Securing intellectual capital:an exploratory study in Australian universities

Purpose – To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.Design/methodology/approach – We gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. We conducted interviews with key stakeholders in Australian universities in order to validate these links.Findings – Our investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.Research implications – There is a need to acknowledge the different roles played by actors within the university, and the relevance of information security to IC-related preservation.Practical implications – Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.Originality/value – This is one of the first studies to explore the connections between data and information security and the three core components of IC’s knowledge security in the university context

Application of Fuzzy Cognitive Mapping in Livelihood Vulnerability Analysis

Feedback mechanisms are important in the analysis of vulnerability and resilience of social-ecological systems, as well as in the analysis of livelihoods, but how to evaluate systems with direct feedbacks has been a great challenge. We applied fuzzy cognitive mapping, a tool that allows analysis of both direct and indirect feedbacks and can be used to explore the vulnerabilities of livelihoods to identified hazards. We studied characteristics and drivers of rural livelihoods in the Great Limpopo Transfrontier Conservation Area in southern Africa to assess the vulnerability of inhabitants to the different hazards they face. The process involved four steps: (1) surveys and interviews to identify the major livelihood types; (2) description of specific livelihood types in a system format using fuzzy cognitive maps (FCMs), a semi-quantitative tool that models systems based on people’s knowledge; (3) linking variables and drivers in FCMs by attaching weights; and (4) defining and applying scenarios to visualize the effects of drought and changing park boundaries on cash and household food security. FCMs successfully gave information concerning the nature (increase or decrease) and magnitude by which a livelihood system changed under different scenarios. However, they did not explain the recovery path in relation to time and pattern (e.g., how long it takes for cattle to return to desired numbers after a drought). Using FCMs revealed that issues of policy, such as changing situations at borders, can strongly aggravate effects of climate change such as drought. FCMs revealed hidden knowledge and gave insights that improved the understanding of the complexity of livelihood systems in a way that is better appreciated by stakeholders

Change Management Over Financial Information: A Multi-Criteria Evaluation of System Change Controls Using Desirability Functions

The increasing complexity of information technology, attacks on confidential information, and the passing of new laws and regulations have shifted the focus around internal controls in organizations. Particularly, general information technology controls related to change management (i.e., system change controls) are critical in ensuring the integrity, completeness, and reliability of financial information. The literature points to various evaluation methods for these controls to determine which ones to implement. However, these methods do not necessarily consider relevant organization constraints, preventing the inclusion of required controls or the exclusion of unnecessary controls. This paper proposes a novel approach, using Desirability Functions, for evaluating system change controls providing management with a measurement that is representative of the overall quality of each control based solely on organizational goals and objectives. Through a case assessment, the approach is proven successful in providing a way for measuring the quality of system change controls in organizations

Development of Information and decisions management Software for educational council minutes of Medical Sciences Universities

     Minutes of educational councils in universities always contain valuable organizational knowledge and play an important role in micro and macro educational decision makings. Lack of storage system, organization and retrieval of these documents can be a major obstacle in the way of utilizing these precious documents. Designing and implementing of an appropriate software to manage minutes of educational councils can facilitate classifying these important documents and ease the access and visibility of their content as well. Therefore based on the structure and the content of educational council minutes of one school of medical sciences universities as a sample and the views of key stakeholders, researchers tried to design and implement a software for information and decisions management of minutes. This research is of developmental- applied type. In order to design the software, object-oriented analysis is used. In the analysis step, at first requirements are identified, extracted and defined based on the descriptive cataloging and subject analyzing of educational councils minutes and after final analysis, the required diagrams were drawn. Software architecture is determined based on the list of requirements and finally the drawn diagrams are converted to programming codes using C# programming language. In the end, the produced software has been tested to ensure its adaptation to the objectives of project and the defined requirements. In this study, it was tried that the designed software leads to the development of electronic database for minutes in order that the universities could have access to content and decisions of these meetings in due time and in appropriate manner. Despite the numerous capabilities of this software, it seems necessary that it be used more widely in order that we could review its improvement and optimization during its implementation in the actual operating environment. Subsequently, it is recommended that Universities of Medical Sciences use the software for information management and their educational meetings to facilitate the process of organizing, storing and retrieving of the documents. They can also contribute to the process of software upgrade for educational meetings in other universities

Selecting IT Control Objectives and Measuring IT Control Capital

COBIT is a well-known framework for IT governance, and provides an extensive list of control objectives for IT managers. However, anecdotal evidence shows that many organizations that use COBIT do not implement the entire framework. Instead, they focus their efforts on only some of COBIT’ s control objectives. We argue that this could be due to the bounded rationality of IT managers, which affects their ability to assess the outcomes of control, and the diminishing returns from implementing controls, because of enforcement costs incurred to control shirking. Managers would thus find it useful if the various control objectives could be ranked, so that they could prioritize their efforts. We use network analysis to identify the most central control objectives in COBIT. We also discuss the development of a measure of “control capital” to capture the level of control an organization achieves after implementing a particular set of controls. Future research will test the empirical validity of this measure

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Index to Library Trends Volume 38

published or submitted for publicatio

Control priorization model for improving information security risk assessment

Evaluating particular assets for information security risk assessment should take into consideration the availability of adequate resources and return on investments (ROI). Despite the need for a good risk assessment framework, many of the existing frameworks lack of granularity guidelines and mostly depend on qualitative methods. Hence, they require additional time and cost to test all the information security controls. Further, the reliance on human inputs and feedback will increase subjective judgment in organizations. The main goal of this research is to design an efficient Information Security Control Prioritization (ISCP) model in improving the risk assessment process. Case studies based on penetration tests and vulnerability assessments were performed to gather data. Then, Technique for Order Performance by Similarity to Ideal Solution (TOPSIS) was used to prioritize them. A combination of sensitivity analysis and expert interviews were used to test and validate the model. Subsequently, the performance of the model was evaluated by the risk assessment experts. The results demonstrate that ISCP model improved the quality of information security control assessment in the organization. The model plays a significant role in prioritizing the critical security technical controls during the risk assessment process. Furthermore, the model’s output supports ROI by identifying the appropriate controls to mitigate risks to an acceptable level in the organizations. The major contribution of this research is the development of a model which minimizes the uncertainty, cost and time of the information security control assessment. Thus, the clear practical guidelines will help organizations to prioritize important controls reliably and more efficiently. All these contributions will minimize resource utilization and maximize the organization’s information security