Will the Information Security Industry Die? Applying Social Network Analysis to Sturdy Industry Convergence

In this paper, we first analyze the trends in mergers and acquisitions (M&As) activities among information security firms and other information technology (IT) firms in the US over the period 1996 to 2008. We then use social network analysis to investigate the characteristics and underlying dynamics of these M&As activities. Our results reveal an increase in cohesiveness of 200% in the network linking the information security firms and the IT firms considered in our analysis. This, in turn, implies a move towards industry convergence. In particular, we show that acquisitions of identity and access management (IAM) firms have become more central to M&As by IT firms in the US since 2004, reflecting an increasing trend among IT firms to integrate IAM technologies within their products

Has Decreasing Innovation Hurt the Stock Price of Information Security Firms? A Time Series Analysis

Prior research has shown that information security breaches are beneficial to the stock price of information security firms, around the time that these security breaches are announced. We, however, show that the overall trend in the market value of information security firms has actually been stagnating, despite an increasing number of security threats that exploit vulnerabilities in information systems. We attribute this decrease in the stock price of information security firms, after controlling for overall market conditions, to insufficient innovation on the part of information security firms. We apply time series regression methods to analyze the relationship between R&D intensity and the stock price of information security firms. This empirical work provides a plausible explanation for the decrease in the stock price of information security firms, despite high demand for their products and services

Web Accessibility as a Barrier to Successful Digital Governance: A Case Study of the Arabian Gulf Region

Conformance to web accessibility standards is crucial to successful digital governance. Examining the state of Web accessibility compliance in the state of Qatar, a fast growing digital economy with the world\u27s highest per capita GDP has many lessons for emerging economies. Our audit of a selected sample of websites across government and other sectors suggests the need to raise awareness among executives and other key stakeholders regarding Web accessibility and to develop best practices and an improved policy framework. To better understand the barriers to adoption of Web accessibility standards in the country, we interviewed 30 CIOs and senior information technology managers. The results suggest a need for stronger regulations, since organizations will not otherwise comply due to concerns that enforcement of accessibility standards results in increased website development time and costs and undermines usable website design and management, particularly with multilingual websites

Human Error and Privacy Breaches in Healthcare Organizations: Causes and Management Strategies

We apply Reason’s GEMS typology to study privacy breach incidents in healthcare organizations. An interpretive analysis of transcripts of interviews with privacy officers of healthcare organizations in the U.S. Midwest helps discern the underlying causes of human error and develop a framework for error management. The study finds that organizational factors causing human error constitute a greater impediment to HIPAA Privacy Rule compliance than do human factors

Applying the Cox Model to Study Online Gambling Behavior

Although a key objective of Internet gambling service providers is player retention, there is a concomitant need to reduce the social costs of gambling. Our study shows how habit and prospect theories help build an integrative framework for decision support in regulated Internet gambling environments. To illustrate the practical implication of this framework, we applied the Cox model with time-dependent covariates on real gambling data collected from 4,222 users of a gambling website. The results help establish the positive association of key indicators such as the prior outcomes on the activity lifespan of an Internet gambler and the moderating effect of gambling frequency on the positive association between prior outcomes and gambling lifespan. This research is expected to contribute to the literatures on IT adoption and diffusion in general, and IT-based addictive behavior in particular

Scaffolding Case Analysis Writing: A Collaboration between Information Systems and Writing Faculty

In this paper, we present a collaboration between writing professors and an information systems (IS) professor to scaffold case analysis writing at an American English-medium branch campus in the Middle East. We describe our process for revising the professor’s writing assignment to make his expectations more explicit and for creating scaffolding materials that we delivered in classroom workshops to assist students’ pre-writing. We provide insights about the positive impact of the writing workshops on students’ writing from an end-of-semester interview with the professor and from interviews with students about their perceptions of the workshops and the personalized feedback they received

Building fuzzy front-end decision support systems for new product information in global telecommunication markets: A measure theoretical approach

In today's highly competitive business environment, innovation and new product introduction are recognized as the sustaining forces of corporate success. The early phases of new product development, collectively known as the 'front-end', are crucial to the success of new products. Building a fuzzy front-end decision support system, balancing the needs for analytical soundness and model robustness while incorporating decision-maker's subjectivity and adaptability to different business situations, is a challenging task. A process model and a structural model focusing on the different forms of uncertainties involved in new product introduction in a global telecommunication market are presented in this dissertation. Fuzzy measure theory and fuzzy set theory are used to build a quantitative model of the executive decision-process at the front-end. Solutions to the problem of exponential complexity in defining fuzzy measures are also proposed. The notion of constrained fiizzy integrals demonstrates how the fuzzy measure-theoretical model integrates resource allocation in the presence of project interactions. Forging links between business strategies and expert evaluations of critical success factors is attempted through fuzzy rule-based techniques in the framework of the proposed model. Interviews with new product managers of several American business firms have confirmed the need for building an intelligent front-end decision support system for new product development. The outline of a fuzzy systems development methodology and the design of a proof-of-concept prototype serve as significant contributions of this research work toward this end. In the context of executive decision making, a usability inspection of the prototype is carried out and results are discussed. A computational analysis, based upon methods of tactical systems simulation, measures the rank order consistency of the fuzzy measure theoretical approach in comparison with two competing fuzzy multiple attribute decision models under structural variations of the underlying models. The results demonstrate that (1) the modeling of the fuzzy numbers representing the linguistic variables, (2) the selection of the granularity of the linguistic scales, and (3) the selection of the model dimensions significantly affect the quality of the decisions suggested by the decision aid. A comprehensive plan for future validation of the decision aid is also presented

Valuing the flexibility of investing in security process innovations

In this paper, we develop a decision model of a firm's optimal strategy for investment in security process innovations (SPIs) when confronted with a sequence of malicious attacks. The model incorporates real options as a methodology to capture the flexibility embedded in such investment decisions. SPIs, when seamlessly integrated with the organization's overall business dynamics, induce organizational learning and provide the flexibility of switching to more suitable technologies as the environment of malicious attacks changes. The theoretical contribution of this paper is a mathematical model of the invest-to-learn and switching options generated upon early investment in flexible SPIs. The practical significance of the paper is the application of a binomial lattice model to approximate the continuous-time model, resulting in an easy to use decision aid for managers.Information security Investment analysis Cost-benefit analysis Real options theory Dynamic programming Security process innovations

Modeling Attitude to Risk in Human Decision Processes: An Application of Fuzzy Measures

Several models of the human decision process have been proposed, classical examples of which are utility theory and prospect 11 theory. In recent times, the theory of fuzzy measures and integrals has emerged as an alternative meriting further investigation. Specifically, we are interested in the degrees of disjunction and conjunction and the veto and favor indices that represent the 13 tolerance measure of the decision maker. Though several theoretical expositions have appeared in contemporary literature, empirical studies applying these concepts to the realworld are scarce. In this paper,we adopt a model of strategic telecommunication investment 15 decisions from a research work involving a survey of executives. In our first study, we built fuzzy models corresponding to each individual decision maker and grouped the results based on the decision makers’ propensity to risk determined by their degrees of 17 disjunction.We then pooled the data sets from each group and analyzed the Shapley indices and the interaction effects. To contrast our approach to those of conventional nomothetic comparisons of decision policies, we grouped the decision makers based on a 19 clustering analysis of the individual linear regression models. For each cluster we pooled the data and analyzed the fuzzy measures learned from the data set. Our study not only serves as a demonstration of fuzzy measure analysis as a viable approach to studying 21 qualitative decision making but also provides useful methodological insights into applying fuzzy measures to strategic investment decisions under risk