A review of quality frameworks in information systems

Quality is a multidimensional concept that has different meanings in different contexts and perspectives. In the domain of Information system, quality is often understood as the result of an IS development process and as the quality of an IS product. Many models and frameworks have been proposed for evaluating IS quality. However, as yet there is not a commonly accepted framework or standard of IS quality. Typically, researchers propose a set of characteristics, so-called quality factors contributing to the quality of IS. Different stakeholders' perspectives are resulting in multiple definitions of quality factors of IS. For instance, some approaches are based on the IS delivery process for the selection of quality factors; while some other approaches do not clearly explain the rationale of their selection. Moreover, often relations or impacts among selected quality factors are not taken into account. Quality aspects of information are frequently considered isolated from IS quality. The impact of IS quality on information quality seems to be neglected in most approaches. Our research aims to incorporate these levels, by which we propose an IS quality framework based on IS architecture. Considering user and IS developer's perspectives, different quality factors are identified for various abstraction levels. Besides, the presentation on impacts among different quality factors helps to retrieve the root cause of IS defects. Thus, our framework provides a systematic view on quality of information and IS

Penetration Testing Frameworks and methodologies: A comparison and evaluation

Cyber security is fast becoming a strategic priority across both governments and private organisations. With technology abundantly available, and the unbridled growth in the size and complexity of information systems, cyber criminals have a multitude of targets. Therefore, cyber security assessments are becoming common practice as concerns about information security grow. Penetration testing is one strategy used to mitigate the risk of cyber-attack. Penetration testers attempt to compromise systems using the same tools and techniques as malicious attackers thus, aim to identify vulnerabilities before an attack occurs. Penetration testing can be complex depending on the scope and domain area under investigation, for this reason it is often managed similarly to that of a project necessitating the implementation of some framework or methodology. Fortunately, there are an array of penetration testing methodologies and frameworks available to facilitate such projects, however, determining what is a framework and what is methodology within this context can lend itself to uncertainty. Furthermore, little exists in relation to mature frameworks whereby quality can be measured. This research defines the concept of “methodology” and “framework” within a penetration testing context. In addition, the research presents a gap analysis of the theoretical vs. the practical classification of nine penetration testing frameworks and/or methodologies and subsequently selects two frameworks to undergo quality evaluation using a realworld case study. Quality characteristics were derived from a review of four quality models, thus building the foundation for a proposed penetration testing quality model. The penetration testing quality model is a modified version of an ISO quality model whereby the two chosen frameworks underwent quality evaluation. Defining methodologies and frameworks for the purposes of penetration testing was achieved. A suitable definition was formed by way of analysing properties of each category respectively, thus a Framework vs. Methodology Characteristics matrix is presented. Extending upon the nomenclature resolution, a gap analysis was performed to determine if a framework is actually a framework, i.e., it has a sound underlying ontology. In contrast, many “frameworks” appear to be simply collections of tools or techniques. In addition, two frameworks OWASP’s Testing Guide and Information System Security Assessment Framework (ISSAF), were employed to perform penetration tests based on a real-world case study to facilitate quality evaluation based on a proposed quality model. The research suggests there are various ways in which quality for penetration testing frameworks can be measured; therefore concluded that quality evaluation is possible

Towards a Conceptualization of Data and Information Qualityin Social Information Systems

Data and information quality (DIQ) have been defined traditionally in an organizational context and with respect to traditional information systems (IS). Numerous frameworks have been developed to operationalize tradi- tional DIQ accordingly. However, over the last decade, social information systems (SocIS) such as social media have emerged that enable social interaction and open col- laboration of voluntary prosumers, rather than supporting specific tasks as do traditional IS in organizations. Based on a systematic literature review, the paper identifies and categorizes prevalent DIQ conceptualizations. The authors differentiate the various understandings of DIQ in light of the unique characteristics of SocIS and conclude that they do not capture DIQ in SocIS well, nor how it is defined, maintained, and improved through social interaction. The paper proposes a new conceptualization of DIQ in SocIS that can explain the interplay of existing conceptualizations and provides the foundation for future research on DIQ in SocIS

A proposed framework that enhances the quality of cyber security audits

The need to protect information systems or assets remains crucial today. Innovations in technology have led to rapid developments and as technology continues to advance, so is the need to protect information systems. Amongst numerous effects of cyber-attacks on organizations, huge financial losses which in turn affect the economy have since been reported. Cyber security audits need to be strengthened to tighten the protection of information systems. The importance of cybersecurity audits is widely endorsed in literature. Nonetheless, frameworks used to audit cybersecurity are viewed as‘sometimes' weak links to cybersecurity due to their drawbacks in auditing cyber security. A review of literature indicated that cyber-attacks are more rampant in the African continent with the financial sector being the most targeted. Literature also highlighted that the use of relevant frameworks for auditing cyber security improves the quality and effectiveness of audits thereby enhancing cyber security. Studies in information systems have mostly looked at the adoption of frameworks, types of cyber threats and tools needed to audit. Nonetheless, it is important to note that few scholars have examined the applicability and effectiveness of the existing frameworks in auditing cyber security. Furthermore, previous studies emphasize on enhancing cyber security without a particular focus on auditing cyber security including assessing the role of the auditor during the process. As a result, this study looked at cyber security from an auditing perspective with a particular focus on the strengths and weaknesses of the current frameworks that are being used to audit cyber security including. The study also looked at the factors that enhance the effectiveness of cyber security audits. The study draws from different theories, literature and from the strengths and drawbacks of existing frameworks to create an explanatory model. To statistically test and evaluate the model, a quantitative research approach was employed to collect, analyze, and interpret data from South Africa. Data was collected using a questionnaire which was distributed to IT auditors and cyber security professionals from the Information Systems Audit and Control Association (ISACA) South African chapter members. The National Institute of Standards and Technology (NIST) cyber security framework was found to be the widely adopted framework followed by the International Organization for Standardization (ISO) standards, with the Control Objectives for Information Technologies (COBIT) being the least employed framework. The COBIT framework was found to be more aligned to Information Technology governance rather than cyber security. Furthermore, results of this study indicate that effectiveness of cyber security audits is dependent upon competencies of auditors including their ethics and integrity. Results further indicate that frameworks used for auditing are effective to some extent if properly implemented. A proper alignment of an auditor's competencies which include ethics and integrity, and an adoption of a relevant framework will result in effective cyber security audits that reduce the risks of cyber-attacks. Concerning the contribution to practice, results from this study can help organizations to determine and review focus areas of cyber security auditing that they need to emphasize and develop on. Furthermore, the developed model can be used by auditors to develop an audit plan and conduct audits that are effective in identifying, protecting, detecting, preventing, and recovering information systems or assets. The methodological, theoretical, and practical contributions are further discussed in this thesis along with limitations, recommendations, and areas for future research

Ethical frameworks for quality improvement activities: An analysis of international practice

Purpose: To examine international approaches to the ethical oversight and regulation of quality improvement and clinical audit in healthcare systems. Data sources: We searched grey literature including websites of national research and ethics regulatory bodies and health departments of selected countries. Study selection: National guidance documents were included from six countries: Ireland, England, Australia, New Zealand, the United States of America and Canada. Data extraction: Data were extracted from 19 documents using an a priori framework developed from the published literature. Results: We organised data under five themes: ethical frameworks; guidance on ethical review; consent, vulnerable groups and personal health data. Quality improvement activity tended to be outside the scope of the ethics frameworks in most countries. Only New Zealand had integrated national ethics standards for both research and quality improvement. Across countries, there is consensus that this activity should not be automatically exempted from ethical review, but requires proportionate review or organisational oversight for minimal risk projects. In the majority of countries, there is a lack of guidance on participant consent, use of personal health information and inclusion of vulnerable groups in routine quality improvement. Conclusion: Where countries fail to provide specific ethics frameworks for quality improvement, guidance is dispersed across several organisations which may lack legal certainty. Our review demonstrates a need for appropriate oversight and responsive infrastructure for quality improvement underpinned by ethical frameworks that build equivalence with research oversight. It outlines aspects of good practice, especially The New Zealand framework that integrates research and quality improvement ethics

Rámec pro posouzení kvalitativních hledisek informačních systémů

Záměrem předložené disertační práce je porozumět tomu, jak investoři v konkrétním společenském kontextu vnímají význam kvality informačních systémů. Ze studia literatury zabývající se přístupy a rámci hodnocení kvality informačních systémů vyplývá, že tato kvalita je obecně hodnocena z hlediska striktního přístupu. V této práci je ukázáno, že kvalitu informačního systému lze smysluplně pochopit použitím interpretačního paradigmatu a že kvalita informačního systému je definována společensky a ovlivňována kontextem tohoto systému. Studie byla zahájena průzkumem dvaceti libyjských organizací. Podrobnější data byla získána z případové studie dvou vybraných libyjských organizací působících ve veřejném sektoru. Při empirické analýze nashromážděných dat bylo využito rámce mnohočetné perspektivy, který zahrnuje hlediska teorie strukturalizace, pojem mnohočetných perspektiv a metodologii měkkých systémů. V práci se dospělo ke zjištění, že: a) kvalita informačních systémů je pojata šíře, než je tomu u tradiční definice kvality, b) mnohočetné perspektivy kvality informačních systémů jsou ovlivněny opakovanou interakcí mezi investorem a institucionálními vlastnostmi kontextu informačního systému a že c) rozdílné hodnoty v kulturním prostředí a vnějším kontextu ovlivňují rozsah působnosti investora a interakce v kontextu informačního systému. Ze závěru práce vyplývá, že společenská skladba mnohočetných perspektiv kvality informačního systému je ovlivněna strukturalizačními procesy mezi investory a vlastnostmi v kontextu informačního systému.This thesis is concerned with understanding how stakeholders in a particular cultural context construct the multiple meanings of ‘Information Systems Quality’ (IS Quality). A review of literature on approaches and frameworks for IS quality shows that the IS quality is generally examined through a ‘hard approach’. This study demonstrates that IS quality can be meaningfully understood through an interpretive paradigm, and that IS quality is socially constructed and influenced by the IS context. The study began with an exploratory survey of twenty Libyan organizations. Data were gathered through a case study of two public sector organizations in Libya. A Multiple Perspective Framework (MPF) that incorporates ideas from structuration theory, multiple perspectives concept, and soft systems methodology (SSM) was used to analyze the empirical work. The findings revealed that: (a) IS quality is a broader conception than the traditional quality definition, (b) the multiple perspectives of IS quality are influenced by repeated interaction between the stakeholder and institutional properties in the IS context, and (c) mediation of different values in the culture system and in the external context influence the extent of stakeholder agency and interaction in the IS context. The study concluded that the social construction of multiple perspectives of IS quality is influenced by the structuration processes between stakeholders and properties in the IS context.

Dimensions and Indicators of Quality of Health Care Used for Healthcare Systems’ Performance Assessment

Delivering high-quality health care is a central goal of all healthcare systems. Quality of health care is one of the basic components used for health system performance assessment (HSPA). Quality of health care is measured by sixdimensions – effectiveness, safety, patient-centeredness, access, appropriateness, and continuity of care. This study aims to identify and systematize the most frequently used dimensions and indicators for measuring the quality of health care used for health system performance assessment. To achieve this aim the review is implemented on the base of HSPA reports from various countries and organizations as well as scientific publications related to quality of health care.Founded on the review of conceptual HSPA frameworks are identified 304 different indicators for measuring quality of health care. Most of them are focused on measuring process and outcome of health care. Effectiveness, safety and patient centeredness are the elements consist of the most used dimensions for measuring quality of health care.Certain differences in understanding of the essence of quality of health care dimensions and indicators were identified in the reports. They could be explained by the diversity of concepts of quality of health care, of health insurance models and of health care system goals in different countries.Measuring quality of health care is a key significance in health care system performance assessment. It provides important information about areas and components of the health care system which need of improvement as a basis forconsequential policy and political decisions

The Health Utilities Index (HUI(®)): concepts, measurement properties and applications

This is a review of the Health Utilities Index (HUI(®)) multi-attribute health-status classification systems, and single- and multi-attribute utility scoring systems. HUI refers to both HUI Mark 2 (HUI2) and HUI Mark 3 (HUI3) instruments. The classification systems provide compact but comprehensive frameworks within which to describe health status. The multi-attribute utility functions provide all the information required to calculate single-summary scores of health-related quality of life (HRQL) for each health state defined by the classification systems. The use of HUI in clinical studies for a wide variety of conditions in a large number of countries is illustrated. HUI provides comprehensive, reliable, responsive and valid measures of health status and HRQL for subjects in clinical studies. Utility scores of overall HRQL for patients are also used in cost-utility and cost-effectiveness analyses. Population norm data are available from numerous large general population surveys. The widespread use of HUI facilitates the interpretation of results and permits comparisons of disease and treatment outcomes, and comparisons of long-term sequelae at the local, national and international levels