Interpreting the management of information systems security

The management of adverse events within organisations has become a pressing issue as the perceptions of risk continue to heighten. However the basic need for developing secure information systems has remained unfulfilled. This is because the focus has been on the means of delivery of information, i.e. the technology, rather than on the various contextual factors related to information processing. The overall aim of this research is to increase understanding of the issues and concerns in the management of information systems security. The study is conducted by reviewing the analysis, design and management of computer based information in two large organisations - A British national Health Service Hospital Trust and a Borough Council. The research methodology adopts an interpretive mode of inquiry. The management of information systems security is evaluated in terms of the business environment, organisational culture, expectations and obligations of different roles, meanings of different actions and the related patterns of behaviour. Findings from the two case studies show that an inappropriate analysis, design and management of computer based information systems affects the integrity and wholeness of an organisation. As a result, the probability of occurrence of adverse events increases. In such an environment there is a strong likelihood that security measures may either be ignored or are inappropriate to the real needs of an organisation. Therefore what is needed is coherence between the computer based information systems and the business environment in which they are embedded. In conclusion, this study shows that to resolve the problem of managing information systems security, we need to understand the deep seated pragmatic aspects of an organisation. Solutions to the problem of security can be provided by interpreting the behavioural patterns of the people involved

Process orientation and information management : the case of achieving success in the pharmaceutical industry

In today’s business environment, organisations have recognised the importance of information. Consequently the use of IT is regarded as a primary means of enhancing business improvement. This has resulted in a number organisations focusing on different means of structuring, and process orientation is considered to be the most suitable option. This paper explores issues related with managing information and the implications on key operational issues. Various concerns are exemplified by drawing examples from the pharmaceutical industry

Money Laundering and Technology Enabled Crime: a cultural analysis

Over the past decade or so, aided by information and communication technologies, money laundering has seen a sharp increase. While traditionally money laundering was associated with drug cartels and warlords, increasingly the focus has shifted towards white-collar crime and terrorist financing. It is therefore important to understand why money laundering (and hence white-collar crime) comes into being and sustains over a period of time. This paper, while exploring the antecedents of technology enabled white-collar crime, undertakes a cultural analysis of the Silk Road case. The cultural analysis helps in understanding patterns of behavior associated with technology enabled white-collar crimes

Doctor of Philosophy

dissertationUpper limb amputees desire an artificial arm that allows for multiple degrees of freedom of control over the movements of the prosthesis, coupled with direct sensory feedback. The goal of this work was to assess if it is feasible to interface artificial limbs to severed nerves of human upper limb amputees. Longitudinal intrafascicular electrodes were interfaced to severed nerve stumps of long-term human amputees. Initial studies conducted for two days following electrode implantation showed that it is possible to provide discrete, unitary, painless, graded sensations of touch, joint movement and position referred to the missing limb. Amputees were able to generate and control motor nerve activity uniquely associated with the missing limb movements. Longer term studies conducted for a period of up to 4 weeks showed recorded motor nerve activity and elicited sensations remained stable and there was no significant change in the stimulation parameters. Finally, amputees were able to control a modified Utah Artificial Arm. Results of our studies show that it is possible to interface an artificial limb to the severed nerves of upper limb amputees. Further work is required to refine the hardware which can be eventually incorporated into the artificial arm, allowing the amputees to wear the prosthesis and more precisely execute movements related to real life activities of daily living

Modelling and testing consumer trust dimensions in e-commerce

Prior research has found trust to play a significant role in shaping purchase intentions of a consumer. However there has been limited research where consumer trust dimensions have been empirically defined and tested. In this paper we empirically test a path model such that Internet vendors would have adequate solutions to increase trust. The path model presented in this paper measures the three main dimensions of trust, i.e. competence, integrity, and benevolence. And assesses the influence of overall trust of consumers. The paper also analyses how various sources of trust, i.e. consumer characteristics, firm characteristic, website infrastructure and interactions with consumers, influence dimensions of trust. The model is tested using 365 valid responses. Findings suggest that consumers with high overall trust demonstrate a higher intention to purchase online

Are we really competent? : Assessing organizational ability in delivering IT benefits

Purpose – The purpose of this paper is to present organizational competencies for gaining information technology (IT) benefits within organizations. Following the analysis of 16 in-depth case studies, a set of six high level, fundamental competencies and 17 facilitating competencies are identified.Aframework for orchestrating the organizational competencies is also presented. The results of this research would be useful to academics in developing measures for assessing the level of organizational competence and for practitioners in identifying and nurturing competencies for organizational benefits realization. Design/methodology/approach – The methodology involved two phases. Phase 1 entailed conducting 16 extensive case studies. Case study methodology employed follows guidelines provided by Yin and Benbasat et al. Case studies are a suitable means to collect the data since the notion of competencies in delivering IT benefits has not been well understood in the literature. By analyzing and understanding the particular situation and factors in each organization in an in-depth manner, the paper develops a sound interpretation of the abilities that organizations need to have in place to deliver IT benefits. Findings – In order to gain business benefits from IT investments, organizations must develop competencies to exploit IT. These competencies involve individual skills and organizational processes that enable those skills to be effectively applied. This paper identifies 23 competencies categorized into fundamental and facilitating competencies that firms need to have in place if IT services are to be delivered adequately and business benefits achieved. Also developed is a network of competences based on the data collected in the 16 cases studied. Research limitations/implications – Like any research, this paper has its limitations. Given the qualitative and interpretive nature of the research, a lot of assertions are interpretations of the authors. While in the literature, this has been argued as a valid way to undertake research, clearly there are biases that creep into the research. Practical implications – The model of competencies presented forms a good basis for enterprises to fine-tune their abilities for harnessing IT. Originality/value – While management researchers have been researching the notion of organizational competence for a while, it has not been well considered in the information systems arena; it is felt that this research makes a positive contribution to that effect.info:eu-repo/semantics/publishedVersio

The decline of ameriquest : a case study

In the subprime lending market, Ameriquest Mortgage Company is one of the leading lenders. It is widely known for its advertising slogan of “proud sponsor of the American dream.” Yet in 2006, an investigation into unlawful mortgage lending practices and the subsequent $325 million multi-State settlement brought even more attention to this company. What caused this lawsuit which brought irreparable damage to its reputation and financial loss for Ameriquest? This study focuses on the Information System Security management of the company. The study first introduces Ameriquest, and then briefly describes the lawsuit and settlement, and then discusses the IS security control in Ameriquest. The discussion will cover the internal control, external control, and technical controls of the company

Cybersecurity in Contemporary Organizations: A leadership challenge

This paper addresses narrowing the gap between business executives and cybersecurity technologists for cybersecurity preparedness within organizations. Without a common understanding of cybersecurity risks, organizations become vulnerable to data breaches. To manage cybersecurity effectively, leaders must stay informed about evolving threats and adopt a proactive approach. We draw upon interviews with senior business and cybersecurity executives and propose three action items to narrow the gap -- engage with cybersecurity professionals, establish cyber governance, and counter social engineering, which will prepare organizations to protect against cyber threats and become resilient when a cyber breach occurs