A catalog of information systems outsourcing risks

Information systems outsourcing risks are a vital component in the decision and management process associated to the provision of information systems and technology services by a provider to a customer. Although there is a rich literature on information systems outsourcing risks, the accumulated knowledge on this area is fragmented. In view of this situation, an argument is put forward on the usefulness of having a theory that integrates the various constructs related to information systems outsourcing risks. This study aims to contribute towards the synthesis of that theory, by proposing a conceptual framework for interpreting the literature and presenting a catalog of information systems outsourcing risks. The conceptual framework articulates together six key risk elements, namely dangers, negative outcomes, undesirable consequences, factors and mitigation actions. The catalog condenses and categorizes the information systems outsourcing risk elements found on the literature reviewed, both from the perspective of the outsourcing customer and from the perspective of the outsourcing provider. Proposals for subsequent work towards the generation of the theory of information systems outsourcing risk are suggested

A revised framework of information security principles

Confidentiality, Integrity and Availability are referred to as the basic principles of Information Security. These principles have remained virtually un-changed over time, but several authors argue they are clearly insufficient to pro-tect information. Others go a step further and propose new security principles, to update and complement the traditional ones. Prompt by this context, the aim of this work is to revise the framework of Information Security principles, making it more current, complete, and comprehensive. Based on a systematic literature re-view, a set of Information Security principles is identified, defined and character-ized, which, subsequently, leads to a proposal of a Revised Framework of Infor-mation Security Principles. This framework was evaluated in terms of completeness and wholeness by intersecting it with a catalog of threats, which re-sulted from the merger of four existing catalogs. An initial set of security metrics, applied directly to the principles that constitute the framework, is also suggested, allowing, in case of adverse events, to assess the extent to which each principle was compromised and to evaluate the global effectiveness of the information pro-tection efforts.Programa Operacional Fatores de Competitividade – COMPETE and National funds by FCT – Fundação para a Ciência e Tecnologia under Project FCOMP-01-0124-FEDER-022674

Information security policies : a content analysis

Completed research paperAmong information security controls, the literature gives a central role to information security policies. However, there is a reduced number ofempirical studies about the features and components of information security policies. Thisresearch aims to contribute to fill this gap. It presents a synthesis of the literature on information security policies content and it characterizes 25 City Councils information security policy documents in terms of features and components. The content analysis research technique was employed to characterize the information security policies. The profile of the policies is presented and discussed and propositions for future work are suggested.(undefined

Institutionalization of information systems security policies adoption: factors and guidelines

Information systems security policies are pointed out in literature as one of the main controls to be applied by organizations for protecting their information systems. Despite this, it has been observed that, in several sectors of activity, the number of organizations having adopted that control is low. This study aimed to identify the factors which condition the adoption of information systems security policies by organizations. Methodologically, the study involved interviewing the officials in charge of information systems in 44 Town Councils in Portugal. The factors facilitating and inhibiting the adoption of information systems security policies are presented and discussed. Based on these factors, a set of recommendations to enhance the adoption of information systems security policies is proposed. The study used Institutional Theory as a theoretical framework

Information systems security policies : a survey in portuguese public administration

Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literature and future works are identified with the aim of enabling the adoption of security policies in Public Administration.(undefined

Information systems security outsourcing key issues : a service providers' perspective

Completed research paperThere is a perception that information systems security outsourcing, in spite entailing a relationship between a client and one or more providers, tends to be studied and analysed from the perspective of the client. A gap is then believed to exist in the study of the information systems security outsourcing relationship from the point of view of the service provider. This research aims to identify the key issues of such a relationship from the perspective of the service provider and rank them according to their importance. The Delphi method was used to support the communication with the group of experts contributing to this research as well as to boost consensus within the group. Final interviews with participants were also conducted with the aim of reaching deeper into their opinions and to shed a brighter light over the results of the Delphi. A ranked list of the 13 most important key issues found is presented and discussed and propositions for further work are put forward in the wake of the study.Fundação para a Ciência e a Tecnologia (FCT

Trust in e-Voting systems : a case study

Completed research paperThe act of voting is one of the most representative of Democracy, being widely recognized as a fundamental right of citizens. The method of voting has been the subject of many studies and improvements over time. The introduction of electronic voting or e-voting demands the fulfillment of several requirements in order to maintain the security levels of the paper ballot method and the degree of trust people place in the voting process. The ability to meet those requirements has been called into question by several authors. This exploratory research aims to identify what factors influence voters’ confidence in e-voting systems. A case study was conducted in an organization where such a system has been used in several elections. A total of 51 e-voters were interviewed. The factors that were found are presented and discussed, and proposals for future work are suggested.Fundação para a Ciência e a Tecnologia (FCT

Supporting intense needs of assessment in computer programming disciplines

Completed research paperAfter several years of experience teaching computer programming disciplines, the major insight about how to succeed became very clear. Students must work in a weekly flawless base. Instead, students tend to study occasionally with strong peeks of work at assessment eves. However, implementing assessments in a weekly base requires a lot of resources and that is not easy to obtain. At an earlier stage, a sequence of experiments proved the influence of weekly assessment in students’ success in computer programming disciplines. A methodology to guide the weekly rhythm was developed and finally an automated assessment tool solved the problem of lack of resources.Fundação para a Ciência e a Tecnologia (FCT

Procura de profissionais de Tecnologias e Sistemas de Informaçao

Neste documento caracteriza-se a procura publicada por profissionais de tecnologias e sistemas de informação, a nível nacional, conforme levantamento de anúncios de emprego realizado no ano de 2019. O estudo realizado enquadra-se no processo de reflexão sofre a oferta educativa do Departamento de Sistemas de Informação da Escola de Engenharia da Universidade do Minho, desencadeado na sequência da decisão da tutela de extinção dos cursos de mestrado integrado em todas as áreas de formação, exceto Medicina e Arquitetura. O processo de reflexão é presidido por João Álvaro Carvalho, Professor Catedrático na Universidade do Minho e Diretor do Departamento de Sistemas de Informação da Escola de Engenharia da Universidade do Minho, e os trabalhos são coordenados por Filipe de Sá-Soares, Professor Auxiliar na Universidade do Minho e Diretor-Adjunto do Departamento de Sistemas de Informação da Escola de Engenharia da Universidade do Minho