scholarly journals Modelling adaptive information security for SMEs in a cluster

2019 ◽  
Vol 21 (2) ◽  
pp. 235-256 ◽  
Author(s):  
Bilge Yigit Ozkan ◽  
Marco Spruit ◽  
Roland Wondolleck ◽  
Verónica Burriel Coll
Keyword(s):  
Information Security ◽  
Design Science ◽  
Shared Knowledge ◽  
Future Research ◽  
Maturity Model ◽  
Content Type ◽  
Scarce Resources ◽  
The Creation ◽  
The Cost ◽  
Further Development

Purpose This paper presents a method for adapting an Information Security Focus Area Maturity (ISFAM) model to the organizational characteristics (OCs) of a small- and medium-sized enterprise (SME) cluster. The purpose of this paper is to provide SMEs with a tailored maturity model enabling them to capture and improve their information security capabilities. Design/methodology/approach Design Science Research was followed to design and evaluate the method as a design artifact. Findings The method has successfully been used to adapt the ISFAM model to a group of SMEs within a regional cluster resulting in a model that is aligned with the OCs of the cluster. Areas for further investigation and improvements were identified. Research limitations/implications The study is based on applying the proposed method for the SMEs active in the transport, logistics and packaging sector in the Port of Rotterdam. Future research can focus on different sectors and regions. The method can be used for adapting other focus area maturity models. Practical implications The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources. Originality/value The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources.

Social appreciation for the improvement of tourism management of 20th-century heritage: a methodological proposal

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Gema Ramírez-Guerrero ◽  
Javier García-Onetti ◽  
Juan Adolfo Chica-Ruiz ◽  
Manuel Arcíla-Garrido
Keyword(s):  
20Th Century ◽  
Management Tool ◽  
Future Research ◽  
Analysis Tool ◽  
Content Type ◽  
Cultural Assets ◽  
Current State ◽  
The Social ◽  
Depth Analysis ◽  
The Creation

Purpose This paper attempts to fill the gap that exists in research regarding 20th-century heritage and its social appreciation. The purpose of this paper is to explore different ways of evaluating the heritage value and tourism potential and to propose an innovative model validated in the Zarzuela Hippodrome as an example of cultural asset from 20th century with important economic, social, cultural, aesthetic and architectural aspects. Design/methodology/approach This study opted for an interpretation of heritage from an ecosystem, integrating and global paradigm, understanding the asset as a set of resources that interact with each other, generating a common and enriched tourist experience among all the elements that make it up. From this perspective, it is conceived that by modifying one of the elements, the whole (tourist) ecosystem will be equally influenced. On the other side, it was incorporated non-parametric techniques based on the implementation of surveys for the validation of the tool to the case study of the Zarzuela hippodrome. Findings The results suggest that the hippodrome's internal values have been evaluated very positively, while its external values are low. Through this study, the paper has identified several weaknesses that impede its functioning as a viable “tourist product.” The distance from the city center, the lack of available information and the scarce diffusion and tourism promotion are its main weaknesses. The proposed analysis tool reveals the importance of the active participation of visitors to evaluate cultural assets through the combination of aspects related to the conservation of cultural assets and, in turn, elements that encourage their commodification as tourist products, break down barriers between these two disciplines. Research limitations/implications The management tool proposed in this study can be used to underpin the creation of tourism experiences in cultural or heritage assets by diagnosing the current state of its tourist potential, quantifying its value in relation to the visitors’ perception and making visible those problematic aspects to develop actions to solve them. Although the present study is support for future research, as well as for improving the marketing of heritage in tourist settings, an in-depth analysis of the technical elements of heritage, as well as of its intervention (if applicable), will be necessary for the managers who want to use the tool. Social implications One of the most differentiating characteristics between the construction typology of 20th-century historical buildings is perhaps the scarcity of decorative ornamentation, with exposed concrete being the main surface coating. Many of these constructions have an important cultural and historical relevance, however, the social perception, as regards its consideration as architectural and artistic heritage seems to reflect discordant aspects. This study provides support as a decision-making tool to determine the existing valuation of a building and how to enhance it. Originality/value This study takes steps toward the creation of a model that supports decision-makers and owners of cultural assets through a measurement system that makes it possible to quantify and determine the current state of tourism use through the social evaluation of heritage criteria. It defines which are the elements that favor the resilience of the property or, on the contrary, which are those that undermine its enhancement.

Blockchain as supply chain technology: considering transparency and security

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Pei Xu ◽  
Joonghee Lee ◽  
James R. Barth ◽  
Robert Glenn Richey
Keyword(s):  
Supply Chain ◽  
Text Mining ◽  
Information Security ◽  
Design Methodology ◽  
Use Cases ◽  
Future Research ◽  
Content Type ◽  
Blockchain Technology ◽  
Twitter Data ◽  
The Way

PurposeThis paper discusses how the features of blockchain technology impact supply chain transparency through the lens of the information security triad (confidentiality, integrity and availability). Ultimately, propositions are developed to encourage future research in supply chain applications of blockchain technology.Design/methodology/approachPropositions are developed based on a synthesis of the information security and supply chain transparency literature. Findings from text mining of Twitter data and a discussion of three major blockchain use cases support the development of the propositions.FindingsThe authors note that confidentiality limits supply chain transparency, which causes tension between transparency and security. Integrity and availability promote supply chain transparency. Blockchain features can preserve security and increase transparency at the same time, despite the tension between confidentiality and transparency.Research limitations/implicationsThe research was conducted at a time when most blockchain applications were still in pilot stages. The propositions developed should therefore be revisited as blockchain applications become more widely adopted and mature.Originality/valueThis study is among the first to examine the way blockchain technology eases the tension between supply chain transparency and security. Unlike other studies that have suggested only positive impacts of blockchain technology on transparency, this study demonstrates that blockchain features can influence transparency both positively and negatively.

scholarly journals Cultivate, assess, advocate, implement, and sustain

2017 ◽  
Vol 33 (2) ◽  
pp. 100-116 ◽  
Author(s):  
Sara Mannheimer ◽  
Conor Cote
Keyword(s):  
Cost Savings ◽  
Digital Preservation ◽  
Shared Vision ◽  
Limited Resources ◽  
Shared Knowledge ◽  
Collective Knowledge ◽  
Content Type ◽  
The Cost ◽  
Ongoing Support

Purpose For libraries with limited resources, digital preservation can seem like a daunting responsibility. Forming partnerships can help build collective knowledge and maximize combined resources to achieve digital preservation goals. This paper aims to provide guidance to help libraries with limited resources achieve digital preservation goals by forming partnerships to build collective knowledge and maximize combined resources. Design/methodology/approach In 2015, librarians from four Montana institutions formed the Digital Preservation Working Group (DPWG), a collaboration to increase digital preservation efforts statewide. The group’s immediate goals were to promote digital preservation best-practices at each individual institution, and to learn about and support each other’s work. The group’s long-term goal was to implement a shared digital preservation service that would fill gaps in existing digital preservation efforts. Findings Beyond the cost savings gained by sharing a digital preservation service, the members of DPWG benefitted from shared knowledge and expertise gained during the partnership. The group also functioned as a sounding board as each institution built its digital preservation program, and it became a system of support when challenges arose. Practical/implications This paper proposes a five-point plan for creating digital preservation partnerships: cultivate a foundation of knowledge and identify a shared vision; assess the current digital preservation landscape at each institution; advocate for the value of digital preservation activities; implement shared digital preservation services; and sustain group activities and establish structures for ongoing support. Originality/value The activities of DPWG provide a model for institutions seeking to collaborate to meet digital preservation challenges. This paper shows that by implementing a structured plan, institutions can build and sustain digital preservation partnerships, thus positioning themselves to achieve digital preservation success.

scholarly journals Information security frameworks for assisting GDPR compliance in banking industry

2020 ◽  
Vol 22 (3) ◽  
pp. 227-244
Author(s):  
João Serrado ◽  
Ruben Filipe Pereira ◽  
Miguel Mira da Silva ◽  
Isaías Scalabrin Bianchi
Keyword(s):  
European Union ◽  
Information Security ◽  
Design Science ◽  
Science Research ◽  
Research Process ◽  
The Body ◽  
The European Union ◽  
Structured Interviews ◽  
Content Type ◽  
General Data Protection Regulation

Purpose Data can nowadays be seen as the main asset of organizations and data leaks have a considerable impact on the organization’s image, revenues and possible consequences to the affected clients. One of the most critical industries is the bank. Information security frameworks (ISF) have been created to assist organizations and other frameworks evolved to update these domain practices. Recently, the European Union decided to create the general data protection regulation (GDPR), applicable to all organizations dealing with personal data of citizens residing in the European Union. Although considered a general regulation, GDPR implementation needs to align with some industries’ laws and policies. Especially in the Bank industry. How these ISF can assist the implementation of GDPR is not clear. Design/methodology/approach The design science research process was followed and semi-structured interviews performed. Findings A list of practices to assist the bank industry in GDPR implementation is provided. How each practice map with assessed ISF and GDPR requirements is also presented. Research limitations/implications As GDPR is a relatively recent subject, it is hard to find experts in the area. It is more difficult if the authors intend to find experienced people in the GDPR and bank industry. That is one of the main reasons this study does not include more interviews. Originality/value This research provides a novel artefact to the body of knowledge. The proposed artefact lists which ISF practices banks should implement to comply with GDPR. By doing it the artefact provides a centralized view about which ISF frameworks (or part of them) could be implemented to help banks comply with GDPR.

Obstacles and challenges in applying stakeholder analysis to infrastructure projects

2019 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Anna Wojewnik-Filipkowska ◽  
Anna Dziadkiewicz ◽  
Wioleta Dryl ◽  
Tomasz Dryl ◽  
Robert Bęben
Keyword(s):  
Life Cycle ◽  
Public Involvement ◽  
Stakeholder Analysis ◽  
Future Research ◽  
Infrastructure Projects ◽  
Cross Sectional ◽  
Content Type ◽  
Infrastructure Project ◽  
The Creation

Purpose Public involvement is essential in the creation of effective local strategies for the development of a sustainable built environment, yet there has been little research on stakeholder motivation and engagement in the creation of infrastructure-project value, in the entire life cycle of a given project, while different markets show that overlooking stakeholders can negatively affect the success of an infrastructure project. The purpose of this paper is to fill the theory-practice gap that has been discerned, and thus study how early public involvement determines the success of an infrastructure project, which is identified with its value creation (effectiveness, sustainability and utility). Design/methodology/approach This research entails a combination of methods. A case study analysis allowed observation of the role the stakeholders play and of how the relationships, perspectives, expectations and risks, along with other soft issues, continue to affect projects. The case study required comprehensive examination of project documentation and conduction of interviews. To collect data, focused group interviews and semi-structured interviews were used, supported with direct questionnaire surveys. Findings The study provides evidence that early public engagement can contribute to infrastructure-project value (effectiveness, sustainability and utility). Practically speaking, the stakeholder analysis performed allowed proposal of a general stakeholder analysis framework for infrastructure projects. It can be implemented at each investment phase of the project life cycle, since stakeholders and their motivation may develop and/or change over time, which necessitates development of proper managerial strategies. The findings highlight the opportunities and the challenges faced by stakeholder management. Research limitations/implications The limitation of this study derives from the fact that the sample size was small, which was necessary for an in-depth qualitative research and application of the case study method. The observations were made on a selected case study, within a limited period of time, thus the context of the analysis as well as the stakeholder perception was subject to possible change. The research limitations concern the provisional nature of the information obtained, the cross-sectional nature of the analysis itself, and, finally, the inability to predict all future events. Ultimately, stakeholder mapping was performed for the operational phase of the investment exclusively, while the analysis was limited to identification and classification of the stakeholders, including their relationship with the project. Practical implications The research conclusions provide useful input for future research on development of effective strategies for management of the shareholders that are related to a given infrastructure project, in order to achieve project success. Simultaneously, from a property perspective, the research has contributed to a better understanding of the importance of infrastructure, on the part of real estate stakeholders. Social implications Application of the approach proposed in the study may contribute to early development and implementation of appropriate trust-building processes. The building of relationships between stakeholders enables checks and balances, promotes short- and long-term project benefits, and increases the value of a project. Originality/value The novelty of the research consists in the connection, as part of infrastructure projects, of the theory of consumption values and the concept of an investment cycle with the framework of stakeholder analysis.

scholarly journals A systematic review on organizational empowerment

2019 ◽  
Vol 27 (5) ◽  
pp. 1336-1361
Author(s):  
Linda Rothman ◽  
Frans De Vijlder ◽  
René Schalk ◽  
Martine Van Regenmortel
Keyword(s):  
Systematic Review ◽  
Web Of Science ◽  
Service Organizations ◽  
Future Research ◽  
Content Type ◽  
Starting Point ◽  
Broad Concept ◽  
Organizational Empowerment ◽  
Further Development ◽  
Practical Implications

Purpose This paper aims to present a systematic review on organizational empowerment (OE) using Peterson and Zimmerman´s model (2004) as a starting point. The aim is to further conceptualize OE, discover how the components in the model influence each other and identify recommendations for future research. Design/methodology/approach All articles that cited the OE model, published in 2004 by Peterson and Zimmerman, have been systematically reviewed. In total, 37 studies of 410, found in Google Scholar and Web of Science, are included in the review. Findings The review revealed that intra-, inter- and extra-organizational empowerment affect each other and that evidence for the processes and outcomes on intra-organizational empowerment have increased, but there is limited additional evidence for the other two components. Research limitations/implications Literature was searched in two databases, focusing on the OE model. A search using other databases on OE as a broad concept might provide additional sources. Practical implications Findings are relevant for professionals, leaders in human service organizations, educators and researchers. Practice can be improved by applying the knowledge; educators can use the results in their program and researchers may use the findings for the further development of OE. Originality/value Since the OE model was presented in 2004, no systematic review has been performed. Therefore, this review contributes to the further conceptualization of OE.

Economic consequences of consumer repair strategies for electrical household devices

2019 ◽  
Vol 33 (4) ◽  
pp. 747-767 ◽  
Author(s):  
Jan Brusselaers ◽  
Ellen Bracquene ◽  
Jef Peeters ◽  
Yoko Dams
Keyword(s):  
Life Cycle Cost ◽  
Economic Consequences ◽  
Future Research ◽  
Data Sets ◽  
Annual Life Cycle ◽  
Content Type ◽  
Repair Strategy ◽  
Repair Costs ◽  
The Cost ◽  
Practical Implications

Purpose The purpose of this paper is to investigate to what extent a consumer’s repair strategy impacts the annual costs of ownership of a washing machine and two types of vacuum cleaner. Design/methodology/approach The annual cost of ownership is determined by calculating the annual life cycle cost (LCC) for the respective devices. The annual LCCs of the different scenarios allow a comparison of the different repair strategy options. A Monte Carlo simulation is run to introduce parameter variability. The device’s failure rate is estimated by a combination of data sets on the devices’ performance. Findings Results demonstrate that the repair of the devices considered is a more favourable option over replacement. A consumer who aims for the lowest annual LCC should allow for a high number of repairs per device, without putting a maximum on the cost per repair. However, the consumer should become more cautious when a device approaches the end of its expected lifetime. Finally, the purchase of warranty can be interesting when the warranty covers a sufficiently long proportion of the device’s (expected) lifetime and when its cost does not exceed a threshold proportion of the initial purchase price. Research limitations/implications The costs for repair might be overestimated. Future research can focus on the reduction of repair costs following self-repair. Practical implications The results provide strong arguments in favour of repair instead of replacement of broken devices. Originality/value This is the first research to quantify the influence of consumer behaviour in the context of repair of devices on the ownership costs of these devices.

The hunt for computerized support in information security policy management

2020 ◽  
Vol 28 (2) ◽  
pp. 215-259 ◽  
Author(s):  
Elham Rostami ◽  
Fredrik Karlsson ◽  
Ella Kolkowska
Keyword(s):  
Information Security ◽  
Research Methods ◽  
Security Policy ◽  
Critical Discussion ◽  
Future Research ◽  
Management Process ◽  
Management Research ◽  
Information Security Policy ◽  
Content Type ◽  
Literature Reviews

Purpose The purpose of this paper is to survey existing information security policy (ISP) management research to scrutinise the extent to which manual and computerised support has been suggested, and the way in which the suggested support has been brought about. Design/methodology/approach The results are based on a literature review of ISP management research published between 1990 and 2017. Findings Existing research has focused mostly on manual support for managing ISPs. Very few papers have considered computerised support. The entire complexity of the ISP management process has received little attention. Existing research has not focused much on the interaction between the different ISP management phases. Few research methods have been used extensively and intervention-oriented research is rare. Research limitations/implications Future research should to a larger extent address the interaction between the ISP management phases, apply more intervention research to develop computerised support for ISP management, investigate to what extent computerised support can enhance integration of ISP management phases and reduce the complexity of such a management process. Practical implications The limited focus on computerised support for ISP management affects the kind of advice and artefacts the research community can offer to practitioners. Originality/value Today, there are no literature reviews on to what extent computerised support the ISP management process. Findings on how the complexity of ISP management has been addressed and the research methods used extend beyond the existing knowledge base, allowing for a critical discussion of existing research and future research needs.

Information security culture – state-of-the-art review between 2000 and 2013

2015 ◽  
Vol 23 (3) ◽  
pp. 246-285 ◽  
Author(s):  
Fredrik Karlsson ◽  
Joachim Åström ◽  
Martin Karlsson
Keyword(s):  
Information Security ◽  
Research Methods ◽  
State Of The Art ◽  
Assessment Tools ◽  
Future Research ◽  
Research Topics ◽  
Content Type ◽  
Security Culture ◽  
Systems Research ◽  
Information Security Culture

Purpose – The aim of this paper is to survey existing information security culture research to scrutinise the kind of knowledge that has been developed and the way in which this knowledge has been brought about. Design/methodology/approach – Results are based on a literature review of information security culture research published between 2000 and 2013 (December). Findings – This paper can conclude that existing research has focused on a broad set of research topics, but with limited depth. It is striking that the effects of different information security cultures have not been part of that focus. Moreover, existing research has used a small repertoire of research methods, a repertoire that is more limited than in information systems research in general. Furthermore, an extensive part of the research is descriptive, philosophical or theoretical – lacking a structured use of empirical data – which means that it is quite immature. Research limitations/implications – Findings call for future research that: addresses the effects of different information security cultures; addresses the identified research topics with greater depth; focuses more on generating theories or testing theories to increase the maturity of this subfield of information security research; and uses a broader set of research methods. It would be particularly interesting to see future studies that use intervening or ethnographic approaches because, to date, these have been completely lacking in existing research. Practical implications – Findings show that existing research is, to a large extent, descriptive, philosophical or theoretical. Hence, it is difficult for practitioners to adopt these research results, such as frameworks for cultivating or assessment tools, which have not been empirically validated. Originality/value – Few state-of-the-art reviews have sought to assess the maturity of existing research on information security culture. Findings on types of research methods used in information security culture research extend beyond the existing knowledge base, which allows for a critical discussion about existing research in this sub-discipline of information security.

A framework to assist email users in the identification of phishing attacks

2015 ◽  
Vol 23 (4) ◽  
pp. 370-381 ◽  
Author(s):  
André Lötter ◽  
Lynn Futcher
Keyword(s):  
User Interface ◽  
Focus Group ◽  
Information Security ◽  
Personal Information ◽  
Future Research ◽  
Security Level ◽  
Literature Study ◽  
Content Type ◽  
Phishing Attacks ◽  
Research Students

Purpose – The purpose of this paper is to propose a framework to address the problem that email users are not well-informed or assisted by their email clients in identifying possible phishing attacks, thereby putting their personal information at risk. This paper therefore addresses the human weakness (i.e. the user’s lack of knowledge of phishing attacks which causes them to fall victim to such attacks) as well as the software related issue of email clients not visually assisting and guiding the users through the user interface. Design/methodology/approach – A literature study was conducted in the main field of information security with a specific focus on understanding phishing attacks and a modelling technique was used to represent the proposed framework. This paper argues that the framework can be suitably implemented for email clients to raise awareness about phishing attacks. To validate the framework as a plausible mechanism, it was reviewed by a focus group within the School of Information and Communication Technology (ICT) at the Nelson Mandela Metropolitan University (NMMU). The focus group consisted of academics and research students in the field of information security. Findings – This paper argues that email clients should make use of feedback mechanisms to present security related aspects to their users, so as to make them aware of the characteristics pertaining to phishing attacks. To support this argument, it presents a framework to assist email users in the identification of phishing attacks. Research limitations/implications – Future research would yield interesting results if the proposed framework were implemented into an existing email client to determine the effect of the framework on the user’s level of awareness of phishing attacks. Furthermore, the list of characteristics could be expanded to include all phishing types (such as clone phishing, smishing, vishing and pharming). This would make the framework more dynamic in that it could then address all forms of phishing attacks. Practical implications – The proposed framework could enable email clients to provide assistance through the user interface. Visibly relaying the security level to the users of the email client, and providing short descriptions as to why a certain email is considered suspicious, could result in raising the awareness of the average email user with regard to phishing attacks. Originality/value – This research presents a framework that email clients can use to identify common forms of normal and spear phishing attacks. The proposed framework addresses the problem that the average Internet user lacks a baseline level of online security awareness. It argues that the email client is the ideal place to raise the awareness of users regarding phishing attacks.

Sign in / Sign up

Export Citation Format

Share Document