The duality of Information Security Management: fighting against predictable and unpredictable threats

Information systems security is a challenging research area in the context of Information Systems. In fact, it has strong practical implications for the management of IS and, at the same time, it gives very interesting insights into understanding the process of social phenomena when communication information technologies are deployed in organizations. Current standards and best practices for the design and management of information systems security, recommend structured and mechanistic approaches, such as risk management methods and techniques, in order to address security issues. However, risk analysis and risk evaluation processes have their limitations, when security incidents occur, they emerge in a context, and their rarity and even their uniqueness give rise to unpredictable threats. The analysis of these phenomena which are characterized by breakdowns, surprises and side-effects, requires a theoretical approach which is able to examine and interpret subjectively the detail of each incident. The aim of this paper is to highlight the duality of information systems security, providing an alternative view on the management of those aspects already defined in the literature as intractable problems and this is pursued through a formative context (Ciborra, Lanzara, 1994) that supports bricolage, hacking and improvisation.Information systems security is a challenging research area in the context of Information Systems. In fact, it has strong practical implications for the management of IS and, at the same time, it gives very interesting insights into understanding the process of social phenomena when communication information technologies are deployed in organizations. Current standards and best practices for the design and management of information systems security, recommend structured and mechanistic approaches, such as risk management methods and techniques, in order to address security issues. However, risk analysis and risk evaluation processes have their limitations, when security incidents occur, they emerge in a context, and their rarity and even their uniqueness give rise to unpredictable threats. The analysis of these phenomena which are characterized by breakdowns, surprises and side-effects, requires a theoretical approach which is able to examine and interpret subjectively the detail of each incident. The aim of this paper is to highlight the duality of information systems security, providing an alternative view on the management of those aspects already defined in the literature as intractable problems and this is pursued through a formative context (Ciborra, Lanzara, 1994) that supports bricolage, hacking and improvisation.Articles published in or submitted to a Journal without IF refereed / of international relevanc

A Framework for Managing Predictable and Unpredictable Threats: The Duality of Information Security Management

Information systems security is a challenging research area in the context of Information Systems. In fact, it has strong practical implications for the management of IS and, at the same time, it gives very interesting insights into understanding the process of social phenomena when communication information technologies are deployed in organizations. Current standards and best practices for the design and management of information systems security, recommend structured and mechanistic approaches, such as risk management methods and techniques, in order to address security issues. However, risk analysis and risk evaluation processes have their limitations, when security incidents occur, they emerge in a context, and their rarity and even their uniqueness give rise to unpredictable threats. The analysis of these phenomena which are characterized by breakdowns, surprises and side- effects, requires a theoretical approach which is able to examine and interpret subjectively the detail of each incident. The aim of this paper is to highlight the duality of information systems security, providing an alternative view on the management of those aspects already defined in the literature as intractable problems and this is pursued through a formative context (Ciborra, Lanzara, 1994) that supports bricolage, hacking and improvisation

Digital Platforms as Sources for Organizational and Strategic Transformation: A Case Study of the Midblue Project

The paper is centered on the role of technology and specifically of IT in the recombination of the factors of production. Particularly, the objective is to see how this technology contributes to the formulation of business strategies, the outlining of organizational structures and the alignment with the business environment. A theoretical framework is proposed that combines three perspectives. The first perspective stresses the importance of digital architectures in the modalities through which firms organize for innovation. Second, organization as a platform outlines a scenario for generating multiple organizational forms based on recombination of existent resources, routines and transactions. Third, digital platforms are seen as determinant tools for a dematerialization process that consents to recombine the factors of production for achieving a competitive advantage. The Midblue project provides an illustrative example of how strategy, structure and information technology co-evolve in organizations and how digital platforms can trigger transformation at both strategic and organizational levels.The paper is centered on the role of technology and specifically of IT in the recombination of the factors of production. Particularly, the objective is to see how this technology contributes to the formulation of business strategies, the outlining of organizational structures and the alignment with the business environment. A theoretical framework is proposed that combines three perspectives. The first perspective stresses the importance of digital architectures in the modalities through which firms organize for innovation. Second, organization as a platform outlines a scenario for generating multiple organizational forms based on recombination of existent resources, routines and transactions. Third, digital platforms are seen as determinant tools for a dematerialization process that consents to recombine the factors of production for achieving a competitive advantage. The Midblue project provides an illustrative example of how strategy, structure and information technology co-evolve in organizations and how digital platforms can trigger transformation at both strategic and organizational levels.Articles published in or submitted to a Journal without IF refereed / of international relevanc

To Cloud or not to Cloud. Strategic choices and IT governance in the digital transformation of a University

One late evening on 21st March 2015, Francesca \u2013 Head of Research and Teaching office at The University \u2013 ran the meeting and was hoping that the information and insights collected enabled her to make the right decision. She initiated the meeting by telling the story that few days ago on 15th March, during the presentation of a new digital solution for universities by MG company, she realized how different can be the instructors\u2019 practices in managing teaching materials and interacting with students. She gave examples of tools and functions used by University instructors such as personal webpages, blogs, Moodle, Dropbox, Google Drive, iTunes, WordPress, Facebook groups, Blackboard, etc. Francesca knew how important innovation is in a competitive higher education market. Therefore, Francesca has always been supportive on teaching experiments made by instructors. For instance, in 2007, she encouraged the Information Systems (IS) research group at University in adopting Moodle as a Learning Management System (LMS) for their IS courses. In 2014, the positive feedback collected from both students and instructors who used Moodle, led Francesca to pilot the system at University level. Simone, a member of the IS group, was in charge of the implementation and received full support from the IT Office. After one year, the new learning platform was available for any instructor interested in experimenting the Moodle functionalities. However, during the last exam session, the learning platform was down for few hours. Not only students were unable to access the teaching materials to prepare for the exams, but also professors were unable to assess students works! \u201cWhy not having one platform to support all our teaching practices? One channel to interact with our students\u201d she said. She asked for inputs and insights from a team of experts before making a decision. Francesca\u2019s idea was to have a single Learning Management System (LMS) supporting more than 60 programs in the four University departments. Now the problem was to select a proper technological solution, fitting with the needs of both students and instructors, and also reducing the risk of downtime. Especially knowing that many instructors will not be happy to standardize their practices, she wondered how to convince them to use the new system

A Design Theory for Digital Platforms Supporting Online Communities: A Multiple Case Study

This research proposes and validates a design theory for digital platforms that support online communities (DPsOC). It addresses ways in which digital platforms can effectively support social interactions in online communities. Drawing upon prior literature on IS design theory, online communities, and platforms, we derive an initial set of propositions for designing effective DPsOC. Our overarching proposition is that three components of digital platform architecture (core, interface, and complements) should collectively support the mix of the three distinct types of social interaction structures of online community (information sharing, collaboration, and collective action). We validate the initial propositions and generate additional insights by conducting an in-depth analysis of an European digital platform for elderly care assistance. We further validate the propositions by analyzing three widely used digital platforms, including Twitter, Wikipedia, and Liquidfeedback, and we derive additional propositions and insights that can guide DPsOC design. We discuss the implications of this research for research and practice

THE BRIGHT AND DARK SIDE OF FINANCIAL SERVICES ECOSYSTEM

In this brief contribution we focus on the co-evolution of cybercrime and cybersecurity practices in the banking and financial sector. We draw on previous studies on outlaw innovation and organizational morphing to reconstruct the parallel and mutually influenced evolution of the bright and dark side of financial services. We identify five phases from the late 90s to the post-2015 period that show the paired configuration in actors, techniques, collaborative actions, and venues in the morphing of the two opposing sides. This paper constitutes the first step towards a broader empirical analysis on the generativity of opposing forces in digital ecosystems

Fostering informal learning at the workplace through digital platforms and information infrastructures

Increasing attention is paid to organisational learning as it is widely regarded that the success of contemporary organisations is strongly contingent on its ability to learn and grow. Importantly, informal learning is argued to be even more significant than formal learning initiatives. Given the widespread use of digital technologies in the workplace, what requires further attention is how digital technologies enable informal learning processes. Drawing from Complex Adaptive Systems (CAS) theory, in this paper we advance a conceptual model for examining this important topic. The two dimensional matrix presented provides a framework for both further research on digital artefacts used in informal learning, as well as the design of formative contexts for learning to occur

Bronchogenic cyst associated with pericardial defect: Case report and review of the literature

Partial defect of the pericardium combined with bronchogenic cyst is a very rare congenital anomaly. We describe the case of a 32-year-old man with a partial defect of the left pericardium and a bronchogenic cyst arising from the border of the pericardial defect. The cyst was successfully resected with the harmonic scalpel by three-port videothoracoscopic approach

Real-world data to build explainable trustworthy artificial intelligence models for prediction of immunotherapy efficacy in NSCLC patients

IntroductionArtificial Intelligence (AI) methods are being increasingly investigated as a means to generate predictive models applicable in the clinical practice. In this study, we developed a model to predict the efficacy of immunotherapy (IO) in patients with advanced non-small cell lung cancer (NSCLC) using eXplainable AI (XAI) Machine Learning (ML) methods. MethodsWe prospectively collected real-world data from patients with an advanced NSCLC condition receiving immune-checkpoint inhibitors (ICIs) either as a single agent or in combination with chemotherapy. With regards to six different outcomes - Disease Control Rate (DCR), Objective Response Rate (ORR), 6 and 24-month Overall Survival (OS6 and OS24), 3-months Progression-Free Survival (PFS3) and Time to Treatment Failure (TTF3) - we evaluated five different classification ML models: CatBoost (CB), Logistic Regression (LR), Neural Network (NN), Random Forest (RF) and Support Vector Machine (SVM). We used the Shapley Additive Explanation (SHAP) values to explain model predictions. ResultsOf 480 patients included in the study 407 received immunotherapy and 73 chemo- and immunotherapy. From all the ML models, CB performed the best for OS6 and TTF3, (accuracy 0.83 and 0.81, respectively). CB and LR reached accuracy of 0.75 and 0.73 for the outcome DCR. SHAP for CB demonstrated that the feature that strongly influences models' prediction for all three outcomes was Neutrophil to Lymphocyte Ratio (NLR). Performance Status (ECOG-PS) was an important feature for the outcomes OS6 and TTF3, while PD-L1, Line of IO and chemo-immunotherapy appeared to be more important in predicting DCR. ConclusionsIn this study we developed a ML algorithm based on real-world data, explained by SHAP techniques, and able to accurately predict the efficacy of immunotherapy in sets of NSCLC patients

A New Genetic Risk Score to Predict the Outcome of Locally Advanced or Metastatic Breast Cancer Patients Treated With First-Line Exemestane: Results From a Prospective Study

Currently there are no reliable biomarkers to predict outcome of exemestane treatment. We designed a prospective study to investigate whether constitutive genetic background might affect response to therapy. In a population of 302 advanced breast cancer patients treated with exemestane we showed that a 5-polymorphism-based genetic score could be used to identify patients with different risks of progression and death.Introduction: Approximately 50% of locally advanced or metastatic breast cancer (MBC) patients treated with first-line exemestane do not show objective response and currently there are no reliable biomarkers to predict the outcome of patients using this therapy. The constitutive genetic background might be responsible for differences in the outcome of exemestane-treated patients. We designed a prospective study to investigate the role of germ line polymorphisms as biomarkers of survival. Patients and Methods: Three hundred two locally advanced or MBC patients treated with first-line exemestane were genotyped for 74 germ line polymorphisms in 39 candidate genes involved in drug activity, hormone balance, DNA replication and repair, and cell signaling pathways. Associations with progression-free survival (PFS) and overall survival (OS) were tested with multivariate Cox regression. Bootstrap resampling was used as an internal assessment of results reproducibility. Results: Cytochrome P450 19A1-rs10046TC/CC, solute carrier organic anion transporter 1B1-rs4149056TT, adenosine triphosphate binding cassette subfamily G member 2-rs2046134GG, fibroblast growth factor receptor-4-rs351855TT, and X-ray repair cross complementing 3-rs861539TT were significantly associated with PFS and then combined into a risk score (0-1, 2, 3, or 4-6 risk points). Patients with the highest risk score (4-6 risk points) compared with ones with the lowest score (0-1 risk points) had a median PFS of 10 months versus 26.3 months (adjusted hazard ratio [AdjHR], 3.12 [95% confidence interval (CI), 2.18-4.48]; P < .001) and a median OS of 38.9 months versus 63.0 months (AdjHR, 2.41 [95% CI, 1.22-4.79], P = .012), respectively. Conclusion: In this study we defined a score including 5 polymorphisms to stratify patients for PFS and OS. This score, if validated, might be translated to personalize locally advanced or MBC patient treatment and management