Shaping Strategic Information Systems Security Initiatives in Organizations

Strategic information systems security initiatives have seldom been successful. The increasing complexity of the business environment in which organizational security must be operationalized presents challenges. There has also been a problem with understanding the patterns of interactions among stakeholders that lead to instituting such an initiative. The overall aim of this research is to enhance understanding of the issues and concerns in shaping strategic information systems security initiative. To be successful, a proper undertaking of the content, context and process of the formulation and institutionalization of a security initiative is essential. It is also important to align the interconnections between these three key components. In conducting the argument, this dissertation analyzes information systems security initiatives in two large government organizations – Information Technology Agency and Department of Transportation. The research methodology adopts an interpretive approach of inquiry. Findings from the case studies show that the strategic security initiative should be harmonious with the cultural continuity of an organization rather than significantly changing the existing opportunity and constraint structures. The development of security cultural resources like security policy may be used as a tool for propagating a secure view of the social world. For secure organizational transformation, one must consider the organizational security structure, knowledgeability of agents in perceiving secure organizational posture, and global security catalysts (such as establishing trust relations and security related institutional reflexivity). The inquiry indicates that strategic security change would be successful in an organization if developed and implemented in a brief yet quantum leap adopting an emergent security strategy in congruence with organizational security values

Effectiveness and Efficiency of RFID Technology in Supply Chain Management: Strategic Values and Challenges

In this study, we examine the fundamental components of RFID technology in a comprehensive supply chain strategy that directly support the effectiveness and efficiency of supply chain management. We examine the appropriate business processes affected by the RFID technology, the required planning and examination for successful implementation, and many potential impacts on effectiveness and efficiency of supply chain management. We emphasize on business values and strategic advantages of RFID technology as well as the challenges and recommendations in adoption of the technology particularly when a company extends its supply chain to upstream suppliers and downstream customers, as their external integration needs to gain in capacity planning and in efficiency. Using four major supply chain processes, we highlight economic opportunities and challenges when planning and implementing RFID technology within an existing supply chain framework. We will focus on the capabilities of RFID in providing security, privacy, and integrity of supply chain processes while facilitating sharing information with upstream suppliers and downstream customers, developing alliances, establishing strategic alliances, and gaining competitive advantages

Adaptation of domestic state governance to international governance models

The purpose of the article is to provide the evolving international trends of modern management models and authorial vision of model of state governance system in Ukraine, its subsystems, in particular, the system of provision of administrative services that is appropriate for the contemporary times. Methodology. On the basis of scientific and theoretical approaches to the definitions of terms “state governance” and “public governance”, there was an explanation of considerable difference between them and, taking into consideration, the mentality of Ukrainian society and peculiar weak side in self-organization, the authors offered to form authorial model of governance on the basis of historically traditional for Ukraine model of state governance and to add some elements of management concepts that proved their significance, efficiency and priority in practice. Results. The authors emphasized the following two prevailing modern management models in the international practice: “new state management” and “good governance”. The first concept offered for consideration served as a basis for the semantic content of state activity that reflects more the state of administrative reformation. Practical meaning. A practical introduction of management to the domestic model of governance creates the range of contradictions that do not allow implementing herein concept. Pursuant to authors, the second one allows in considerable measure to reform state governance, considering historically developed peculiarities of this model. Moreover, the involvement of concept herein into introduction of informational and communicational technologies in the process of governance eliminates the necessity of power decentralization, it allows to form real net structure and, at the same, to keep vertical power structure, to involve citizens for formation and taking of management decisions, to form electronic communicational channel of feedback, to provide citizens with electronic administrative services. All indicated advantages of the concept certify about the necessity to reform state governance exactly in this field. Meaning/ Distinction. This article raises a question about the significance of formation and sequence of state policy in Ukraine aimed at creating an information-oriented society, space, as well as informational and technological infrastructure

Net structure of subject-to-subject relations in the management of the system of administrative services provision

The purpose of the work is to form the net structure of management of the system of administrative services provision on the basis of implementation of subject-to-subject interactions between state sector and civil society. Methodology. The methodology basis for the investigation is the abstract-logical analysis of theoretical and methodological backgrounds for management of relations and interactions. For the theoretical generalization and formation of net structure, there are used scientific recommendations of Ukrainian scientists regarding the necessity to implement subject-to-subject relations in the system of administrative services provision. Results. The investigations allowed confirming that the hierarchical structure of the state governance system does not give an opportunity to implement equal interaction between a subject of provision and a subject of an appeal as these relations have one – way communication and the feedback channel has a formal character. Moreover, the civil society is not considered by state sector to be a source of methods and ways to develop the system of state governance, in particular, the management system of administrative services provision. Practical meaning. The net structure of management will allow implementing the subject-subject relations in the system, under which the actions of the subject of provision – that means state sector – will be directed to the realization of rights and interests of the subjects of appeal. In their turn, apart from the performance of all legislative responsibilities that they should perform, they can carry out activities directed to the development of management activity in the system of administrative services provision and the whole system of state governance as an integral system of management. Meaning/Distinction. The provided model of the net structure will allow involving citizens in the processes of state governance and increasing the impact of the civil sector during the making of state and management decisions and, as a result, to confirm subject-to-subject positions in the relations

ERP implementation methodologies and frameworks: a literature review

Enterprise Resource Planning (ERP) implementation is a complex and vibrant process, one that involves a combination of technological and organizational interactions. Often an ERP implementation project is the single largest IT project that an organization has ever launched and requires a mutual fit of system and organization. Also the concept of an ERP implementation supporting business processes across many different departments is not a generic, rigid and uniform concept and depends on variety of factors. As a result, the issues addressing the ERP implementation process have been one of the major concerns in industry. Therefore ERP implementation receives attention from practitioners and scholars and both, business as well as academic literature is abundant and not always very conclusive or coherent. However, research on ERP systems so far has been mainly focused on diffusion, use and impact issues. Less attention has been given to the methods used during the configuration and the implementation of ERP systems, even though they are commonly used in practice, they still remain largely unexplored and undocumented in Information Systems research. So, the academic relevance of this research is the contribution to the existing body of scientific knowledge. An annotated brief literature review is done in order to evaluate the current state of the existing academic literature. The purpose is to present a systematic overview of relevant ERP implementation methodologies and frameworks as a desire for achieving a better taxonomy of ERP implementation methodologies. This paper is useful to researchers who are interested in ERP implementation methodologies and frameworks. Results will serve as an input for a classification of the existing ERP implementation methodologies and frameworks. Also, this paper aims also at the professional ERP community involved in the process of ERP implementation by promoting a better understanding of ERP implementation methodologies and frameworks, its variety and history

Escaping from American intelligence : culture, ethnocentrism and the Anglosphere

The United States and its closest allies now spend over $100 billion a year on intelligence. Ten years after 9/11, the intelligence machine is certainly bigger - but not necessarily better. American intelligence continues to privilege old-fashioned strategic analysis for policy-makers and exhibits a technocratic approach to asymmetric security threats, epitomized by the accelerated use of drone strikes and data-mining. Distinguished commentators have focused on the panacea of top-down reform, while politicians and practitioners have created entire new agencies. However these prescriptions for change remain conceptually limited because of underlying Anglo-Saxon presumptions about what intelligence is. Although intelligence is a global business, when we talk about intelligence we tend to use a vocabulary that is narrowly derived from the experiences of America and its English-speaking nebula. This article deploys the notion of strategic culture to explain this why this is. It then explores the cases of China and South Africa to suggest how we might begin to rethink our intelligence communities and their tasks. It argues that the road to success is about individuals, attitudes and cultures rather than organizations. Future improvement will depend on our ability to recognize the changing nature of the security environment and to practice the art of ‘intelligence among the people’. While the United States remains the world’s most significant military power, its strategic culture is unsuited to this new terrain and arguably other countries do these things rather better

Rethinking International Compensation: From Expatriate and National Cultures to Strategic Flexibility

[Excerpt] We are on the verge of a worldwide restructuring of compensation and reward systems. Even long established, seemingly carved-in-granite cultural norms, such as lifetime employment in Japan and industry-wide bargaining in Germany, are weakening in response to the pressures of a global economy. So also are our previously hard-and-fast assumptions about international compensation -- the idea that pay systems should keep expatriates “economically whole” and the notion that local compensation should be tailored to fit national cultures

A Risk-Driven Investment Model for Analysing Human Factors in Information Security

Information systems are of high importance in organisations because of the revolutionary industrial transformation undergone by digital and electronic platforms. A wide range of factors and issues forming the current business environments have created an unprecedented level of uncertainty and exposure to risks in all areas of strategic and operational activities in organisations including IT management and information security. Subsequently, securing these systems, which keep assets safe, serves organisational objectives. The Information Security System (ISS) is a process that organisations can adopt to achieve information security goals. It has gained the attention of academics, businesses, governments, security and IT professionals in recent years. Like any other system, the ISS is highly dependent on human factors as people are the primary concern of such systems and their roles should be taken into consideration. However, identifying reasoning and analysing human factors is a complex task. This is due to the fact that human factors are hugely subjective in nature and depend greatly on the specific organisational context. Every ISS development has unique demands both in terms of human factor specifications and organisational expectations. Developing an ISS often involves a notable proportion of risk due to the nature of technology and business demands; therefore, responding to these demands and technological challenges is critical. Furthermore, every business decision has inherent risk, and it is crucial to understand and make decisions based on the cost and potential value of that risk. Most research is solely concentrated upon the role of human factors in information security without addressing interrelated issues such as risk, cost and return of investment in security. The central focus and novelty of this research is to develop a risk-driven investment model within the security system framework. This model will support the analysis and reasoning of human factors in the information system development process. It contemplates risk, cost and the return of investment on security controls. The model will consider concepts from Requirements Engineering (RE), Security Tropos and organisational context. This model draws from the following theories and techniques: Socio-technical theory, Requirements Engineering (RE), SWOT analysis, Delphi Expert Panel technique and Force Field Analysis (FFA). The findings underline that the roles of human factors in ISSs are not being fully recognised or embedded in organisations and there is a lack of formalisation of main human factors in information security risk management processes. The study results should confirm that a diverse level of understanding of human factors impacts security systems. Security policies and guidelines do not reflect this reality. Moreover, information security has been perceived as being solely the domain of IT departments and not a collective responsibility, with the importance of the support of senior management ignored. A further key finding is the validation of all components of the Security Risk-Driven Model (RIDIM). Model components were found to be iterative and interdependent. The RIDIM model provides a significant opportunity to identify, assess and address these elements. Some elements of ISSs offered in this research can be used to evaluate the role of human factors in enterprise information security; therefore, the research presents some aspects of computer science and information system features to introduce a solution for a business-oriented problem. The question of how to address the psychological dimensions of human factors related to information security would, however, be a rich topic of research on its own. The risk-driven investment model provides tangible methods and values of relevant variables that define the human factors, risk and return on investment that contribute to organisations’ information security systems. Such values and measures need to be interpreted in the context of organisational culture and the risk management model. Further research into the implementation of these measurements and evaluations for improving organisational risk management is required

Balancing employee needs, project requirements and organisational priorities in team deployment

The 'people and performance' model asserts that performance is a sum of employee ability, motivation and opportunity (AMO). Despite extensive evidence of this people-performance link within manufacturing and many service sectors, studies within the construction industry are limited. Thus, a recent research project set out to explore the team deployment strategies of a large construction company with the view of establishing how a balance could be achieved between organisational strategic priorities, operational project requirements and individual employee needs and preferences. The findings suggested that project priorities often took precedence over the delivery of the strategic intentions of the organisation in meeting employees' individual needs. This approach is not sustainable in the long term because of the negative implications that such a policy had in relation to employee stress and staff turnover. It is suggested that a resourcing structure that takes into account the multiple facets of AMO may provide a more effective approach for balancing organisational strategic priorities, operational project requirements and individual employee needs and preferences more appropriately in the future