Information security frameworks for assisting GDPR compliance in banking industry

Purpose Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach The design science research process was followed and semi-structured interviews performed. Findings A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.

Download Full-text

Studying gendered embodied consumption with poststructuralist feminist hermeneutics

Qualitative Market Research An International Journal ◽

10.1108/qmr-01-2021-0011 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Carly Drake ◽

Scott K. Radford

Keyword(s):

Cultural Landscape ◽

Research Process ◽

The Body ◽

Methodological Framework ◽

Structured Interviews ◽

Content Type ◽

Research Participants ◽

Textual Data ◽

Recreational Runners ◽

Feminist Hermeneutics

Purpose This study aims to consider how research methodologies and methods can afford holistic inquiry into gendered embodied consumption. Noting the salience of gender in past and present discourse surrounding the body and building on poststructuralist feminist hermeneutic philosophy and practice, the authors introduce a novel methodological framework situated within three considerations borne of the current socio-cultural landscape: the politics of embodiment, embodied identity and intersectionality. Design/methodology/approach To assist scholars and practitioners in interpreting themes of gendered embodiment in textual data surrounding consumption topics, the authors orient the framework around three principles of listening, questioning and hospitality. This framework fosters embodied empathy by linking the researcher’s body to those of research participants. To illustrate the method, the authors interpret consumption narratives extracted from semi-structured interviews with 26 women-identified recreational runners on the topics of embodiment, sport and media. Findings The interpretations of gendered consumption narratives show that using the principles of listening, questioning and hospitality invites an understanding of consumers as multifaceted, contradictory and agentic. The authors argue that consumers’ everyday experiences are often simple and quiet but embedded in history wherein bodies are both biological and inescapably social. Originality/value The methodological framework allows both the researcher’s and research participants’ embodiment to play a role in the research process. It also illuminates the entanglement of embodiment and consumption in a fraught, politicized context. The authors show that by listening to consumers, questioning their narratives and traditional interpretations thereof and inviting consumers to feel comfortable and heard, researchers can see what other approaches may overlook.

Download Full-text

A URI parsing technique and algorithm for anti-pattern detection in RESTful Web services

International Journal of Web Information Systems ◽

10.1108/ijwis-08-2020-0052 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Fuad Sameh Alshraiedeh ◽

Norliza Katuk

Keyword(s):

Web Services ◽

Design Science ◽

Science Research ◽

Research Process ◽

Detection Algorithm ◽

Pattern Detection ◽

Content Type ◽

Representational State Transfer ◽

State Transfer ◽

Restful Web Services

Purpose Many REpresentational State Transfer (RESTful) Web services suffered from anti-patterns problem, which may diminish the sustainability of the services. The anti-patterns problem could happen in the code of the programme or the uniform resource identifiers (URIs) of RESTful Web services. This study aims to address the problem by proposing a technique and an algorithm for detecting anti-patterns in RESTful Web services. Specifically, the technique is designed based on URIs parsing process. Design/methodology/approach The study was conducted following the design science research process, which has six activities, namely, identifying problems, identifying solutions, design the solutions, demonstrate the solution, evaluation and communicate the solution. The proposed technique was embedded in an algorithm and evaluated in four phases covering the process of extracting the URIs, implementing the anti-pattern detection algorithm, detecting the anti-patterns and validating the results. Findings The results of the study suggested an acceptable level of accuracy for the anti-patterns detection with 82.30% of precision, 87.86% of recall and 84.93% of F-measure. Practical implications The technique and the algorithm can be used by developers of RESTful Web services to detect possible anti-pattern occurrences in the service-based systems. Originality/value The technique is personalised to detect amorphous URI and ambiguous name anti-patterns in which it scans the Web service URIs using specified rules and compares them with pre-determined syntax and corpus.

Download Full-text

Empowering front office employees with counseling affordances

Transforming Government People Process and Policy ◽

10.1108/tg-02-2015-0006 ◽

2015 ◽

Vol 9 (4) ◽

pp. 517-544 ◽

Cited By ~ 1

Author(s):

Tobias Giesbrecht ◽

Birgit Schenk ◽

Gerhard Schwabe

Keyword(s):

Information And Communication Technology ◽

Communication Technology ◽

Design Science ◽

Science Research ◽

Structured Interviews ◽

Content Type ◽

Information And Communication ◽

German City ◽

Role Of Information

Purpose – The purpose of this paper is to investigate the face-to-face citizen service encounter in public administrations’ front offices, and present a novel qualification approach to empower service personnel on-the-job, and thereby deepen the knowledge on the role of information and communication technology for advancing governmental reforms. Design/methodology/approach – The presented study follows a design science research methodology, conducted in collaboration with the public administration of a major German city. Data were collected using multiple quantitative and qualitative methods, including questionnaires, semi-structured interviews and video analysis. Findings – A novel on-the-job qualification approach for empowering public employees in their job-related skills, building on the concept of affordances, is developed. Thereto, six design principles for equipping artifacts with counseling affordances are presented. Evaluations in real-world environments provide first evidence that “learning with counseling affordances” constitutes an effective qualification measure to initiate experiential learning on-the-job, helping employees in the resource-restricted work environment of public front offices to obtain the skills to provide superior advisory services. Research limitations/implications – The “learning with counseling affordances” approach was developed in collaboration with an individual major German city and the paper provides first evidence of its effectiveness and suitability. Hence, the study’s insights should be approved by further research to strengthen generalizability. Originality/value – The paper highlights the previously neglected aspects of employee’s skills and qualification for promoting governmental transformation. By highlighting the beneficial relationship between affordances and on-the-job learning, the paper provides novel insights on the role of information and communication technology to promote governmental transformation.

Download Full-text

An Overlapless Incident Management Maturity Model for Multi-Framework Assessment (ITIL, COBIT, CMMI-SVC)

Interdisciplinary Journal of Information Knowledge and Management ◽

10.28945/4083 ◽

2018 ◽

Vol 13 ◽

pp. 137-163 ◽

Cited By ~ 2

Author(s):

João Aguiar ◽

Ruben Pereira ◽

José Braga Vasconcelos ◽

Isaias Bianchi

Keyword(s):

Design Science ◽

Science Research ◽

The Body ◽

Future Research ◽

Incident Management ◽

Maturity Model ◽

Maturity Level ◽

Structured Interviews ◽

Maturity Models ◽

The One

Aim/Purpose: This research aims to develop an information technology (IT) maturity model for incident management (IM) process that merges the most known IT frameworks’ practices. Our proposal intends to help organizations overcome the current limitations of multiframework implementation by informing organizations about frameworks’ overlap before their implementation. Background: By previously identifying frameworks’ overlaps it will assist organizations during the multi-framework implementation in order to save resources (human and/or financial). Methodology: The research methodology used is design science research (DSR). Plus, the authors applied semi-structured interviews in seven different organizations to demonstrate and evaluate the proposal. Contribution: This research adds a new and innovative artefact to the body of knowledge. Findings: The proposed maturity model is seen by the practitioners as complete and useful. Plus, this research also reinforces the frameworks’ overlap issue and concludes that some organizations are unaware of their actual IM maturity level; some organizations are unaware that they have implemented practices of other frameworks besides the one that was officially adopted. Recommendations for Practitioners: Practitioners may use this maturity model to assess their IM maturity level before multi-framework implementation. Moreover, practitioners are also incentivized to communicate further requirements to academics regarding multi-framework assessment maturity models. Recommendation for Researchers: Researchers may explore and develop multi-frameworks maturity models for the remaining processes of the main IT frameworks. Impact on Society: This research findings and outcomes are a step forward in the development of a unique overlapless maturity model covering the most known IT frameworks in the market thus helping organizations dealing with the increasing frameworks’ complexity and overlap. Future Research: Overlapless maturity models for the remaining IT framework processes should be explored.

Download Full-text

Managing BPM life cycle transition risks in a small educational company to support change management

Benchmarking An International Journal ◽

10.1108/bij-03-2021-0138 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Larissa Ane Hora de Souza ◽

Victor Diogho Heuer de Carvalho ◽

Roberio José Rogério dos Santos ◽

Jonhatan Magno Norte da Silva

Keyword(s):

Life Cycle ◽

Process Management ◽

Programming Model ◽

Design Science ◽

Science Research ◽

Research Process ◽

Comfort Level ◽

Content Type ◽

Organizational Stability ◽

New Perspective

PurposeThis article aims to present a methodology applied to the transition between the “as-is” and “to-be” stages of the Business Process Management (BPM) life cycle, supporting its implementation and maintenance for the organizational stability, using techniques from Operations Research and Information and Decision Theories, applied by a gamified system.Design/methodology/approachThe study used Design Science Research, considering the following methodological elements: (1) artifact model, after initial analysis of the organization; (2) problem relevance, incorporating components to the Markov transition matrix and the integer programming model for resource optimization; (3) model evaluation, establishing mechanisms to validate the methodology created; (4) research contributions, showing benefits found; (5) systematic approach, detailing methods used; (6) model's research process, revealing the means for execution; and (7) final presentation of results.FindingsAfter planning three scenarios for the company, containing zero, one or two implemented processes, the matrix of states in the Markov chain effectively identified the states of greater and lesser transition uncertainty. At the same time, the optimization model guided the organization toward a stable change in its operational and financial areas.Practical implicationsThe company's planning capacity has increased, as its managers now have a methodology to promote rational decisions about the development of plans. Before, managers believed that the methodology used was only for large companies. However, this view changed with the results, showing a structured view of the ability to absorb new customers, relocate established ones, increase the comfort level for employees and increase profitability for the company's business.Originality/valueThe study showed that the combination of techniques opens a new perspective to the incorporation of BPM in organizations, allows a smooth change between the current and future state, making it possible to predict the evolution of transition scenarios.

Download Full-text

Developing an information classification method

Information and Computer Security ◽

10.1108/ics-07-2020-0110 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Erik Bergström ◽

Fredrik Karlsson ◽

Rose-Mharie Åhlfeldt

Keyword(s):

Information Security ◽

Design Science ◽

Science Research ◽

Research Approach ◽

Content Type ◽

Security Breaches ◽

Information Classification ◽

Subjective Judgement ◽

Starting Point ◽

Iec 27002

Purpose The purpose of this paper is to develop a method for information classification. The proposed method draws on established standards, such as the ISO/IEC 27002 and information classification practices. The long-term goal of the method is to decrease the subjective judgement in the implementation of information classification in organisations, which can lead to information security breaches because the information is under- or over-classified. Design/methodology/approach The results are based on a design science research approach, implemented as five iterations spanning the years 2013 to 2019. Findings The paper presents a method for information classification and the design principles underpinning the method. The empirical demonstration shows that senior and novice information security managers perceive the method as a useful tool for classifying information assets in an organisation. Research limitations/implications Existing research has, to a limited extent, provided extensive advice on how to approach information classification in organisations systematically. The method presented in this paper can act as a starting point for further research in this area, aiming at decreasing subjectivity in the information classification process. Additional research is needed to fully validate the proposed method for information classification and its potential to reduce the subjective judgement. Practical implications The research contributes to practice by offering a method for information classification. It provides a hands-on-tool for how to implement an information classification process. Besides, this research proves that it is possible to devise a method to support information classification. This is important, because, even if an organisation chooses not to adopt the proposed method, the very fact that this method has proved useful should encourage any similar endeavour. Originality/value The proposed method offers a detailed and well-elaborated tool for information classification. The method is generic and adaptable, depending on organisational needs.

Download Full-text

A design science-based case study of retail chain delivery operations and its implications

International Journal of Physical Distribution & Logistics Management ◽

10.1108/ijpdlm-11-2019-0352 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Shong-lee Ivan Su ◽

Xuemei Fan ◽

Yongyi Shou

Keyword(s):

Problem Solving ◽

Design Science ◽

Route Planning ◽

Science Research ◽

Research Process ◽

Research Literature ◽

Planning System ◽

Research Experience ◽

Content Type ◽

Supply Chain Logistics

PurposeThe study aims to explore and develop a smart route planning system for the cross-docking delivery operations of a large supermarket chain using an action research (AR) approach and assessing through a design science research (DSR) lens.Design/methodology/approachThis study took a problem-solving AR (PAR) approach toward the delivery operational issue of the case firm. The research process has accorded with the solution incubation and the refinement phases defined by a DSR framework. An intervention-based research framework for DSR is developed to assess the validity of this study as a DSR research and derive mid-range theories.FindingsDramatic operational and financial improvements were achieved for the case firm. Significant and unintended environmental and social benefits were also found. A design proposition (DP) and several mid-range theories are proposed as an extension of AR research to DSR research.Research limitations/implicationsA problem-solving DSR research can be better assessed by the intervention-based DSR framework developed in this study. DSR studies should be encouraged for both practical and theoretical advancement purposes.Practical implicationsA challenging business problem-solving study can be tackled effectively through an industry/academic collaboration taking a PAR approach to deliver substantial values and organization transformational results.Social implicationsDrivers and store associates are safer with smart delivery operations in the case firm.Originality/valueThere are still limited PAR design science case studies in the supply chain/logistics research literature. The research experience and findings gained from this study provide more insights toward how this type of research can be conducted and assessed.

Download Full-text

Usage control architecture options for data sovereignty in business ecosystems

Journal of Enterprise Information Management ◽

10.1108/jeim-03-2018-0058 ◽

2019 ◽

Vol 32 (3) ◽

pp. 477-495 ◽

Cited By ~ 1

Author(s):

Johannes Zrenner ◽

Frederik Oliver Möller ◽

Christian Jung ◽

Andreas Eitel ◽

Boris Otto

Keyword(s):

Data Exchange ◽

Design Science ◽

Science Research ◽

Research Process ◽

Control Architecture ◽

Usage Control ◽

Content Type ◽

Advantages And Disadvantages ◽

Data Provider ◽

Business Ecosystems

Purpose Current business challenges force companies to exchange critical and sensitive data. The data provider pays great attention to the usage of their data and wants to control it by policies. The purpose of this paper is to develop usage control architecture options to enable data sovereignty in business ecosystems. Design/methodology/approach The architecture options are developed following the design science research process. Based on requirements from an automotive use case, the authors develop architecture options. The different architecture options are demonstrated and evaluated based on the case study with practitioners from the automotive industry. Findings This paper introduces different architecture options for implementing usage control (UC). The proposed architecture options represent solutions for UC in business ecosystems. The comparison of the architecture options shows the respective advantages and disadvantages for data provider and data consumer. Research limitations/implications In this work, the authors address only one case stemming from the German automotive sector. Practical implications Technical enforcement of data providers policies instead of relying on trust to support collaborative data exchange between companies. Originality/value This research is among the first to introduce architecture options that provide a technical concept for the implementation of data sovereignty in business ecosystems using UC. Consequently, it supports the decision process for the technical implementation of data sovereignty.

Download Full-text

Customer knowledge management and smart tourism destinations: a framework for the smart management of the tourist experience – SMARTUR

Journal of Knowledge Management ◽

10.1108/jkm-07-2020-0529 ◽

2020 ◽

Vol 25 (5) ◽

pp. 1336-1361

Author(s):

Emerson Cleister Lima Muniz ◽

Gertrudes Aparecida Dandolini ◽

Alexandre Augusto Biz ◽

Alessandro Costa Ribeiro

Keyword(s):

Knowledge Management ◽

Design Science ◽

Science Research ◽

Structured Interviews ◽

Customer Knowledge ◽

Content Type ◽

Customer Knowledge Management ◽

Tourist Experience ◽

Tourism Destinations ◽

Smart Tourism

Purpose This paper aims to demonstrate how customer knowledge management (CKM) can assist destination management organizations (DMOs) in the smart management of the tourist experience to contribute to the creation of smart solutions and the promotion of smart tourism destinations (STDs). To accomplish it, a CKM conceptual framework aligned with smart tourism and composed of eight processes is developed to guide managers in this management. Design/methodology/approach This research adopts the design science research methodology and applies its steps. It was supported by a systematic integrative literature review on CKM models and frameworks and their main elements, as well as by semi-structured interviews with tourism specialists in the context of Santa Catarina, Brazil. Findings From the literature it appears that tourist experiences are customer knowledge essential to the improvement and innovation of tourism products and services, and that CKM, still little explored in this scenario, tends to contribute to the management of this crucial knowledge for smart tourism. The analyses and improvements to the structure developed by specialists show its applicability and contributions to the management of STD experiences. Originality/value This paper offers an original contribution to the integration of the theoretical constructs of CKM, tourist experience and STDs by showing how the CKM, from tourism experiences, technologies and social networks, can assist DMOs in the management of experiences and promotion of STDs.

Download Full-text

Cycles of action and reflection as the basis of transformative innovation

Management Research Review ◽

10.1108/mrr-02-2018-0063 ◽

2019 ◽

Vol 42 (1) ◽

pp. 141-154

Author(s):

Mónica Ramos-Mejía ◽

Juan Manuel Jauregui-Becker ◽

Marlies Koers-Stuiver ◽

María-Laura Franco-Garcia

Keyword(s):

Experiential Learning ◽

Business Models ◽

Design Research ◽

Design Science ◽

Academic Research ◽

Interdisciplinary Approach ◽

Science Research ◽

Research Process ◽

Learning Model ◽

Content Type

Purpose This paper aims at explaining the design process of a learning model targeting potential entrepreneurs with no technical or business expertise aiming to develop sustainable business models in deprived areas. The case that the paper explores focuses on experiential learning and learning in adulthood to design a learning model that considers context and socio-demographic characteristics, makes clear the interconnections between sustainability principles, entrepreneurship rationale and design methodologies and includes actions and processes of reflection and contextual interaction. Design/methodology/approach Following a recursive argument, the paper applies design research methodology (DRM) to systematically design the “transformative innovation model” that Product Co Creation Centers (PC3) from the University of Twente (The Netherlands) has developed. Findings Building on Kolb’s cycle of experiential learning, the result of applying DRM is a learning cycle of confrontation, observation, practice and application. The proposed learning model is applied to a specific setting in Colombia, allowing to verify and validate whether the learning model leads to the expected outcomes. It is argued that an interdisciplinary approach, a focus on feedback loops and the consideration of the context are important elements for addressing and transforming complex problems related to sustainable development from the bottom-up. Originality/value This paper contributes to academic research in management emphasizing a solution-finding approach based on a prescription-driven research process, informed by design science research.

Download Full-text