Beyond Technical Aspects of Information Security: Risk Culture as a Success Factor for IT Risk Management

Increasing numbers of security incidents such as malware or hacker attacks prompt companies to spend billions of dollars on protecting their information systems. In this context IT risk management (ITRM) has become an important organizational function to control internal and external risks associated with IT. Much effort has been put on mitigating IT risks by means of physical, procedural, and technological solutions. However, the socio-cultural perspective of managing these risks has largely been ignored and thus a “cultural gap” in ITRM can be identified. This paper introduces risk culture as an essential component of an integrated IT risk management and presents a theoretically motivated framework for analyzing the construct risk culture. Based on this framework we conducted a case study that underpins the crucial role of a vital risk culture in an organization. From the empirical findings we derived important factors for establishing risk culture such as (among others) communication campaigns or top-management involvement

USING AN INTELLIGENT DSS FOR CIS IDEA IDENTIFICATION: A SYMBIOTIC APPROACH

Competitive Information Systems (CIS) are information systems which help a company to obtain and sustain a competitive edge. Before any such CIS can be implemented, the idea for it has to be formulated. The paper describes a way to systematically stimulate ideas by asking questions. It discusses the question generating mechanism as well as ways to focuses these questions. It shows an implemented DSS, which aids the described process and contains inference mechanisms of expert systems. This DSS uses a symbiotic approach between system and user.Information Systems Working Papers Serie

Maturity Model for IT Service Catalogues An Approach to Assess the Quality of IT Service Documentation

Information technology (IT) has to face many challenges regarding the increasing business requirements for flexibility, complexity, and availability of IT. Thus, a restructuring of the IT portfolio into IT services is necessary to provide an effective and business-driven IT support. The design of IT service catalogues is generally difficult in the managerial context of an enterprise. The current situation of the IT service structure can hardly be analyzed because no approaches exist that support such an analysis. In this paper we intend to develop a maturity model to assess the current situation of the quality of IT service catalogues. We describe the model structure, its components, and present empirical key findings of its practical application in a benchmarking study

Risk Profiles in Individual Software Development and Packaged Software Implementation Projects: A Delphi Study at a German-Based Financial Services Company

The aim of this paper is to compare risk profiles of individual software development (ISD) and packaged software implementation (PSI) projects. While researchers have investigated risks in either PSI projects or ISD projects, an integrated perspective on how the risk profiles of these two types of information system (IS) projects differ is missing. To explore these differences, this work conducted a Delphi study at a German-based financial services company. The results suggest that: First, ISD projects seem to be more heterogeneous and face a larger variety of risks than the more straightforward PSI projects. Second, ISD projects seem to be particularly prone to risks related to sponsorship, requirements, and project organization. Third, PSI projects tend to be predominantly subject to risks related to technology, project planning, and project completion. Finally, in contrast to available lists of risks in IS projects and irrespective of the project type, the paper found a surprisingly high prominence of technology and testing-related risks

DCXNET: E-Transformation at DaimlerChrysler

The teaching case covers the story of DCXNET, the e-business initiative of DaimlerChrysler from 2000 to 2002. It focuses on the challenges for the automotive industry due to the evolution of e-business technology and how these challenges have been dealt with at DaimlerChrysler. The case is embedded in the context of todayís the e-business hype and describes the management approach, results, and success factors of the initiative as well as lessons learned

Information Systems And Employment: From Idealization To Understanding As Stepping Stone To Action

Information Systems (IS), nowadays often focusing on digitization, and their effect on employment have been discussed for a long time. The net effect resulting from job creation and job loss has never been clear. However, it seems obvious that today\u27s information systems the accompanying digitization of data and processes may destroy jobs among knowledge workers just as automation did in the class of manufacturing workers. In this position paper, we outline the effects and mechanisms underlying digitization-driven job destruction and propose a research program to also take into account and prepare for the detrimental side of digitization

Designing Multi-Agent Systems - The NDA Approach Applied in Health Care

In this paper we introduce inherent problems of information logistics in health care. Promising research results on agentbased systems have allowed us to conclude that this approach is especially suitable to coping with these problems. In order to adequately capture the requirements of a complex setting, we present an approach for the design of agent-based systems. The basis forms the ethnography-based requirements analysis approach Needs Driven Approach (NDA). The NDA supports the participating observation of work processes and guides the construction of domain models. As a result of a field study, a Technische Universitat Munchen meta-model is constructed which reflects the interrelationships of its elements. According to basic ideas of the Model Driven Architecture (MDA), the elements of the meta-model are mapped to constructs of software engineering

Digital Material in a Political Work Context - The Case of Cuparla

Understanding the appropriation of CSCW-- Tools is key to their successful implementation. This paper explores the social and organizational appropriation of the Cuparla CSCW-environment in the Stuttgart city council. The city council work requires a CSCW design that is based on the notion of digital material in separated work contexts. Within these contexts, the appropriation of technology depends on trust within the collaborating group and the organizational complexity of the tasks the group is working on. Dealing with organizational complexity and trust are therefore fundamental building blocks of CSCW-implementation strategies. With regard to software design, requirements can be elicited, that allow for different social trust structures as well as different task support

GENERIC PERFORMANCE PREDICTION FOR ERP AND SOA APPLICATIONS

Enterprise systems are business-critical applications, and strongly influence a company’s productivity. In contrast to their importance, their performance behaviour and possible bottlenecks are often unknown. This lack of information can be explained by the complexity of the systems itself, as well as by the complexity and specialization of the existing performance prediction tools. These facts make performance prediction expensive, resulting very often in a “we fix it when we see it” mentality, with taking the risk of system unavailability and inefficient assignment of hardware resources. In order to address the challenges identified above, we developed a performance prediction process to model and simulate the performance behaviour and especially identify performance bottlenecks for SOA applications. In this paper, we present the process and architecture of our approach. To cover a variety of applications the performance is modelled using evolutionary algorithms, while the simulation uses layered queuing networks. Both techniques allow a domain-independent processing. To cope with the resource requirements for delivering prediction results fast, EPPIC automatically acquires cloud resources for performing the modelling and simulation. With its slim user interface EPPIC provides an approach for easy to use performance prediction in a broad application context