Information security education based on job profiles and the e-CF

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Marcel Spruit

PurposeThe information security field requires standardised education. This could be based on generic job profiles and a standard competence framework. The question is whether this is possible and feasible. To find out, the author did a case study: developing an information security master curriculum based on a generic PVIB job profile and the underlying competence framework e-CF.Design/methodology/approachThe research is a case study, using Design Science. Starting point is the specification of the learning goals for a cybersecurity master curriculum, using a generic PvIB job profile and the underlying competence framework e-CF. The curriculum has subsequently been developed, using backward design. Thereafter, the curriculum has been submitted for accreditation to test the successfulness of the approach.FindingsA generic job profile and a competence framework such as the e-CF support the development of standardised education. The generic PVIB job profile used works well. The e-CF can be useful, but requires modifications and the introduction of sub-competences. However, the main complaint concerning the e-CF is the use of examples instead of mandatory content.Originality/valueCompetence frameworks are available to formulate job descriptions, and are also suited for developing standardised education. Little research has been done on this. This case study shows that a competence framework is a useful tool for developing standardised education, although the e-CF may not be the most appropriate.

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Erik Bergström ◽  
Fredrik Karlsson ◽  
Rose-Mharie Åhlfeldt

Purpose The purpose of this paper is to develop a method for information classification. The proposed method draws on established standards, such as the ISO/IEC 27002 and information classification practices. The long-term goal of the method is to decrease the subjective judgement in the implementation of information classification in organisations, which can lead to information security breaches because the information is under- or over-classified. Design/methodology/approach The results are based on a design science research approach, implemented as five iterations spanning the years 2013 to 2019. Findings The paper presents a method for information classification and the design principles underpinning the method. The empirical demonstration shows that senior and novice information security managers perceive the method as a useful tool for classifying information assets in an organisation. Research limitations/implications Existing research has, to a limited extent, provided extensive advice on how to approach information classification in organisations systematically. The method presented in this paper can act as a starting point for further research in this area, aiming at decreasing subjectivity in the information classification process. Additional research is needed to fully validate the proposed method for information classification and its potential to reduce the subjective judgement. Practical implications The research contributes to practice by offering a method for information classification. It provides a hands-on-tool for how to implement an information classification process. Besides, this research proves that it is possible to devise a method to support information classification. This is important, because, even if an organisation chooses not to adopt the proposed method, the very fact that this method has proved useful should encourage any similar endeavour. Originality/value The proposed method offers a detailed and well-elaborated tool for information classification. The method is generic and adaptable, depending on organisational needs.


2015 ◽  
Vol 16 (1) ◽  
pp. 199-223 ◽  
Author(s):  
Enrique Claver-Cortés ◽  
Patrocinio Carmen Zaragoza-Sáez ◽  
Hipólito Molina-Manchón ◽  
Mercedes Úbeda-García

Purpose – Based on the literature devoted to family firms and the intellectual capital-based view of the firm, the purpose of this paper is not only to identify the most important human capital intangibles owned by family firms but also to show a number of indicators that can help measure them. Design/methodology/approach – A qualitative case-study-based research approach was adopted taking as reference: 25 family firms belonging to different sectors; previous works existing in the literature; and the intellectus model. Findings – The present study identifies ten intangibles associated with the human capital of family firms and shows 60 indicators that can be used to measure them. It additionally provides empirical evidence and gives examples of these intangibles through the analysis of 25 international family firms. Research limitations/implications – The difficulty in collecting all the human capital intangibles of family firms; the problems associated with the creation of accurate indicators; and those specific to the research methodology adopted. Practical implications – Identifying the human capital intangibles of family firms and their indicators can help managers become aware of their importance, and this will consequently help them improve their management. This could be an interesting starting point to value these intangibles in the balance sheet as well as to draw comparisons between family and non-family organisations. Originality/value – The framework provided by family firms sheds light on several intangibles specific to these firms – precisely for their condition as “family” firms. Those intangibles – human capital intangibles being especially highlighted in this study – provide the basis for the achievement of competitive advantages.


2018 ◽  
Vol 26 (1) ◽  
pp. 91-108 ◽  
Author(s):  
Khaled A. Alshare ◽  
Peggy L. Lane ◽  
Michael R. Lane

Purpose The purpose of this case study is to examine the factors that impact higher education employees’ violations of information security policy by developing a research model based on grounded theories such as deterrence theory, neutralization theory and justice theory. Design/methodology/approach The research model was tested using 195 usable responses. After conducting model validation, the hypotheses were tested using multiple linear regression. Findings The results of the study revealed that procedural justice, distributive justice, severity and celerity of sanction, privacy, responsibility and organizational security culture were significant predictors of violations of information security measures. Only interactional justice was not significant. Research limitations/implications As with any exploratory case study, this research has limitations such as the self-reported information and the method of measuring the violation of information security measures. The method of measuring information security violations has been a challenge for researchers. Of course, the best method is to capture the actual behavior. Another limitation to this case study which might have affected the results is the significant number of faculty members in the respondent pool. The shared governance culture of faculty members on a US university campus might bias the results more than in a company environment. Caution should be applied when generalizing the results of this case study. Practical implications The findings validate past research and should encourage managers to ensure employees are involved with developing and implementing information security measures. Additionally, the information security measures should be applied consistently and in a timely manner. Past research has focused more on the certainty and severity of sanctions and not as much on the celerity or swiftness of applying sanctions. The results of this research indicate there is a need to be timely (swift) in applying sanctions. The importance of information security should be grounded in company culture. Employees should have a strong sense of treating company data as they would want their own data to be treated. Social implications Engaging employees in developing and implementing information security measures will reduce employees’ violations. Additionally, giving employees the assurance that all are given the same treatment when it comes to applying sanctions will reduce the violations. Originality/value Setting and enforcing in a timely manner a solid sanction system will help in preventing information security violations. Moreover, creating a culture that fosters information security will help in positively affecting the employees’ perceptions toward privacy and responsibility, which in turn, impacts information security violations. This case study applies some existing theories in the context of the US higher education environment. The results of this case study contributed to the extension of existing theories by including new factors, on one hand, and confirming previous findings, on the other hand.


Author(s):  
Roel Wagter ◽  
Henderik A. Proper ◽  
Dirk Witte

In this chapter, the authors pose a theory for the governance of enterprise coherence. The proposed theory consists of three key ingredients: an Enterprise Coherence-governance Assessment (ECA), an Enterprise Coherence Framework (ECF), and an Enterprise Coherence Governance (ECG) approach. The ECA provides an explicit indication of the degree at which an organisation governs its coherence, while also providing a base to achieve a shared understanding of the level of coherence, and actions needed to improve it. The ECF is a practice-based framework that enables enterprises to make the coherence between key aspects, such as business, finance, culture, IT, etc. explicit. The ECG approach offers the instruments to guard/improve the level of coherence in enterprises during transformations. An important trigger to develop this new theory was the observation that many transformation projects fail. These failures even included projects that used an explicit enterprise architecture to steer the transformation. The theory was developed as part of the GEA (General Enterprise Architecting) research programme, involving twenty client organizations. Based on a survey of the possible causes for the project failures, the requirements for the research programme are identified. In developing the theory on enterprise coherence, the following hypothesis is used as a starting point: the overall performance of an enterprise is positively influenced by a strong coherence among the key aspects of the enterprise, including business processes, organizational culture, product portfolio, human resources, information systems, IT support, etc. The research programme uses a combination of design science-based iterations and case study-based research to develop and iterate the theory for enterprise coherence governance. In this chapter, the authors also discuss one of the conducted (real world) case studies, showing the application of the enterprise coherence theory.


2020 ◽  
Vol 22 (3) ◽  
pp. 227-244
Author(s):  
João Serrado ◽  
Ruben Filipe Pereira ◽  
Miguel Mira da Silva ◽  
Isaías Scalabrin Bianchi

Purpose Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach The design science research process was followed and semi-structured interviews performed. Findings A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.


Author(s):  
Timothy G. Cashman

Purpose The purpose of this paper is to provide comparative perspectives on how educators teach issues that affect two countries with a history of governmental tensions. The investigation examines how teachers in Cuban classrooms engage in discourses on the recent developments in Cuban and US relations, including the teaching of historical and territorial issues. This research considers border pedagogy, critical border dialogism and critical border praxis as approaches for those who educate on the effects of US international policies. Ultimately, pragmatic hope offers the possibilities for an emergent third space for Cuban and US relations, including educational exchanges. Design/methodology/approach The research took place in Cuba during an educational exchange to Cuban secondary and university educational sites. Cuban educators of pedagogy and social education engaged in dialogue and shared information on how they address US international policies during their classroom discussions. The researcher employed methodologies that followed Stake’s (2000) model for a substantive case study. Impressions, data, records and salient elements at the observed site were recorded. Transcriptions were documented for face-to-face interviews and hour-long focus group sessions. Participants also logged responses to written survey questions. The study focused on how Cuban educators taught, discussed and addressed the US international policies in classrooms. Findings Heteroglossia, meliorism, critical cosmopolitanism, nepantla, dialogic feminism and pragmatic hope were components of the data analysis. Heteroglossia was an essential consideration throughout the study as multiple interpretations of Cuban and US interconnectedness emerged. Meliorism factored into Cuban educators’ commitments to their professions. Critical cosmopolitanism developed as educators put forth different conceptualizations of human rights and democracy. Nepantla emerged as a key aspect as indigenous and self-determined viewpoints emerged. Dialogic feminism was preeminent as patriarchy continues to exist, despite a new awareness of gender roles and gender violence. Pragmatic hope offers possibilities for a transnational community of inquiry and collaboration. Research limitations/implications The most obvious limitation to this study is, as a case study, the limited scope of perception. Practical implications If future relations between Cuban and the US are deemed uncertain, critical border praxis has an essential role in addressing new sets of uncertainties. This study recommends that educational communities engage in discourses addressing ongoing issues facing the dynamic, fluid border environs. Critical border praxis provides conditions in which we, as educators and members of diverse communities of learners, become cross-borders and broaden the possibilities to achieve what had been considered the unattainable. Resources need to be prioritized and redirected toward educational efforts on national, state and local levels so critical border praxis becomes a reality. Social implications Through transnational and transborder engagements, such as educational exchanges, both US and Cuban educators are provided opportunities to reflect on the strengths and weaknesses of their own educational systems. The role of education, formal and informal, then serves to transform perceptions one-by-one, school-by-school, community-by-community and to influence policy makers to reconstruct education country-by-country as part of pragmatic hope for an enduring Pax Universalis. Pax Universalis serves as a third space where transborder students and educators alike are positioned as co-creators of knowledge and agents of change. Originality/value This study proposes a new emergent third space resulting from critical border dialogism that utilizes border pedagogy and critical pedagogies of place to seek new zones of mutual respect and cooperation among educators. Common educational understandings are the key starting point for a critical border praxis that facilitates ongoing dialogue between the two countries and offers pragmatic hope for the futures of both nations and opportunities to ameliorate relationships. An emergent third space is possible through sustained critical border praxis, a praxis that seeks to address points of contention and the bridges that need crossing between the two neighboring countries.


2017 ◽  
Vol 21 (4) ◽  
pp. 351-376 ◽  
Author(s):  
Marcin Czajkowski

Purpose The purpose of this paper is to critically examine existing models for cost of quality. Having identified issues and limitations of historic models, develop and implement a novel, structured hybrid cost of quality model to identify and effectively manage cost of company’s product. Design/methodology/approach A theoretical framework is proposed based on an integration of three existing, historical cost of quality models into a structured hybrid model. Subsequently, an exploratory pilot case study in a manufacturing environment is described that illustrates the value of the model. Findings The paper manages to find how a hybrid model can help identify cost of quality more accurately than the traditional models. Thanks to the new model, the author shows how gaps between product’s theoretical and actual costs can be highlighted. This allows management to drive down cost of quality and improve business performance. Research limitations/implications The model would benefit from a company-wide implementation. The present study provides a starting point for further research in the international manufacturing sector. Practical implications The framework improves the knowledge of cost of quality by providing a new case study with full results and analysis from a UK-based manufacturing company. It provides a critical re-evaluation of available literature, including the most recent publications as far as practically possible within timescale available. The study shows the importance of comprehensive cost collection if companies are to have the right data needed to manage business excellence. Originality/value The paper presents a development of the first structured hybrid model for measuring cost of quality using the strongest points of main three approaches and addresses their limitations. It gives new arguments against allocation of some cost elements within BS 6143-2:1990, resulting in recommendations for further brainstorming of pros and cons of the suggestion.


2014 ◽  
Vol 22 (4) ◽  
pp. 418-441 ◽  
Author(s):  
Patrick Schueffel ◽  
Rico Baldegger ◽  
Wolfgang Amann

Purpose – The purpose of this paper is to identify factors that influence so-called born-again global firms’ internationalization behavior. Specifically, this article explores the following questions: why do mature, domestically focused firms suddenly turn into born-again global firms, how do they do so and what elements are needed for born-again global firms to be sustainable. Design/methodology/approach – Using an established international entrepreneurship model as a starting point, we extract relevant factors for a conceptual framework on born-again global firms’ internationalization activities. Case study research among a cross-sectional sample of born-again global firms is being applied for that purpose. Findings – Driven by the insufficient size of their domestic market, born-again global firms typically embark on internationalization after a generational change at the chief executive officer level. Throughout their internationalization journey, they flexibly adapt toward new needs of their foreign environments. Due to their idiosyncratic characteristics, born-again global firms deserve consideration as a separate group of research objects in the field of international entrepreneurship. Research limitations/implications – The investigated sample of case study firms was drawn across a variety of industries. As such, industry-specific conditions could not be observed and the findings from case study research run the risks of being generalized too broadly. In addition, the accuracy of the case study results may suffer from a certain degree of hindsight bias as the internationalization event took place in the past. Practical implications – Openness to learning from other markets and the flexibility to modify products according to client needs strengthen born-again global firms’ competitiveness. To endure, born-again global firms have to be innovative in adapting to changes, which makes it easier for them to launch their products in new markets. Originality/value – To date, international entrepreneurship has focused on the activities of small and newly established firms, largely neglecting the behavior of somewhat larger and established firms in traditional sectors. This study shows that established companies can exhibit the same innovative, proactive and risk-seeking behavior across borders as new ventures do. Despite their strongly rooted structures, strategies and cultures, born-again globals can flexibly adapt to new environments.


2015 ◽  
Vol 7 (2) ◽  
pp. 308-330 ◽  
Author(s):  
Hsuying C. Ward ◽  
Ming-Tsan P. Lu ◽  
Brendan H. O'Connor ◽  
Terry Overton

Purpose – The purpose of this paper is to outline findings from practitioner research with a university faculty learning community (FLC) that organized itself to effect bottom-up change. The study explores beliefs about the efficacy of collaboration among members of the FLC and serves as a best case of grassroots faculty collaboration during a period of institutional change. Design/methodology/approach – This is a case study using semi-structured interviews with FLC members and document review of short-term learning data from students who participated in workshops offered by the FLC. Findings – Creative faculty responses to challenges posed by large-scale institutional transformation improved the teaching and learning environment for faculty and students. This case study highlights four characteristics that were crucial to the success of this FLC and which could provide a helpful starting point for faculty collaboration at other institutions. Research limitations/implications – This is a preliminary, self-reflective study with a small number of participants working at a unique institution. Findings are presented not as strictly generalizable truths about faculty collaboration in higher education, but as “lessons learned” that may be valuable to other faculty seeking to take a more proactive role in contexts of institutional change. Practical implications – This case study highlights four characteristics that were crucial to the success of this FLC and which could provide a helpful starting point for faculty collaboration at other institutions. Social implications – This study illustrates how bottom-up, faculty-led collaboration can address institutional problems in a university setting. Creative faculty responses to challenges posed by large-scale institutional transformation can improve the teaching and learning environment for faculty and students. Originality/value – This study documents one FLC’s innovative responses to institutional challenges and shifts the conversation about university-based teaching and learning away from bureaucratic mandates related to faculty interactions and productivity and toward faculty’s organic responses to changing institutional conditions.


2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Christian Hugo Hoffmann

PurposeFollowing the call for strengthening the third pillar of knowledge in entrepreneurship as well as work-applied management contexts constituted by pragmatic design principles, we present a case study on an insurtech for insurance firms specialized in smart contract insurance solutions such as flight delay or ski resort insurance.Design/methodology/approachDesign science.FindingsThis not only serves as a pointer for how insurances may master their digital transformation while remaining competitive. But moreover, on the meta level, we find that the adoption of entrepreneurial design principles by the students, whose experiential project represents our case study, does not necessarily require continuous support or foundational knowledge to be delivered beforehand. However, for a deeper or more holistic assessment of the case sketched in their project, it makes sense to introduce them to newer developments such as the simple, practical framework of the Entrepreneur's Question Index.Originality/valueInnovative teaching method on innovative topics.


Sign in / Sign up

Export Citation Format

Share Document