An Overview of Economic Approaches to Information Security Management

The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions

Gaining Depth: State of Watershed Investment 2014

Last year, governments, businesses, and donors channeled $12.3 billion (B) toward nature-based solutions to the global water crisis. Water users and public funders were paying land managers to repair and protect forests, wetlands, and other natural systems as a flexible, costeffective strategy to ensure clean and reliable water supplies, resilience to natural disasters, and sustainable livelihoods. These deals paid for watershed protection and restoration across more than 365 million (M) hectares (ha) worldwide in 2013, an area larger than India.The value of investment in watershed services1 (IWS) - referring to funding for watershed restoration or protection that delivers benefits to society like aquifer recharge or erosion control - has been growing at anaverage rate of 12% per year. The number of operational programs grew by two thirds between 2011 and 2013, expanding in both scale and sophistication as program developers introduced new tools to track returns on watershed investment, coordinated efforts across political boundaries, and delivered additional benefits like sustainable livelihoods and biodiversity protection

Evaluation of the applicability of investment appraisal techniques for assessing the business value of IS services.

There is a consensus among academics and practitioners that ICT investments should be carefully justified, measured and controlled. This is not different for the development of a service architecture or the development of particular services as such. In practice, the traditional capital investment appraisal techniques (CIAT’s) such as payback period or net present value are by far the most used techniques for assessing the feasibility of ICT investments. Nevertheless, serious doubts about the fitness of these techniques in a service based value net environment arise. Value nets have special characteristics such as high flexibility and agility, re-use of services,… that makes the use of these techniques very difficult and the reliability of the outcome most uncertain. Efforts are made to find more appropriate techniques. In the past, CIAT’s have been adjusted so that these techniques become more reliable in an ICT environment and new justification methods and techniques have been developed. However neither these adjusted techniques nor the new techniques are frequently used. This might be explained by the fact that the outcome of these techniques is difficult to interpret and to use and the fact that some significant problems (like the estimation of hidden costs) remain unsolved. Moreover, most of the new techniques are still in the conceptual phase. In this paper we evaluate these adjusted and new techniques in the light of service oriented architectures. We will argue that non of the techniques offers a good solution for assessing the business value of IS services. Despite the existence of a wealth of literature, the IS community appears to be no nearer to a solution to many problems associated with ICT appraisal. This is potentially problematic when dealing with investments in emerging technology such as IS services or service architectures. Since all techniques presented in the article have their drawbacks, it is safe to say that reliance on a sole technique may lead to sub-optimalisation or even failure. Therefore it makes sense to use a mixture of techniques, eliminating or diminishing the weaknesses of each of the techniques used. We strongly recommend a multi-layer evaluation process, or an evaluation process derived from the balanced scorecard, for the appraisal of investments in services or service architectures.

Internationalization strategies of companies in the wine industry in Portugal – context, forms of action and performance.

This research project aims to analyze the competitive environment of companies in the wine sector in Portugal and assess the implications in the development of contingent strategic guidelines and different performances.Proposes to apply the methodological framework the IKST – Integrated Key for Strategic Thought for international expansion. The research was carried out at two levels: at a preliminary level – a general characterisation was made of the companies as to their resources, and at a central level – the examination of the strategic aspect of the companies was carried out. The research involved the collection of primary data (survey of 164 companies in the sector) and secondary data (from documentary nature). Explores the strategic aspect, analyzing the sector in terms of global and national context, in order to design a diagnostic context of action, using the models of PEST and 5 Forces. Identifies, based on various statistical techniques, the adopted style of strategic thought and the profile in terms of contextual variables, as well as the underlying economic performance

Towards guidelines for building a business case and gathering evidence of software reference architectures in industry

Background: Software reference architectures are becoming widely adopted by organizations that need to support the design and maintenance of software applications of a shared domain. For organizations that plan to adopt this architecture-centric approach, it becomes fundamental to know the return on investment and to understand how software reference architectures are designed, maintained, and used. Unfortunately, there is little evidence-based support to help organizations with these challenges. Methods: We have conducted action research in an industry-academia collaboration between the GESSI research group and everis, a multinational IT consulting firm based in Spain. Results: The results from such collaboration are being packaged in order to create guidelines that could be used in similar contexts as the one of everis. The main result of this paper is the construction of empirically-grounded guidelines that support organizations to decide on the adoption of software reference architectures and to gather evidence to improve RA-related practices. Conclusions: The created guidelines could be used by other organizations outside of our industry-academia collaboration. With this goal in mind, we describe the guidelines in detail for their use.Peer ReviewedPostprint (published version

GLOBALIZATION AND INTERNATIONAL EXPANSION STRATEGIES OF THE WINE SECTOR COMPANIES IN PORTUGAL

This research aims to analyze the competitive environment of companies in the wine sector in Portugal and assess the implications in the development of contingent strategic guidelines and different performances. Proposes to apply the methodological framework IKST – Integrated Key for Strategic Thought for international expansion. The research was carried out at two levels: at a preliminary level – a general characterisation was made of the companies as to their resources, and at a central level – the examination of the strategic aspect of the companies was carried out. The research involved the collection of primary data (survey of 164 companies in the sector) and secondary data (from documentary nature). Explores the strategic aspect, analyzing the sector in terms of global and national context, in order to design a diagnostic context of action, using the models of PEST and 5 Forces. Identifies, based on various statistical techniques, the adopted style of strategic thought and their profile in terms of contextual variables, as well as the underlying economic performance

"SMEs, Information Risk Management, and ROI"

Recent research in the area of standards accreditation has shown that the rate of take up of the ISO27001 (Information Security Management) by organisations been disappointing in many Western countries, compared to the picture emerging in Asia, and the rollout of previous international standards that relate to information management, such as ISO9001. In this paper, a researcher and a practitioner from the UK investigate possible reasons for a lesser interest in pursuing certification for organisational Information Security Management Systems (ISMS) across Western countries. They also share their perceptions and concerns that current attitudes of UK of small businesses regarding complying with standards and legislation means that they may be taking unnecessary risks with their corporate and personal data under the possibly misguided notion that other priorities are more important during these current recessionary times. The authors use an economics-based approach in proposing a solution to the problem. On the one hand they review the research that has provided methods for putting a figure on the value of corporate and personal data in larger organisations, and applying the principles of managing information risk as appropriate to SMEs. On the other hand they look at economics-related issues such as market pressure, insurance, outsourcing, and the legal and regulatory matters regarding privacy of personal data. The result provides a case for showing SMEs that, apart from the moral matter of being “good for the business”, there are very sound economic reasons for an SME developing an ISMS and getting ISO27001 certified

Assessing the economic impact of public industrial policies: an empirical investigation on subsidies.

Empirical literature findings do not provide a clear-cut interpretation of the effects of public aid on firms’ performances. We contribute to this literature analysing the effects of public regional subsidies on investment using a new dataset covering all the firms in the Italian province of Trento, along with a record of public aid granted in the last 15 years. We find permanent positive effects of aid on firms’ size, but no effect is found on factor substitution, nor on technical change. Moreover, subsidies do not improve either profitability or productivity. These results help better define the scope for local aid.regional policy; public subsidies; propensity score matching

Evaluating cost taxonomies for information systems management

The consideration of costs, benefits and risks underpin many Information System (IS) evaluation decisions. Yet, vendors and project-champions alike tend to identify and focus much of their effort on the benefits achievable from the adoption of new technology, as it is often not in the interest of key stakeholders to spend too much time considering the wider cost and risk implications of enterprise-wide technology adoptions. In identifying a void in the literature, the authors of the paper present a critical analysis of IS-cost taxonomies. In doing so, the authors establish that such cost taxonomies tend to be esoteric and difficult to operationalize, as they lack specifics in detail. Therefore, in developing a deeper understanding of IS-related costs, the authors position the need to identify, control and reduce IS-related costs within the information systems evaluation domain, through culminating and then synthesizing the literature into a frame of reference that supports the evaluation of information systems through a deeper understanding of IS-cost taxonomies. The paper then concludes by emphasizing that the total costs associated with IS-adoption can only be determined after having considered the multi-faceted dimensions of information system investments