Metadata-Based Integration of Qualitative and Quantitative Information Resources Approaching Knowledge Management

This paper presents a concept for the integration of quantitative and qualitative information sources with their accompanying management support functionalities from navigation and retrieval up to analysis and business intelligence. The integration is realized by a common keyword-based metadata base, retrievable and extendible by the end user on a web-based platform. This enables a dynamic acquisition of supplementary information on the usage, usability and benefit of basic and derived information objects, e.g. data warehouses, data marts, OLAP cubes, reports or (textual) documents. Being extended by functions to automatically catch contextual links during system usage, the concept is discussed as a contribution to the implementation of knowledge management. The concept is being developed and successfully tested in the practical environment of a reference project for the implementation of an IT-infrastructure to support decentralized decision-making at a German university

A study of employees' attitudes towards organisational information security policies in the UK and Oman

There is a need to understand what makes information security successful in an organization. What are the threats that the organization must deal with and what are the criteria of a beneficial information security policy? Policies are in place, but why employees are not complying? This study is the first step in trying to highlight effective approaches and strategies that might help organizations to achieve good information security through looking at success factors for the implementation. This dissertation will focus on human factors by looking at what concerns employees about information security. It will explore the importance of information security policy in organizations, and employee’s attitudes to compliance with organizations' policies. This research has been divided into four stages. Each stage was developed in light of the results from the previous stage. The first two stages were conducted in the Sultanate of Oman in order to use a population just starting out in the information security area. Stage one started with a qualitative semi-structured interview to explore and identify factors contributing towards successful implementation of information security in an organization. The results suggested a number of factors organizations needed to consider to implement information security successfully. The second stage of the research was based on the first stage’s results. After analysing the outcomes from the semi-structured interviews a quantitative questionnaire was developed to explore for information security policy. The findings did suggest that the more issues the organization covers in their security policy the more effective their policy is likely to be. The more an organization reports adoption of such criteria in their security policy, the more they report a highly effective security policy. The more the organization implements the ‘success factors’ the more effective they feel their security policy will be. The third stage was conducted in the UK at Glasgow University because employees are somewhat familiar with the idea of information security. It was based on the findings derived from the analysis of the quantitative questionnaire at stage two. The findings revealed different reasons for employee’s non-compliance to organization security policy as well as the impact of non-compliance. The fourth stage consolidates the findings of the three studies and brings them together to give recommendations about how to formulate a security policy to encourage compliance and therefore reduce security threats