A catalog of information systems outsourcing risks

Information systems outsourcing risks are a vital component in the decision and management process associated to the provision of information systems and technology services by a provider to a customer. Although there is a rich literature on information systems outsourcing risks, the accumulated knowledge on this area is fragmented. In view of this situation, an argument is put forward on the usefulness of having a theory that integrates the various constructs related to information systems outsourcing risks. This study aims to contribute towards the synthesis of that theory, by proposing a conceptual framework for interpreting the literature and presenting a catalog of information systems outsourcing risks. The conceptual framework articulates together six key risk elements, namely dangers, negative outcomes, undesirable consequences, factors and mitigation actions. The catalog condenses and categorizes the information systems outsourcing risk elements found on the literature reviewed, both from the perspective of the outsourcing customer and from the perspective of the outsourcing provider. Proposals for subsequent work towards the generation of the theory of information systems outsourcing risk are suggested

A revised framework of information security principles

Confidentiality, Integrity and Availability are referred to as the basic principles of Information Security. These principles have remained virtually un-changed over time, but several authors argue they are clearly insufficient to pro-tect information. Others go a step further and propose new security principles, to update and complement the traditional ones. Prompt by this context, the aim of this work is to revise the framework of Information Security principles, making it more current, complete, and comprehensive. Based on a systematic literature re-view, a set of Information Security principles is identified, defined and character-ized, which, subsequently, leads to a proposal of a Revised Framework of Infor-mation Security Principles. This framework was evaluated in terms of completeness and wholeness by intersecting it with a catalog of threats, which re-sulted from the merger of four existing catalogs. An initial set of security metrics, applied directly to the principles that constitute the framework, is also suggested, allowing, in case of adverse events, to assess the extent to which each principle was compromised and to evaluate the global effectiveness of the information pro-tection efforts.Programa Operacional Fatores de Competitividade – COMPETE and National funds by FCT – Fundação para a Ciência e Tecnologia under Project FCOMP-01-0124-FEDER-022674

Information security policies : a content analysis

Completed research paperAmong information security controls, the literature gives a central role to information security policies. However, there is a reduced number ofempirical studies about the features and components of information security policies. Thisresearch aims to contribute to fill this gap. It presents a synthesis of the literature on information security policies content and it characterizes 25 City Councils information security policy documents in terms of features and components. The content analysis research technique was employed to characterize the information security policies. The profile of the policies is presented and discussed and propositions for future work are suggested.(undefined

Institutionalization of information systems security policies adoption: factors and guidelines

Information systems security policies are pointed out in literature as one of the main controls to be applied by organizations for protecting their information systems. Despite this, it has been observed that, in several sectors of activity, the number of organizations having adopted that control is low. This study aimed to identify the factors which condition the adoption of information systems security policies by organizations. Methodologically, the study involved interviewing the officials in charge of information systems in 44 Town Councils in Portugal. The factors facilitating and inhibiting the adoption of information systems security policies are presented and discussed. Based on these factors, a set of recommendations to enhance the adoption of information systems security policies is proposed. The study used Institutional Theory as a theoretical framework

A grammar for information systems and technology competencies

The description of Information Systems and Technology professional competencies requires the articulation of various concepts in an integrated structure. The definitions for these concepts are not consensual and the instantiations of the concepts are written in non-standard ways. This ambiguity can have a negative impact on the characterization and evaluation of professional attributes. This work carries out an analysis of several competency frameworks and proposes the application of grammatical classes for the concepts that make up the competency structure, aiming at greater transparency and clarity in the use of the concepts. To this end, a Backus-Naur Form grammar is proposed to standardize the writing of concepts. Seeking to validate the competency grammar, Information Systems and Technology professionals reported attributes of their occupations, observing the proposed grammatical rules. Afterwards, the exercise was replicated with practitioners from four other professional areas.DOL -U.S. Department of Labor(undefined

A network analysis of IT-CMF

Information Systems and Technology (IST) have been a great support in meeting business challenges, providing organizational agents with information to better perform their tasks. However, IST also requires attention to ensure that they continue to be valuable to all areas of the enterprise. In order to help organizations get value from IST several management models have emerged. IT-CMF is a comprehensive reference to guide the evolution in 36 different areas of the organization, in terms of its relationship with IST. The adoption of IT-CMF requires managers to decide on the areas to be enhanced, in order to make better use of organizational resources to add value to the organization's business, and to find the best path for improvement of IST. To assist managers in this process, this study presents a network analysis of IT-CMF, by the use of graphs as a means to clarify development paths, which include areas to prioritize for the use of resources, and that are aligned with the objectives of the organization.This work has been supported by FCT – Fundação para a Ciência e Tecnologia within R&D Units Project Scope: UIDB/00319/2020

Information systems security policies : a survey in portuguese public administration

Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literature and future works are identified with the aim of enabling the adoption of security policies in Public Administration.(undefined

Semantic and syntactic rules for the specification of information systems and Technology Competencies

There is currently a great demand, which looks set to continue to grow in the near future, for professionals in the Information Systems and Technology area. The search for these professionals faces the difficulty of hiring individuals suited to the company’s culture and who have a set of competencies that can add value to the company in the short term, with the possibility of a lasting relationship and with gains for both parties, employee and employer. However, several references that assist in the structuring of professional profiles do not follow a standard when using the concepts needed to describe professional competencies, falling short to provide a more accurate support to the process of hiring and developing professionals. This work analyzes eight competency frameworks, reviews the definitions of competency-related concepts and proposes a competency grammar to standardize and clarify the specification of competencies, by resorting to Backus-Naur Form. To validate the proposal, Information Systems and Technology professionals, as well as practitioners from four other professional areas, reported attributes of their occupations, in light of the adopted definitions and observing the proposed grammatical rules

Devising information systems and technology evolutionary paths with IT-CMF

The importance of Information Systems and Technology (IST) for organizations has been recognized numerous times, whether in facilitating the achievement of strategic goals, or in overcoming operational challenges, in addition to assisting managers in decision-making processes. The sustainable extraction of value from IST requires organizations to make efforts to maintain the use of IST aligned with the organization’s objectives. IT-CMF consists of a comprehensive framework to guide the evolution of an organization’s exploitation of IST in 36 management areas. Based on this framework, several evolutionary paths for the improvement of the IST capability can be derived. The prioritization and selection among the available paths may pose a problem for organizations, especially due to the intricate relationships between the different areas of intervention. In this study, we resort to Graph Theory to conduct a network analysis of IT-CMF, in order to assist organizations choosing the evolutionary path with the greatest potential for improving their use of IST, taking into account their strengths, weaknesses, and priorities.This work has been supported by FCT – Fundação para a Ciência e Tecnologia within R&D Units Project Scope: UIDB/00319/2020