Enhancing Information Security Risk Management with Security Analytics: A Dynamic Capabilities Perspective

The importance of information security risk management (ISRM) and its potential strategic role in protecting organisational information assets is widely studied in literature. Less attention is given to how ISRM can be enhanced using security analytics to contribute to a competitive advantage. This paper proposes a model showing that security analytics capabilities (the ability to effectively use security data for informed security related decision making) and ISRM capabilities (the ability to effectively identify and protect organizational information assets) indirectly influence competitive advantage in ISRM through two key mediating links: analytics-enabled ISRM capabilities (the ability to effectively leverage insights gleaned from security data to make informed ISRM decisions) and ISRM dynamic capabilities (the ability to reconfigure analytics-enabled ISRM capabilities to address turbulent environments). Environmental turbulence moderates the process by which security analytics and ISRM capabilities influence competitive advantage. The paper concludes by calling for evaluation and refinement of the research model

Analysis of the Relationship Between Data Governance and Data-Drive Culture

As organizations increase their use of data, among scholars there is growing interest in data governance and data-driven culture, and studies suggest investigating the relationship between these two phenomena would provide a better understanding of data behavior in organizations. Thus, this exploratory research investigates the relationship between data governance and data-driven culture using partial least squares structural equation modeling (PLS-SEM). The results show the relationship between data governance and data-driven culture is strong, and that it is mediated by data quality. Additionally, based on the Resource-Based View of the firm, our results indicate data governance and data- driven culture should be addressed jointly when evaluating their contribution as an organizational resource

The Influence of IT Capability on Operational Performance Through Internal and External Integration: Evidence from Indonesia

During the Pandemic of COVID-19, many manufacturing companies around the world, such as Indonesia, experienced supply and demand disruption. The PMI index reflecting the operational performance declined to 27.5 in April 2020 from 45 in January 2020. This study investigates the influence of IT capability on operational performance through internal and external integration. The sample consists of 111 manufacturing companies, and data analysis adopts the Partial Least Square (PLS) approach with SmartPLS. The results revealed that nine hypotheses proposed were supported. First, IT capability directly affects internal, external integration, and operational performance. Second, internal and external integration affects operational performance. Third, IT capability indirectly affects operational performance through internal and external integration. This research paves a way on how to recover the operational performance during the pandemic. These findings also contribute to enriching and extending the acceptance of previous research in the manufacturing industry context

Strategies to Minimize the Effects of Information Security Threats on Business Performance

Business leaders in Nigeria are concerned about the high rates of business failure and economic loss from security incidents and may not understand strategies for reducing the effects of information security threats on business performance. Guided by general systems theory and transformational leadership theory, the focus of this exploratory multiple case study was to explore the strategies small and medium-sized enterprise (SME) leaders use to minimize the effects of information security threats on business performance. Semistructured interviews were conducted with 5 SME leaders who worked in SME firms that support oil and gas industry sector in Port Harcourt, Nigeria, had a minimum of 2 years experience in a leadership role, and had demonstrable strategies for minimizing the effects of information security threats in a SME. The thematic analysis of the interview transcripts revealed 10 strategies for reducing the effects of information security threats: network security, physical security, strong password policy, antivirus protection and software update, information security policy, security education training and awareness, network security monitoring and audit, intrusion detection, data backup, and people management. The findings may contribute to social change by providing SME leaders with more insight about strategies to minimize the effects of information security threats on business performance. The improved business performance can increase the flow of funds into the local economy and allow community leaders to provide social services to residents

End-User Awareness of and Adherence to Crisis Preparedness of the Information Systems in New Zealand Organisations

A crisis is a specific, unanticipated, and non-routine event that generates high levels of uncertainty and jeopardizes high value priorities such as life, economic well-being, or physical infrastructures. Some scholars observe that our computing environment has dramatically changed and is now defined by greater use and dependence on technology, while simultaneously it is hampered by technological failures and security vulnerability, which have perhaps led to an increase in the incidence of organisational crises. Because of the high occurrence of crises and the increased dependence on information systems (IS) in organisations, one would assume that most firms would have established measures to counteract these events, however the literature indicated otherwise. The purpose of this research was to explore and understand the factors that contribute to crisis preparedness of the information systems. A comprehensive review of the literature indicated that the IS field has a large volume of publications on information systems disaster recovery, business continuity, information systems risk management and information systems security but little on crisis preparedness of the information systems. This study comprehensively reviewed relevant literature on the nature of crises, crisis preparedness and information systems. The literature review established groundwork necessary for the development of the research hypotheses which were tested during this investigation. A quantitative positivist research approach was proposed. The study utilized a web-based survey to collect quantifiable information on the subject matter from study participants. The survey instrument was developed based on seven research dimensions. From these dimensions descriptive questions were created which formed part of the survey instrument. The collected data was analysed using three different approaches: descriptive statistics, correlation and percentage responses. From the data, facts about crisis preparedness of the information systems in New Zealand organisations were revealed. In total 90 responses were received, 72 of which were eligible for data analyses. The study findings indicate some degree of end-user awareness of and adherence to crisis preparedness of the information systems in New Zealand organisations. However, more emphasis is needed in the understanding of the processes that bring about successful CPIS strategies across varying organisation structures. The academic value of this research is the review of discourse in the fields of crisis preparedness and Information Systems, and the application of some of the theoretical concepts from those fields. These were necessary to test the research hypotheses and their findings can be used to explain the crisis-preparedness phenomenon in future studies. The practical value of this research is the development of a tool that can be used by managers and senior executives to undertake informed decisions with regard to the status or progress of the crisis preparedness of the information systems initiatives in their respective organisations from the end-user perspective

Critical analysis of organizational change process: evidences from a steel company

© 2020, Emerald Publishing Limited. Purpose: The purpose of this paper is to evaluate the main factors that influence the organizational change in a steel company. Design/methodology/approach: The methodological procedures used were literature review and survey. The literature review allowed the listing of 24 factors and these factors were grouped into three constructs (Behavioral Aspects, Cultural Aspects and Management Aspects). The survey allowed the quantification of each factor based on information provided by employees who work in the mentioned company. The data collected were analyzed using the Partial Least Squares-Structural Equation Modeling technique. Findings: For the Behavioral Aspects, the following factors were validated: fear of the unknown; insecurity and anxiety; stress and feeling of suffering. For the Cultural Aspects the following factors were validated: multiculturalism in the company; low degree of risk acceptance and low performance acceptance; excessive concerns about consensus. Finally, for the Management Aspects, the following factors were validated: lack of clarity in communications; lack of alignment of goals; lack of leadership engagement. Originality/value: The results are valuable for the company studied and for other managers interested in subject. The findings presented here can broaden the debate about this topic and contribute with professionals that wish to evaluate the mentioned factors

Essays on Manufacturers’ IT Capabilities for Digital Servitization

Over the last decades, studies have found that transformational drivers affect how firms innovate their business models (Chesbrough, 2010; Massa et al., 2016). In markets in which physical products become commodities, the servitization of business models is a transformational driver for firms (Wise & Baumgartner, 1999). For its part, digitalization increases the potential to reshape business models through novel use cases of technology (Yoo et al., 2010). Recently, digitalization was found to extend the opportunities from servitization through digital technologies as digital servitization (Paschou et al., 2020). Digital servitization describes a firm’s shift from product-centric offerings to service-centric offerings with the help of novel IT assets (Naik et al., 2020). The manufacturing industry provides promising examples of firms with portfolios of physical offerings that might undergo such a transformational shift (Baines et al., 2017). So far, digital servitization research focuses primarily on four topics: re-defining the notion of servitization in the context of digitalization, identifying digital servitization value drivers, linking the transformation to specific technologies, and deriving how novel service offerings arise (Paschou et al., 2020; Zhou & Song, 2021). Despite the breadth of digital servitization research, how firms can shift to service-centric offerings remains unclear (Kohtamäki et al., 2019). Specifically, research lacks studies on the prerequisites and mechanisms that link theory with evidence on achieving IT-enabled service innovation (Paschou et al., 2020). Further, how firms must organize to build and operate IT-enabled services around these technologies remains unclear (Paschou et al., 2020). In a recent report on the manufacturing industry, practitioners confirm these gaps and associate them with a lack of managerial and technical knowledge (Illner et al., 2020). A theoretical lens that helps to address these shortcomings is the knowledge-based theory. It suggests that knowledge is the primary rationale, so that a firm benefits from its assets (Grant, 1996b; Nonaka, 1994). The knowledge-based theory understands a capability as a directed application of knowledge in a firm’s activities (Grant, 1996b; Nonaka, 1994). In the context of digitalization, firms require IT capabilities based on knowledge of how to capitalize on IT assets (Lee et al., 2015). Digital servitization research finds that IT capabilities are critical for identifying, adapting, and exploiting IT-enabled service innovations (Johansson et al., 2019). Still, little extant research informs firms that undergo digital servitization about which IT capabilities can help to strengthen their competitive advantage (Coreynen et al., 2017). Even though IT capabilities may be necessary for success in innovating IT-enabled services, the required knowledge needs to be disseminated effectively throughout an organization (Foss et al., 2014; Grant, 1996a; Nonaka, 1994). The organizational control theory offers a theoretical perspective about knowledge dissemination mechanisms, which can be horizontal or vertical (Ouchi, 1979). Horizontal knowledge dissemination mechanisms depend on codifying processes in rules or measuring process outputs through indicators, while the locus of exerting these rules and indicators determines the vertical knowledge dissemination. The IT innovation and IT governance literature refers to these knowledge dissemination mechanisms as formalization of IT activities and centralization of IT decision-making (Weill, 2004; Winkler & Brown, 2013; Zmud, 1982). However, how to orchestrate knowledge, particularly for IT capabilities, in firms that undergo digital servitization is not yet clear (Kohtamäki et al., 2019; Münch et al., 2022; Sjödin et al., 2020). Against this background, this dissertation addresses how manufacturers organize their IT capabilities while encountering the transformational drivers of digital servitization by answering the following overarching research question: How can manufacturers organize their IT capabilities to capitalize on digital servitization? (References to be found in the full text):List of abbreviations in synopsis............................................................................................................V Part I: Synopsis of the dissertation..........................................................................................................11 Motivation.......................................................................................................................................12 Research design...............................................................................................................................22. 1Conceptual approach and research objectives....................................................................22. 2Research methodologies and methods................................................................................4 3Structure of the dissertation.............................................................................................................5 3.1Systematization of the papers.............................................................................................5 3.2Paper1: Revisiting the concept of IT capabilities in the era of digitalization....................7 3.3Paper2: Short and sweet –Multiple mini case studies as a form of rigorous case studyresearch...............................................................................................................................9 3.4Paper3: Linking IT capabilities and competitive advantage of servitized business models..........................................................................................................................................11 3.5Paper4: From selling machinery to hybrid offerings –Organizational impact of digitalservitization on manufacturing firms................................................................................11 3.6Paper5: Manufacturers’ IT-enabled service innovation success as a multifacetedphenomenon: A configurational study..............................................................................13 3.7Paper6: The missing piece –Calibration of qualitative data for qualitative comparativeanalyses in IS research......................................................................................................14 3.8Paper7: Prerequisites and causal recipes for manufacturers’ success in innovating ITenabled services................................................................................................................16 4Conclusion.....................................................................................................................................19 4.1Resultssummary...............................................................................................................19 4.2Contributions....................................................................................................................20 4.2.1Theoretical contributions......................................................................................20 4.2.2Methodological contribution................................................................................21 4.2.3Practical contribution............................................................................................21 4.3Limitations and future research........................................................................................22 5References.....................................................................................................................................24 Part II: Papers of the dissertation...........................................................................................................29 Paper1: Revisiting the concept of IT capabilities in the era of digitalization.......................................30 Paper2: Short and sweet –Multiple mini case studies as a form of rigorous case study research.......41 Paper3: Linking IT capabilities and competitive advantage of servitized business model..................64 Paper4: From selling machinery to hybrid offerings –Organizational impact of digital servitization on manufacturing firms......................................................................................................................80 Paper5: Manufacturers’ IT-enabled service innovation success as a multifaceted phenomenon: A configurational study...................................................................................................................108 Paper6: The missing piece –Calibration of qualitative data for qualitative comparative analyses in IS research........................................................................................................................................119 Paper7: Prerequisites and causal recipes for manufacturers’ success in innovating IT-enabled services.....................................................................................................................................................136 Overview of the digital appendix on CD.............................................................................................17

Readiness of IT organisations to implement Artificial Intelligence to support business processes in Gauteng Province, South Africa.

Artificial Intelligence (AI) has emerged as a research field and more particularly studies pertaining to the readiness of organisations to implement AI. Although AI implementation has proliferated across industries, many organisations still struggle to successfully achieve their business goals, associated with AI and Fourth Industrial Revolution (4IR). This study attempts to close this gap, by conducting a deductive case study, and thematic analysis into the readiness of a Gauteng-based IT organisation to implement AI towards achieving their business goals, in line with the benefits associated with 4IR. To achieve this, the researcher draws on the Technology-Organisation-Environment (TOE) framework to reflect on the dimensions and group them into strategy, perception and awareness, challenges, and organisational culture, related to contextual factors. This paper reports on the outcomes of open-ended interviews and focus group discussions involving 31 participants across IT management, senior-, and junior technical staff, about the enabling and hindering factors of AI readiness. The study further offers insights and a research agenda to support IT managers and staff to make informed decisions towards increasing their readiness to implement A

Cyber risk assessment in small and medium-sized enterprises: A multilevel decision-making approach for small e-tailors

The role played by information and communication technologies in today's businesses cannot be underestimated. While such technological advancements provide numerous advantages and opportunities, they are known to thread organizations with new challenges such as cyberattacks. This is particularly important for small and medium-sized enterprises (SMEs) that are deemed to be the least mature and highly vulnerable to cybersecurity risks. Thus, this research is set to assess the cyber risks in online retailing SMEs (e-tailing SMEs). Therefore, this article employs a sample of 124 small e-tailers in the United Kingdom and takes advantage of a multi-criteria decision analysis (MCDA) method. Indeed, we identified a total number of 28 identified cyber-oriented risks in five exhaustive themes of “security,” “dependency,” “employee,” “strategic,” and “legal” risks. Subsequently, an integrated approach using step-wise weight assessment ratio analysis (SWARA) and best–worst method (BWM) has been employed to develop a pathway of risk assessment. As such, the current study outlines a novel approach toward cybersecurity risk management for e-tailing SMEs and discusses its effectiveness and contributions to the cyber risk management literature