprising a systematic literature review, text mining, and network analysis. Additionally, risk identification, risk analysis and strategies scrutiny are conducted by using semi-structured interviews and Qualitative Content Analysis in a TAR. A model of strategies was developed from a review of existing studies and interviews. The model is empirically tested with survey data of 80 firms using fuzzy-set Qualitative Comparative Analysis (fsQCA).Findings: This study reveals a number of key themes in the field of SCRM linked with terrorism. It identifies relevant mitigation strategies and practices for effective strategic decision-making. This subsequently leads to development of a strategic framework, consisting of strategies and effective-decision making practices to address terrorism-related risks that affect SCRM. It also identifies key the knowledge gaps in the literature and explores the main contributions by disciplines (e.g., business schools, engineering, and maritime institutions) and countries.Further, it identifies the SC risks in a TAR, which consist of value streams: disruption risks, operational risks and financial risks. Among these, the emerging risks emcompass terrorist groups’ demand for protection money, smog, paedophilia and the use of containers to block protesters. To mitigate these risks, firms frequently implemented the following strategies: information sharing, SC coordination, risk sharing, SC finance, SC security and facilitation payment. Five strategies out of the six (except facilitation payment) are able to lead to FP, confirmed quantitatively as well. There are various equifinal configurations of SCRM strategies leading to FP. In addition, information sharing acts as a moderator in the relationship between SC security and FP. SC coordination has a mediating role in the relationship between information sharing and SC security capabilities and FP.Research limitations/Contribution: The sample size a limitation of the study, meaning that the findings should be generalized with caution. The most valuable implications is the identification of configurations of strategies that can help managers and policymakers in implementing those findings.Originality/value: No empirical study was found in the SCRM literature that specifically investigates the relationships between the identified strategies and FP with fsQCA, in particular in a TAR context; this study thus fills an important gap in the SCRM literature and contributes empirically

A systematic literature review of cloud computing in eHealth

Cloud computing in eHealth is an emerging area for only few years. There needs to identify the state of the art and pinpoint challenges and possible directions for researchers and applications developers. Based on this need, we have conducted a systematic review of cloud computing in eHealth. We searched ACM Digital Library, IEEE Xplore, Inspec, ISI Web of Science and Springer as well as relevant open-access journals for relevant articles. A total of 237 studies were first searched, of which 44 papers met the Include Criteria. The studies identified three types of studied areas about cloud computing in eHealth, namely (1) cloud-based eHealth framework design (n=13); (2) applications of cloud computing (n=17); and (3) security or privacy control mechanisms of healthcare data in the cloud (n=14). Most of the studies in the review were about designs and concept-proof. Only very few studies have evaluated their research in the real world, which may indicate that the application of cloud computing in eHealth is still very immature. However, our presented review could pinpoint that a hybrid cloud platform with mixed access control and security protection mechanisms will be a main research area for developing citizen centred home-based healthcare applications

Linking Research and Policy: Assessing a Framework for Organic Agricultural Support in Ireland

This paper links social science research and agricultural policy through an analysis of support for organic agriculture and food. Globally, sales of organic food have experienced 20% annual increases for the past two decades, and represent the fastest growing segment of the grocery market. Although consumer interest has increased, farmers are not keeping up with demand. This is partly due to a lack of political support provided to farmers in their transition from conventional to organic production. Support policies vary by country and in some nations, such as the US, vary by state/province. There have been few attempts to document the types of support currently in place. This research draws on an existing Framework tool to investigate regionally specific and relevant policy support available to organic farmers in Ireland. This exploratory study develops a case study of Ireland within the framework of ten key categories of organic agricultural support: leadership, policy, research, technical support, financial support, marketing and promotion, education and information, consumer issues, inter-agency activities, and future developments. Data from the Irish Department of Agriculture, Fisheries and Food, the Irish Agriculture and Food Development Authority (Teagasc), and other governmental and semi-governmental agencies provide the basis for an assessment of support in each category. Assessments are based on the number of activities, availability of information to farmers, and attention from governmental personnel for each of the ten categories. This policy framework is a valuable tool for farmers, researchers, state agencies, and citizen groups seeking to document existing types of organic agricultural support and discover policy areas which deserve more attention

Police Knowledge Exchange: Summary Report

[Executive Summary] This report draws on research commissioned by the Association of Police and Crime Commissioners (APCC), the National Police Chiefs Council (NPCC) and the Home Office to investigate cultural aspects of knowledge sharing across the police service. The research reviews literature and police perceptions to identify the enablers and barriers to effective knowledge exchange and sharing within and between police forces and police partners, including the public. Data were collected from 11 police forces; 42 in-depth interviews/focus groups and 47 survey responses. The literature-guided analysis identified four core research themes: who, why, what and how we share. Detailed findings are presented in the full report; this summary report presents the core research findings. Recommendations from this study will inform the next phase of activity for the Board. The research identified that cross-force, cross-organisation, national and international sharing relies on a culture supporting individuals who have an independent and reflective sharing approach. A key enabler to police sharing is that, regardless of police rank and role, they all have a strong collaborative nature, through a deep motivation to share, that benefits the wider social community. This collaborative nature is driven by processes that reveal reciprocal benefit and safe sharing, as well as how to effectively ‘get the job done’ and foster professional learning. A key barrier to police sharing is a strong hierarchical culture that does not encourage the independent nature of sharing. Whilst police officers and staff act independently within the confines of their prescribed roles, they rarely independently share beyond this. This hierarchical culture means that innovations in sharing are often initiated or approved top-down and tied to leadership. Hierarchical structures are seen to support a competitive culture combining concepts of risk aversion and blame. The hierarchical culture is also perceived as providing poor clarity on what is of value to share and how to effectively share. There are two key recommendations to overcome this barrier: one long-term and one short-term. Long-term: ‘Become independent sharers’ by changing the nature and culture of the police to encourage this independent nature, so that specific sharing barriers are effectively solved by individuals. Professionalising the police and working collaboratively with academia are steps towards this long-term goal. Short-term: ‘Guide and authorise independent sharing’ by using the hierarchy to scaffold/support and direct police towards effective and approved sharing approaches. This will show the police, through the hierarchy, how and why this independent sharing nature is safe, effective and valued

Electronic information sharing in local government authorities: Factors influencing the decision-making process

This is the post-print version of the final paper published in International Journal of Information Management. The published article is available from the link below. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. Copyright @ 2013 Elsevier B.V.Local Government Authorities (LGAs) are mainly characterised as information-intensive organisations. To satisfy their information requirements, effective information sharing within and among LGAs is necessary. Nevertheless, the dilemma of Inter-Organisational Information Sharing (IOIS) has been regarded as an inevitable issue for the public sector. Despite a decade of active research and practice, the field lacks a comprehensive framework to examine the factors influencing Electronic Information Sharing (EIS) among LGAs. The research presented in this paper contributes towards resolving this problem by developing a conceptual framework of factors influencing EIS in Government-to-Government (G2G) collaboration. By presenting this model, we attempt to clarify that EIS in LGAs is affected by a combination of environmental, organisational, business process, and technological factors and that it should not be scrutinised merely from a technical perspective. To validate the conceptual rationale, multiple case study based research strategy was selected. From an analysis of the empirical data from two case organisations, this paper exemplifies the importance (i.e. prioritisation) of these factors in influencing EIS by utilising the Analytical Hierarchy Process (AHP) technique. The intent herein is to offer LGA decision-makers with a systematic decision-making process in realising the importance (i.e. from most important to least important) of EIS influential factors. This systematic process will also assist LGA decision-makers in better interpreting EIS and its underlying problems. The research reported herein should be of interest to both academics and practitioners who are involved in IOIS, in general, and collaborative e-Government, in particular

Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective

Rapid advances in human genomics are enabling researchers to gain a better understanding of the role of the genome in our health and well-being, stimulating hope for more effective and cost efficient healthcare. However, this also prompts a number of security and privacy concerns stemming from the distinctive characteristics of genomic data. To address them, a new research community has emerged and produced a large number of publications and initiatives. In this paper, we rely on a structured methodology to contextualize and provide a critical analysis of the current knowledge on privacy-enhancing technologies used for testing, storing, and sharing genomic data, using a representative sample of the work published in the past decade. We identify and discuss limitations, technical challenges, and issues faced by the community, focusing in particular on those that are inherently tied to the nature of the problem and are harder for the community alone to address. Finally, we report on the importance and difficulty of the identified challenges based on an online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies (PoPETs), Vol. 2019, Issue