Improving Data Quality Through Effective Use of Data Semantics

Data quality issues have taken on increasing importance in recent years. In our research, we have discovered that many “data quality” problems are actually “data misinterpretation” problems – that is, problems with data semantics. In this paper, we first illustrate some examples of these problems and then introduce a particular semantic problem that we call “corporate householding.” We stress the importance of “context” to get the appropriate answer for each task. Then we propose an approach to handle these tasks using extensions to the COntext INterchange (COIN) technology for knowledge storage and knowledge processing.Singapore-MIT Alliance (SMA

Preventing Accidents and Building a Culture of Safety: Insights from a Simulation Model

Research has approached the topic of safety in organizations from a number of different perspectives. On the one hand, psychological research on safety climate gives evidence for a range of organizational factors that predict safety across organizations. On the other hand, organizational learning theorists view safety as a dynamic problem in which organizations must learn from mistakes. Here, we synthesize these two streams of research by incorporating key organizational factors from the safety climate literature into a dynamic simulation model that also includes the possibility for learning. Analysis of simulation results sheds insight into the nature of reliability and confirms the dangers of over-reliance on 'single loop learning' as a mechanism for controlling safety behaviors. Special emphasis is placed on strategies that managers might use to encourage learning and prevent erosion in safety behaviors over time.Work reported herein was supported, in part, by the Singapore Defence Science and Technology Agency (DSTA)

Regulatory Facilitators and Impediments Impacting Cybersecurity Maturity

Due to society’s increasing reliance on technology (e.g., financial transactions, critical infrastructure, globally-integrated supply chains, etc.), technological disruptions from cyberattacks can have profound implications for virtually all organizations and their stakeholders. In an effort to minimize cyber threats, governments and regulators have been deploying an increasingly comprehensive and complex landscape of regulations; however, the extent to which regulations actually facilitate, or harm, cybersecurity maturity remains nebulous. This research reports the findings of a qualitative study designed to help illuminate this problem space. We interviewed 12 high-ranking experts, associated with a variety of organizations and industries, and analyzed their responses to identify key factors emerging from the data. These factors were found to operate as either facilitators or impediments of cybersecurity maturity. In addition to identifying these factors, we discuss the implications of our findings, limitations, and avenues for future research

Does High Cybersecurity Capability Lead to Openness in Digital Trade? The Mediation Effect of E-Government Maturity

Cybersecurity risks threaten the digital economy, including digital trade enabled by digital technologies. As parts of cybersecurity capability building, governments implement fragmented, in-flux policies to manage cybersecurity threats from cross-border digital activities. However, the lack of shared understandings of cybersecurity within cross-border digital innovations raises an increasing debate about how cybersecurity capability building policies can impact digital trade restrictions. This study develops a National Cyber Trade Behavior model to examine the relationship between national cybersecurity capability and digital trade restrictions. Utilizing the PLS-SEM-based path analysis, we draw empirical evidence to verify the developed model and reveal that building cybersecurity capability can indirectly support an open digital trade system, mediated by E-government maturity

Studying the Tension Between Digital Innovation and Cybersecurity

With increasing economic pressures and exponential growth in technological innovations, companies are increasingly relying on digital technologies for innovation and value creation. But, with increasing levels of cybersecurity breaches, the trustworthiness of many established and new technologies is of concern. Consequently, companies are aggressively increasing cybersecurity of their existing and new digital assets. Most companies have to deal with these priorities simultaneously which are frequently conflicting, and creating tensions. This paper introduces a framework for evaluating these risk/reward trade-offs. Through a survey and interviews, companies are positioned in different quadrants on an innovation/cybersecurity matrix overlaid with the negative impact of cybersecurity controls on the innovative projects. The paper analyzes the industry level, firm level, technology management, and technology maturity factors that affect these trade-offs. Finally, a set of recommendations is provided to help a company to evaluate its positioning on the matrix, understand the underlying factors, and how to better manage these trade-offs

Understanding Organizational Traps in Implementing Service-Oriented Architecture

One of the major objectives of adopting service-oriented architecture (SOA) is to enhance the IS agility of organizations and improve IT-business alignment. In practice the contradictory experiences about SOA implementation turn out to be a paradox: why many organizations failed to meet their expectations about SOA implementation efforts, while others succeeded? Contrast to prior research on SOA, this study adopts the process perspective and provides plausible theoretical explanations for the SOA implementation paradox. Specifically, the study uses multiple case-study methods to develop a system dynamics model which highlights the feedback loops and time delay during the SOA implementation process. The results reveal the dynamic characteristics of learning curve of SOA implementation and two organizational traps (technology learning trap and implementation effectiveness trap) associated with SOA implementation. Technology learning trap refers to the situation that the less learning in using the technology, the more difficult and complex the technology is perceived. Implementation effectiveness trap refers to the situation in which the organization may misperceive the inappropriateness of SOA when SOA implementation is temporally less effective and perceived benefits of SOA are delayed. The theory of the organizational traps can be generalized to a broad context of innovative IS implementation. Further, the theoretical causes of the traps are investigated. Finally, the research implication of this study and connections with existing literature on IS and organization are discussed

A Lightweight Ontology Approach to Scalable Interoperability

There are many different kinds of ontologies used for different purposes in modern computing. Lightweight ontologies are easy to create, but difficult to deploy; formal ontolgies are relatively easy to deploy, but difficult to create. This paper presents an approach that combines the strengths and avoids the weaknesses of lightweight and formal ontologies. In this approach, the ontology includes only high level concepts; subtle differences in the interpretation of the concepts are captured as context descriptions outside the ontology. The resulting ontology is simple, thus it is easy to create. The context descriptions facilitate data conversion composition, which leads to a scalable solution to semantic interoperability among disparate data sources and contexts

A Systems Theoretic Approach to the Security Threats in Cyber Physical Systems Applied to Stuxnet

Cyber Physical Systems (CPSs) are increasingly being adopted in a wide range of industries such as smart power grids. Even though the rapid proliferation of CPSs brings huge benefits to our society, it also provides potential attackers with many new opportunities to affect the physical world such as disrupting the services controlled by CPSs. Stuxnet is an example of such an attack that was designed to interrupt the Iranian nuclear program. In this paper, we show how the vulnerabilities exploited by Stuxnet could have been addressed at the design level. We utilize a system theoretic approach, based on prior research on system safety, that takes both physical and cyber components into account to analyze the threats exploited by Stuxnet. We conclude that such an approach is capable of identifying cyber threats towards CPSs at the design level and provide practical recommendations that CPS designers can utilize to design a more secure CPS

Studying the tension between digital innovation and cybersecurity

With increasing economic pressures and exponential growth in technological innovations, companies are increasingly relying on digital technologies for innovation and value creation. But, with increasing levels of cybersecurity breaches, the trustworthiness of many established and new technologies is of concern. Consequently, companies are aggressively increasing cybersecurity of their existing and new digital assets. Most companies have to deal with these priorities simultaneously which are frequently conflicting, and creating tensions. This paper introduces a framework for evaluating these risk/reward trade-offs. Through a survey and interviews, companies are positioned in different quadrants on an innovation/cybersecurity matrix overlaid with the negative impact of cybersecurity controls on the innovative projects. The paper analyzes the industry level, firm level, technology management, and technology maturity factors that affect these trade-offs. Finally, a set of recommendations is provided to help a company to evaluate its positioning on the matrix, understand the underlying factors, and how to better manage these trade-offs. Keywords: Cybersecurity, digital innovation, CIOs