Understanding the Stakeholder Roles in Business Continuity Management Practices – A Study in Public Sector

Natural disasters, power cuts and fires do not discriminate, but they happen to both private and public organizations. Prior literature has agreed that business continuity management (BCM) requires commitment from all levels of an organization. However, the roles of different internal and external stakeholders in BCM practices have not been discussed in prior literature. This study focuses on BCM stakeholders in continuity practices in the public sector. We report the results of a qualitative case study with 16 interviews. The support from senior and middle management was expected, IT experts were valued, the role of users was not deemed important, and external service providers were trusted partners but also considered “the biggest headaches” by the interviewed managers

“I Wouldn’t Go Back to the Old System”: A Technology Laggard Organization, Resistant Users And System Implementation

Mobile system implementation in a technology laggard organisation with resistant users might not sound like a good idea. Prior literature on user resistance has concentrated on failures, reasons behind the resistance and management strategies for decreasing resistance. This paper provides a view on successful system implementation, and most notably describes in detail how the different strategies affected the resistance during the process

Relativity of Mindfulness: Team Collaboration in Digital and Physical Educational Escape Rooms

This study focuses on collaboration among team members in educational escape rooms in higher education. The objective of this study was to understand how collective mindfulness and less mindful behavior unfold in physical and digital game-based learning. The video data were collected from three different courses comprising 107 students on 28 teams, totaling more than 16 hours of material. The qualitative analysis revealed both collectively mindful and less mindful behaviors in team interactions. This paper contributes to collective mindfulness literature in understanding team collaboration by observing that mindfulness may be relative depending on the observation perspective. It also presents factors that affect member equality in both digital and physical escape rooms. Last, a nuanced description of how team collaboration occurred in a short-term problem-solving situation is developed

Proceedings of the 53rd Hawaii International Conference on System Sciences

Natural disasters, power cuts and fires do not discriminate, but they happen to both private and public organizations. Prior literature has agreed that business continuity management (BCM) requires commitment from all levels of an organization. However, the roles of different internal and external stakeholders in BCM practices have not been discussed in prior literature. This study focuses on BCM stakeholders in continuity practices in the public sector. We report the results of a qualitative case study with 16 interviews. The support from senior and middle management was expected, IT experts were valued, the role of users was not deemed important, and external service providers were trusted partners but also considered “the biggest headaches” by the interviewed managers. </p

Escape Room as Game-Based Learning Process: Causation - Effectuation Perspective

Commercial escape rooms have provided inspiration for an increasing number of educational escape rooms, where students use their learning to solve problems and “escape” a room in a certain time. However, only few escape room studies have been published in the game-based learning research area, although it has been interested also in learning processes. In this study, we apply causation – effectuation theory to observe the learning processes of three student teams solving tasks in an escape room context. The escape room was part of an information systems science research methods course, where the learning process of 18 international students were observed on video recordings. Different learning processes were observed in the teams and causation – effectuation theory explained for example the experimental or instruction following team behavior

The Importance of Business Continuity for Making Business: The Case of Design Kitchen

Design Kitchen is a typical, small business about to secure a major deal with a prospective customer. The crux of this deal: Design Kitchen’s ability to work as a reliable subcontractor. Business continuity (BC) teaching cases usually describe a disruption that requires reaction. This teaching case elucidates the importance of BC for making business. It provides a rich description of Design Kitchen receiving an audit, and posits the task of creating a BC plan based on this audit’s findings. Completing this case, students will learn how to analyze and identify BC risks; how to craft a BC plan; and about the complications stirring when top management is not engaged in BC. While fictional, the case description presents a composite narrative based on empirical studies of several companies’ BC risks. Besides teaching BC, lecturers can use the case text for courses of information security management or business process modeling

Designing a Thrifty Approach for SME Business Continuity: Practices for Transparency of the Design Process

Business continuity (BC) management is an organizational approach to preparing information systems (IS) for incidents, but such approaches are uncommon among small and medium-sized enterprises (SMEs). Past research has indicated a gap in approaches that are designed for SMEs since BC management approaches tend to originate from larger organizations and SMEs lack the resources to implement them. To fill this gap, and to respond to a practical need by an IT consultancy company, we employed design science research (DSR) to develop a BC approach for SMEs coined as the thrifty BC management approach. Jointly with the company’s practitioners, we developed a set of meta-requirements for BC approaches for SMEs anchored in prior BC literature, practitioners’ practical expertise, and the theories of collective mindfulness and sociotechnical systems. We evaluated our thrifty BC management approach with multiple SMEs. These evaluations suggest that the designed approach mostly meets the defined meta-requirements. Moreover, the evaluations offered ample opportunities for learning. The design process, unfolding in a real-world setting, was precarious, rife with contingencies and ad hoc decisions. To render the design process transparent, we adapted four writing conventions from the confessional research genre familiar to ethnographic research but novel to DSR. We offer a threefold contribution. First, we contribute to SMEs’ BC with meta-requirements and their instantiation in a new BC approach (artifact); second, we contribute with four practices of confessional writing for transparency of DSR research; and third, we contribute with reflections on our theoretical learning from throughout the design process

Do SETA Interventions Change Security Behavior? – A Literature Review

Information security education, training, and awareness (SETA) are approaches to changing end-users’ security behavior. Research into SETA has conducted interventions to study the effects of SETA on security behavior. However, we lack aggregated knowledge on ‘how do SETA interventions influence security behavior?’. This study reviews 21 empirical SETA intervention studies published across the top IS journals. The theoretical findings show that the research has extended Protection Motivation Theory by (1) enhancements to fear appeals; (2) drawing attention to relevance; (3) incorporating temporality; (4) and shifting from intentions to behavior. In terms of behavior, the SETA interventions have targeted (1) information security policy compliance behavior; and (2) information protection behavior. We argue that while these studies have provided insights into security intentions and behavior, knowledge on designing effective SETA training has remained primarily anecdotal. We contribute (1) by pointing out gaps in the knowledge; and (2) by proposing tentative design recommendations

Means to Survive Disruption: Business Model Innovation and Strategic Continuity Management?

Advances in Information Technology provide opportunities for totally new business. However, we are facing not only growing number of new ventures, but increasing restructuring of existing businesses. This can be perceived e.g. in shortening life-cycles of the companies. The restructuration and birth of new companies means changing or even disrupting existing businesses. Therefore, companies, regardless of their maturity, should be prepared to evaluate these threats and opportunities actively. Against this backdrop, we suggest to combine business modelling with systematic Business Continuity Management. We discuss the two approaches and their usefulness under different circumstances and illustrate their use when implementable, rapid reaction to changes is required, such as in industry restrucutration, or business merging and reorganization. We coin this combination as Strategic Busiess Continuity Management

Proceedings of the 52nd Hawaii International Conference on System Sciences

Commercial escape rooms have provided inspiration for an increasing number of educational escape rooms, where students use their learning to solve problems and “escape” a room in a certain time. However, only few escape room studies have been published in the game-based learning research area, although it has been interested also in learning processes. In this study, we apply causation – effectuation theory to observe the learning processes of three student teams solving tasks in an escape room context. The escape room was part of an information systems science research methods course, where the learning process of 18 international students were observed on video recordings. Different learning processes were observed in the teams and causation – effectuation theory explained for example the experimental or instruction following team behavior. </p