Value focused approach to information systems risk management

Information Systems (IS) risk management is a challenge to every organization, in that they are exposed to cyber-attacks that bypass physical barriers. Organizations increase online business in order to remain competitive, but as a consequence their online exposure becomes greater. However their risk management practices and governance are inadequate in the face of increasing new threats and vulnerabilities. This paper presents a Multi- Objective Decision Model for assessing Information Systems Risks. The decision model is based on the values and perceptions of stakeholders. It uses the Value-Focused Thinking approach, as opposed to the predominant Alternative-Focused Thinking. The objectives serve as a basis for decision making in the context of Information Systems risk management in complex managerial situationsinfo:eu-repo/semantics/publishedVersio

Valuation and optimization of the impact of intellectual capital on organizational performance

Intellectual capital is the pre-eminent resource for creating economic wealth. Tangible assets such as property, plant and equipment continue to be important factors in the production of both goods and services. However, their relative importance has decreased over time as the importance of intangible, knowledge-based assets has increased in developing and maintaining a competitive advantage, value creation and competitiveness. This paper prescribes policies for optimizing intangible assets such as In­tellectual Capital or, in other words, how and where the organization should invest, with minimum effort, in order to improve its market value and competitiveness in the technology-driven world

Assessing the objectives of dry ports : main issues, challenges and opportunities in Brazil

Purpose: The purpose is to identify the main characteristics of dry ports (DPs) in Brazil, discussing the role of this logistic player, challenges and opportunities. Furthermore, this study provides a structured framework to drive DP decision-makers, identifying and assessing a network of means–end objectives, which could be replicable to other contexts. Design/methodology/approach: This article approached initially a literature review and exploratory research to discuss the main characteristics of DPs in Brazil. The second step was to conduct a qualitative analysis following the value-focused thinking (VFT) approach in two case studies in Pernambuco state to assess the achievement of the main objectives. Findings: This article identified that the main characteristics of DPs in Brazil are offering additional services with a cheaper storage cost, handling mainly import cargo and being connected to seaports through highways. Moreover, this study resulted in a framework to assess the objectives of DPs, which could be replicable in other contexts, improving the current operations of DPs. Practical implications: The framework to assess DPs' objectives bridged the gap between the literature and the practice working as a tool to drive decision-makers to improve the current performance of DPs in Brazil. Additionally, the main issues, challenges and opportunities discussed provide managers, policymakers and DPs operators with valuable insights into this theme. Originality/value: This paper is the first study to present a framework to assess the objectives of DPs as a valuable tool to drive decision-makers to improve DPs operations. From this study, lessons could be learned and the process described could be replicable in other countries

Value focused assessment of cyber risks to gain benefits from security investments

Doutoramento em GestãoCom a multiplicação de dispositivos tecnológicos e com as suas complexas interacções, os ciber riscos não param de crescer. As entidades supervisoras estabelecem novos requisitos para forçar organizações a gerir os ciber riscos. Mesmo com estas crescentes ameaças e requisitos, decisões para a mitigação de ciber riscos continuam a não ser bem aceites pelas partes interessadas e os benefícios dos investimentos em segurança permanecem imperceptíveis para a gestão de topo. Esta investigação analisa o ciclo de vida da gestão de ciber risco identificando objectivos de mitigação de ciber risco, capturados de especialistas da área, prioritizando esses objectivos para criar um modelo de decisão para auxiliar gestores de risco tendo em conta vários cenários reais, desenvolvendo um conjunto de princípios de gestão de risco que possibilitam o estabelecimento de uma base para a estratégia de ciber risco aplicável e adaptável às organizações e finalmente a avaliação dos benefícios dos investimentos em segurança para mitigação dos ciber riscos seguindo uma abordagem de melhoria contínua. Duas frameworks teóricas são integradas para endereçar o ciclo de vida completo da gestão de ciber risco: o pensamento focado em valor guia o processo de decisão e a gestão de benefícios assegura que os benefícios para o negócio são realizados durante a implementação do projecto, depois de tomada a decisão para investir numa solução de segurança para mitigação do ciber risco.With the multiplication of technological devices and their multiple complex interactions, the cyber risks keep increasing. Supervision entities establish new compliance requirements to force organizations to manage cyber risks. Despite these growing threats and requirements, decisions in cyber risk minimization continue not to be accepted by stakeholders and the business benefits of security investments remain unnoticed to top management. This research analyzes the cyber risk management lifecycle by identifying cyber risk mitigation objectives captured from subject matter experts, prioritizing those objectives in a cyber risk management decision model to help risk managers in the decision process by taking into account multiple real scenarios, developing the baseline of cyber risk management principles to form a cyber risk strategy applicable and adaptable to current organizations and finally evaluating the business benefits of security investments to mitigate cyber risks in a continuous improvement approach. Two theoretical frameworks are combined to address the full cyber risk management lifecycle: value focused thinking guides the decision process and benefits management ensures that business benefits are realized during project implementation, after the decision is taken to invest in a security solution to mitigate cyber risk.info:eu-repo/semantics/publishedVersio

Individual values of GenZ in managing their Internet Privacy: a decision analytic assessment

A nossa investigação coloca a importância dos valores individuais como o centro de qualquer discussão sobre questões de privacidade. Os valores têm um papel essencial no discurso científico. Notamos que o conceito de valores é um dos poucos discutidos e utilizados em várias disciplinas das ciências sociais. Para isso, nesta investigação, apresentamos objetivos baseados em valores para a privacidade na Internet da GenZ. Os objetivos são classificados em duas categorias - os objetivos fundamentais e os meios para os atingir. Em síntese, os nossos seis objetivos fundamentais orientam a gestão das questões de privacidade da Internet da GenZ. Os objetivos são: Aumentar a confiança nas interações online; Maximizar a responsabilidade dos detentores de dados; Maximizar o direito à privacidade; Maximizar a capacidade individual de gerir o controlo da privacidade; Maximizar a percepção da funcionalidade da plataforma; Garantir que os dados pessoais não são alterados. Coletivamente, os objetivos fundamentais e de meios são uma base valiosa para a GenZ avaliar a sua postura de privacidade. Os objetivos também são úteis para que as empresas de media social e outras plataformas relacionadas elaborem as suas políticas de privacidade de acordo com o que a GenZ deseja. Finalmente, os objetivos são uma ajuda útil para o desenvolvimento de leis e regulamentos; Individual values of GenZ in managing their Internet Privacy: a decision analytic assessment Abstract: Online privacy is a growing concern. As individuals and businesses connect, the problem of privacy continues to remain significant. In this thesis, we address three primary questions - What are the individual values of GenZ concerning online privacy? What are the fundamental objectives of GenZ in terms of protecting their online privacy? What are the means objectives GenZ consider for protecting their online privacy? We argue that online privacy for GenZ is vital to protect. We also argue that protection can be ensured if we understand and know what privacy-related values behold GenZ and define their objectives accordingly. Our research brings the importance of individual values to be central to any discussion of privacy concerns. Values have an essential place in scientific discourse. We note that the concept of values is one of the very few discussed and employed across several social science disciplines. To that effect, in this research, we present value-based objectives for GenZ internet privacy. The objectives are classified into two categories – the fundamental objectives and the means to achieve them. In a final synthesis, our six fundamental objectives guide the management of GenZ Internet Privacy Concerns. The objectives are: Increase trust in online interactions; Maximize responsibility of data custodians; Maximize right to be left alone; Maximize individual ability to manage privacy controls; Maximize awareness of platform functionality; Ensure that personal data does not change. Collectively our fundamental and means objectives are a valuable basis for GenZ to evaluate their privacy posture. The objectives are also helpful for the social media companies and other related platforms to design their privacy policies according to the way GenZ wants. Finally, the objectives are a helpful policy aid for developing laws and regulations

Exploring decision making processes in-situ, in-actu, in-toto: an empirical study of decision-making processes in medium software development projects

Organisational projects, a multifaceted socio-technical phenomenon that evolve in plural contexts often characterised by a high degree of interconnectedness, have become ubiquitous in strategy delivery. The traditional project management literature emphasises the significance of project and organisational objectives to project success, yet it is not clear how these objectives guide action at project level. Aiming to fill the gap, this empirical research studied project decision-making in two organisations with strong rational orientation that communicate strategic direction through objectives hierarchies, and define and manage projects by objectives. To study decision-making practices in project praxis, this thesis introduces the concept of a “decision site” as an area shaped by a triad of mutually constituting practitioners, sociomaterial context and decisionmaking practices, as well as the concept of “praxis domains” used to analyse entwinement between decision-making practices and sociomaterial context. The environment and participants’ perception was analysed based on semi-structured interviews with practitioners, review of existing organisational documentation, and daily project meetings were audio recorded through silent observation. Twenty eight decision episodes were identified and described in their organisational project context. Two process representations aided analyses of decision episodes, one tracing discursive reference to praxis domains, and the other diagramming decision-making activities which manage a decision site. Decision-making practices of “Neguesstimation” and “Querying Praxis Domains” were defined and differentiated by schemes and degree of entwinement with praxis domains. The thesis findings do not support the notion of project and corporate objectives as being instrumental in project decision-making. Instead, one of the observed practices queries praxis domains as proxies for complex hierarchies of organisational objectives and constructs decision site imbued with local practical logic. The thesis argues that practical logic could be successfully employed in aligning project level activities to complex and dynamic organisational context and suggests potential for development of practice based decision-making approaches

Modelo para a implantação da computação em nuvem na administração pública municipal

Tese de Doutoramento em Tecnologias e Sistemas de InformaçãoA computação em nuvem (CN) é um serviço no qual os consumidores têm à sua disposição recursos computacionais através da Internet, pagando apenas pelo que consomem. Além da racionalização dos custos nos investimentos em tecnologia da informação (TI), a CN pode vir a trazer outros benefícios como a promoção da inovação, aumento da eficiência das organizações e a melhoria dos processos de negócio. Entretanto, diversos estudos identificam uma série de desafios a serem observados na adoção desta tecnologia. A implantação desta solução envolve um processo de tomada de decisão, onde as vantagens e os riscos devem ser ponderados para que se possam alcançar os benefícios e as melhorias almejados. As organizações públicas governamentais estão sujeitas a uma série de restrições como a adequação a legislação local, proteção da confidencialidade dos dados dos cidadãos e adequação às características locais que transcendem as questões estritamente técnicas da tecnologia. Neste caso, os desafios tornamse mais complexos, pois além dos desafios inerentes à solução tecnológica, deve-se buscar uma compatibilização com as especificidades da área. Esta investigação está focada no desenvolvimento de um instrumento que permita auxiliar as organizações de administração pública municipal no processo de tomada de decisão da implantação da computação em nuvem. O instrumento proposto objetiva proporcionar a ampliação do leque de alternativas na implantação da computação em nuvem no ambiente de organizações de governo, preparando um cenário favorável para a implantação desta tecnologia a partir de um processo de análise que privilegia as considerações dos gestores envolvidos no processo de tomada de decisão. As proposições deste modelo foram desenvolvidas em uma investigação científica realizada na Prefeitura Municipal de Salvador, Estado da Bahia, Brasil, de onde foram obtidas as experiências que contribuiram para o aprimoramento deste instrumento. Nesta investigação, foi empregada uma abordagem qualitativa, de natureza construtivista social interpretativa desenvolvida a partir do método de pesquisa “Pesquisa Desenho Ação” (ADR - Action Design Research) ao promover a geração de conhecimento através da construção e avaliação dos artefatos de TI em um ambiente organizacional. A abordagem teórica “Pensamento Centrado nos Valores” (VFT - Value Focused Thinking ) foi empregada para obter uma descrição e interpretação do problema e a reflexão do investigador ao incluir a opinião dos participantes.Cloud Computing (CC) is a service in which consumers have access to computing resources over the Internet in a pay-as-you-go model. In addition to analyzing costs in Information Technology (IT) investments, CC can offer other benefits such as promoting innovation, increased efficiency in organizations, and improved business processes. However, several studies identify a number of challenges to be observed in adopting this technology. The implementation of this solution involves a decision-making process where the advantages and risks must be weighed so that the desired benefits and improvements can be achieved. Public government organizations are subject to a series of restrictions such as the adequacy of local legislation, protection of the confidentiality of citizens' data and the adaptation of local characteristics that transcend the strictly technical issues of the technology itself. In this case, the challenges become more complex, because in addition to the challenges inherent to the technological solution, one must seek compatibility with the specificities of the area. This investigation focuses on developing a means that allows public organizations to help in the decisionmaking process of implementing cloud computing. The proposed tool provides the expansion of the range of alternatives in the deployment of cloud computing in the environment of municipal government organizations, preparing a favorable scenario for the implementation of this technology based on an analytical process that favors the considerations of the managers involved in the decision-making process. The theoretical proposals of this model were developed in a scientific research in the municipal government of Salvador, Bahia, Brazil, where the results were obtained that contributed to the improvement of this tool. In this research, a qualitative, constructivist, interpretive social approach was developed based on the research method "Action Design Research" (ADR) in promoting the generation of knowledge through the construction and evaluation of IT artifacts in one organizational environment. The theoretical approach "Value-Focused Thinking" (VFT) was used to obtain a description and interpretation of the problem and the reflection of the researcher by including the opinion of the participants

Value-focused negotiation versus integrative mindset: Reducing fixed-pie perceptions in integrative negotiations

Companies and individuals alike are eager for guidance on how to negotiate more effectively and often look to academics to translate the current state of knowledge for their own purposes. There is limited knowledge about why some negotiators suffer from the fixed-pie assumption while others can avoid this bias. The fixed-pie assumption is a misconception in which one party assumes, without verifying, that the objectives of both parties conflict. Given the frequency and importance of business negotiations, combined with various theories that claim to contribute to improving negotiation performance, a comparison of existing theories – at best, the falsification of one or more theories – is relevant to businesses. This thesis aims to test and compare two theories, the scale for integrative mindset by Ade et al. (2020) and the value-focused thinking technique of identifying objectives by Keeney (1992), both of which claim to affect integrative negotiation performance. These theories have not yet been experimentally tested and compared to determine whether and in what combination their application generates superior outcomes in integrative business negotiations in the context of labour negotiations. To compare these theories, this research applies a deductive method of empirical testing in a laboratory experiment. To test and compare the two theories, a definition of business negotiation outcomes is first derived consisting of the Pareto efficiency of the individual economic outcome, the Pareto efficiency of the joint economic outcome, and the subjective value inventory of the counterpart. These business negotiation outcome indicators are supplemented by the integrative negotiation behaviours recommended by Weingart (1996) to form the framework of business negotiation performance. Linear regression analyses reveal no significant effect of the score of the scale for integrative mindset on negotiation performance indicators. Analyses between the independent variable of the value-focused thinking technique of identifying objectives and the dependent variables of integrative negotiation performance indicators suggest that applying the value-focused thinking technique of identifying objectives has a significant effect on the subjective value inventory of the counterpart. Considering the findings of Curhan et al. (2010) that subjective values impact objective values in subsequent negotiations, the findings of this study can be utilised to create both subjective and economic value in recurring negotiations. Additionally, this study mainly supports and extends the results of Weingart (1996). This thesis provides original insights into the scale for integrative mindset by Ade et al. (2020) and Keeney’s (1992) value-focused thinking technique of identifying objectives. As this study mainly supports Weingarts’ (1996) integrative behaviours as predictors of the Pareto efficiency of the individual economic outcome and joint economic outcome and indicates that the application of the value-focused thinking technique is a predictor of the counterpart’s subjective value inventory, this study effectively identifies a combination of methodologies to address all defined negotiation objectives. Furthermore, this thesis provides a basis for future research opportunities for redefining the scale for integrative mindset and offers suggestions for further research on the combinations of methodologies and indicators for improving negotiation performance