The Common Body of Knowledge: A Framework to Promote Relevant Information Security Research

This study proposes using an established common body of knowledge (CBK) as one means of organizing information security literature. Consistent with calls for more relevant information systems (IS) research, this industrydeveloped framework can motivate future research towards topics that are important to the security practitioner. In this review, forty-eight articles from ten IS journals from 1995 to 2004 are selected and cross-referenced to the ten domains of the information security CBK. Further, we distinguish articles as empirical research, frameworks, or tutorials. Generally, this study identified a need for additional empirical research in every CBK domain including topics related to legal aspects of information security. Specifically, this study identified a need for additional IS security research relating to applications development, physical security, operations security, and business continuity. The CBK framework is inherently practitioner oriented and using it will promote relevancy by steering IS research towards topics important to practitioners. This is important considering the frequent calls by prominent information systems scholars for more relevant research. Few research frameworks have emerged from the literature that specifically classify the diversity of security threats and range of problems that businesses today face. With the recent surge of interest in security, the need for a comprehensive framework that also promotes relevant research can be of great value

The Common Body of Knowledge: A Framework to Promote Relevant Information Security Research

This study proposes using an established common body of knowledge (CBK) as one means of organizing information security literature. Consistent with calls for more relevant information systems (IS) research, this industrydeveloped framework can motivate future research towards topics that are important to the security practitioner. In this review, forty-eight articles from ten IS journals from 1995 to 2004 are selected and cross-referenced to the ten domains of the information security CBK. Further, we distinguish articles as empirical research, frameworks, or tutorials. Generally, this study identified a need for additional empirical research in every CBK domain including topics related to legal aspects of information security. Specifically, this study identified a need for additional IS security research relating to applications development, physical security, operations security, and business continuity. The CBK framework is inherently practitioner oriented and using it will promote relevancy by steering IS research towards topics important to practitioners. This is important considering the frequent calls by prominent information systems scholars for more relevant research. Few research frameworks have emerged from the literature that specifically classify the diversity of security threats and range of problems that businesses today face. With the recent surge of interest in security, the need for a comprehensive framework that also promotes relevant research can be of great value

Business to Business Enterprise Integration: An exploratory study to develop and test an implementation model for engineer to order organisations.

This research explores the managerial problems associated with adoption of business to business (B2B) enterprise integration in the UK engineer to order (ETO) manufacturing sector. Its aim is to develop a B2B enterprise integration hierarchy to overcome managerial problems and propose a model for implementation. The first part of the research developed an overview of the evolution of the B2B enterprise integration concept, a definition, perceived business benefits and its general status in the UK manufacturing sector. The research is grounded in the extant literature covering supply chain integration, information technology acceptance literature, crisis management and implementation success factors. A qualitative case study approach was selected comprising two phases. The first phase involved key informant interviews at eleven ETO companies in the UK. Three interviews with key informants were carried out at each company. This group triangulation approach mitigated any bias. Four managerial problems were identified: management awareness of the benefits and implementation challenges, risk in terms of return on investment and business continuity during implementation, information security risk associated with loss of competitive advantage and lack of relevant skills within the organisation. From these findings, a B2B de-coupled integration hierarchy was developed and an implementation model proposed. The second phase involved an in case participatory action research study over a one year budget cycle at one of the eleven companies during implementation of a B2B system. This case study tested the use of a B2B de-coupled integration hierarchy approach and refined the proposed implementation model. The outcome of the research recommends a B2B de-coupled integration hierarchy and an iterative implementation model for overcoming the four key inhibitors identified. This is significant for practitioners, particularly in the ETO sector, who are in the process of implementing B2B enterprise integration systems. It confirms that successful implementation can be achieved if senior management teams are fully aware of the potential benefits and the implementation challenges. Additionally, business and information security risks must be dealt with by appropriate de-coupling and the workforce should have the relevant skills to deal with the new systems. From an academic perspective, this research provides two significant contributions. This is the first study to explore the managerial problems associated with adoption of B2B enterprise integration by using a combination of interviewing key informants within an organisational setting and a participatory action case study. Furthermore, it is the first study to propose an iterative implementation model to overcome managerial problems associated with adoption of B2B enterprise integration in the UK ETO sector. It should be noted that this research is limited to key informant interviews at eleven companies and one case study. In order to provide unequivocal validation and generalisability, the research should be expanded to cover other manufacturing sectors