Contexts in source publication

Context 1
... point out that in the medium term, it should be possible to achieve further benefits. As illustrated in figure 1, we have classified these as: ...
Context 2
... These examples are quoted from interviews. For a summary, see figure 1. ...
Context 3
... interest in information assurance is clearly divided into two dimensions: those whose business is most affected by another company's IA policies are commercial partners within the organisation's value chain, while those who solely influence an organisation's IA are detached from the value chain (see figure 10). ...
Context 4
... information assurance strategy development Figure 11 shows the complexity of developing IA strategy to satisfy multiple perspectives. Combining the elements discussed in previous chapters, it is clear that the idea of top-down strategy for IA is too simplistic to handle all requirements. ...
Context 5
... down from the lenses of IA perception, the strategic action box in figure 11 represents the translation of objectives into policies and plans. The strategic trade-offs are placed here, emphasising that final decisions over conflicts in matters such as resource allocation or stringency of security measures are more effectively made below board level. ...
Context 6
... the left-hand side of figure 11, the conflicts between the influences that external and internal stakeholders put on internal process are bridged through the alignment mechanisms. Stakeholder needs do not always conflict, but they may be impractical or cost-ineffective and therefore require balancing. ...
Context 7
... first part of strategic action is to devise a list of information assurance goals (see figure 14) which must fit with the organisation's corporate strategy. Chapters 3 and 5 show that in order to develop a holistic view of the organisation's IA goals, it is necessary to understand the perspectives of all stakeholders. ...
Context 8
... developing procedures that solve these conflicting requirements, managers can ensure effective alignment between the needs of the business and the need to defend organisational resources. Once managers have resolved these tensions, they can develop the critical success factors required for information assurance (see figure 15). Case study: Developing procedural controls for information assurance A European IT services provider, specialising in business availability, recognised the dilemma faced by its clients in developing procedural controls for IA. ...
Context 9
... resulted in a consensus about ten desirable goals and CSFs pertaining to information assurance (see table 6). As for other options put to the panel, we asked for the CSFs to be given a feasibility rating (shown in figure 16). ...
Context 10
... an awareness of security- consciousness and loyalty towards the organisation among stakeholders has an impact on employee satisfaction, performance management and reward systems. Consequently, constructing metrics from a stakeholder point of view can help IA professionals to devise critical measures that evaluate the appropriate IA systems (see figure 13). ...
Context 11
... benchmarking was seen as an attractive option, the panel of experts were less enthusiastic about its feasibility (see figure 17). Two of the major disadvantages of benchmarking with external companies are the lack of willingness to share information between organisations and the fact that other firms may be located in different business environments and therefore are difficult to compare. ...
Context 12
... two options in figure 17 are above the mid-points for both scales- statement A (providing non-technical reports to the board of directors so that they can understand and approve IA policy) and statement B (identifying different (internal and external) stakeholders' requirements in terms of IA). In other words, both these approaches are seen as both highly desirable and highly feasible and can be introduced into the company with relative ease. ...
Context 13
... a lack of cohesion between the three IA lenses-different perspectives from different parts of the organisation make it impossible to form a single vision of how IA can serve the organisation's needs. In order to develop an effective IA strategy, therefore, these lenses must be brought together to form a single holistic view of information assurance, as illustrated in figure 18. Second, many of our participants reported symptoms of a lack of alignment between IA and corporate strategy. ...

Similar publications

Article
Full-text available
The paper analyzes data of the questionnaire collected from 564 respondents who have graduated from the Faculty of Informatics and Management, University of Hradec Kralove, Czech Republic, since it was established in 1993. The analysis mainly focuses on the quality of study programs, course of study and competences, which graduates developed in the...

Citations

... David Birchall et al. (2004) presented a model for information assurance strategy from different perspectives (see Figure 1.4). The board of directors is the source of strategy, and its implementation necessitates a global response from the enterprise components. ...
Thesis
Full-text available
The study demonstrates the feasibility of COBIT 5-based Information Assurance for Algerian companies. Therefore, it discusses weather these companies are able to meet the goals of COBIT 5-based Information Assurance through achieving its processes. This required data collection using a questionnaire derived from COBIT 5 Balanced Score Card and COBIT 5 Process Reference Model in order to know opinions of employees who are interested in COBIT 5 and Information Assurance. This questionnaire was sent to 150 individuals who work in different companies that act in various sectors. However, only 88 respondents fill this questionnaire. SPSS V23 software used to test the reliability of the questionnaire and data sources, and to treat these data. In order to test the study’s hypotheses, One-Sample Tests were conducted at α = 5%. The results show that Algerian companies are not able to meet all the goals of COBIT 5-based Information Assurance because the processes of COBIT 5-based Information Assurance are not fully achieved. These findings reveal the existence of weaknesses in resources, systems and structures that should be fixed by Algerian companies in order to get COBIT 5 certification for effective Information Assurance. Keywords: COBIT 5, Information Assurance, COBIT 5 Balanced Score Card, COBIT 5 Process Reference Model, COBIT 5 Maturity Model.
... There are several studies on the CSFs of IA implementation within organisations. Birchall et al. [29], stated in their study that the business strategy and strategic direction of the organisation affect IA. Moreover, IA is often only considered a technical problem, but in practice, IA should be approached holistically, which is connected to business and strategy. ...
Conference Paper
Full-text available
Electronic government (eGovernment) services are aimed to improve government services to the public by improving the quality and availability of services that can be accessed regardless of time and place. Consequently, the services must always be available at any time, and any threat to the information and systems should receive attention to ensure business continuity in the event of an incident. Accordingly, in the implementation of eGovernment, information assurance (IA) should be considered. In Indonesia, the implementation of eGovernment is still in the early stage according to the eGovernment roadmap of Indonesia. However, there is no study so far that has focused on IA for eGovernment in Indonesia. Therefore, research on a framework of IA is needed to support the implementation of eGovernment in Indonesia. The aim of this research is to develop an IA framework for eGovernment within the Indonesian context. The development of the framework is divided into four stages, which are identifying the factors from IA international standards for organisations, determining success factors from literature, identifying the challenges, and evaluating and harmonising all the factors categorised into three categories. This research proposes an IA framework, which is expected to assist eGovernment implementation in Indonesia.
... The problem is that too often senior executives agree to it but do not give demonstrable support. They have short attention spans, which makes it hard to communicate the necessity for support (David et al., 2004). ...
Article
Purpose – The purpose of this paper is to focus on studying the concept of “Smart Organization” and providing a comprehensive framework for the various factors as barriers for the smart organization, identifying and classifying the key criterion of these factors based on their direct and indirect relationships. Design/methodology/approach – In this paper an extensive literature survey and experts’ opinion have been used to identify major barriers of smart organization. These barriers are then modeled using interpretative structural modeling (ISM) methodology. The model so developed has been further improved and an integrated model has been developed using fuzzy-MICMAC. Findings – Various barriers of smart organization have been identified and a structural model has been developed for barriers using the ISM methodology. The critical barriers have been found out by fuzzy-MICMAC analysis. The driver power and dependence graph has been plotted for barriers. The barriers are classified into four categories which are, autonomous, linkage, dependent and independent according to their driver power and dependence. From the ISM model and the integrated model, and from further discussions with the experts, it has been found that the barriers “(B1) organizational structure” and “(B6) Managerial actions” are the two most important barriers, every other barrier is directly or indirectly driven by these. Research limitations/implications – The basis of developing the ISM model, i.e, the structural self-interaction matrix is based on experts’ opinion, therefore the result may get influenced if there is any biasing in judging the barriers. The future research scope for this paper will be to test the model generated in this paper. The testing of the model can be done by applying structural equation modeling technique, it has the capability of testing the hypothetical model. Further a framework of smart organizations can be created to find out the smartness of different organizations. Practical implications – The paper can be used by organizations in understanding the barriers in becoming “smart” on the basis of their inter-relationships. This model can help manufacturing organization of North India in understanding the barriers which needs to be worked upon and the inter-relationship among these factors. This model-based study may be helpful in understanding and implementing the practices of smart organization by removing the possible critical barriers. Originality/value – This is the first study to identify the barriers of smart organizations and to develop a model of these barriers using ISM and fuzzy-MICMAC.
... Research has shown that there is a strong correlation between companies that admit to breaches occurring within their confidential information systems and a reduction in their stock market price (Campbell et al., 2003; Ettredge and Richardson, 2003). Thus, information assurance must become a concern from a corporate governance perspective (Ezingeard and Birchall, 2004; National Association of Corporate Directors, 2001; Von Solms, 2001). A number of government reports have been produced over the past decade to encourage boards to ensure that adequate control mechanisms are put in place within their organisations in order to reduce or promote a better understanding of financial risk (for example, the Sarbanes-Oxley Act in the USA, the Higgs report in the UK, the King report in South Africa, le Rapport Bouton in France). ...
... greater benefits are achieved if IS strategy is influenced by business strategy on one hand, but also if business strategy is influenced by IS strategy on the other hand (Teo and King, 1996). Moreover, Birchall et al. (2004) suggest that other stakeholders' views should be considered. For instance, their research found one financial institution that was prepared to accept the cost of a small percentage of fraud rather than investing large sums of money to eliminate all fraud as well as the possibility of alienating customers due to stringent security controls. ...
... Furthermore, explicit roles and responsibilities regarding information assurance procedures should be allocated to all employees. This is important because, as Birchall et al. (2004, p. 47) suggest, " by ...
Article
Full-text available
Purpose – The paper seeks to investigate how the information assurance (IA) efforts of organisations should be aligned with their business strategy. From this analysis, a conceptual model of alignment is presented. This framework shows several organisational factors that can influence alignment. Design/methodology/approach – A number of published works on alignment are discussed in order to develop a conceptual model of IA fit. In addition, Venkatraman's six perspectives of alignment are used as a framework to suggest future research in this area. Findings – The paper presents a definition of information assurance and proposes various reasons why IA is a strategic issue and should be aligned with both IT and corporate strategy. From the literature, a conceptual model illustrating the variables that can influence alignment is presented. Research limitations/implications – A clear conceptualisation of alignment is needed. Six potential research models and associated research questions are proposed. Practical implications – The paper concludes with a number of management and research implications. In looking at the implications for managers, it is argued that any alignment framework should include adequate metrics for checking the strategic fit on a continuous basis. Originality/value – This paper is an initial attempt to fulfil an identified gap in the literature, namely the lack of research undertaken on IA and corporate strategy alignment. It offers practical help for management so that they can improve the fit between IA and business strategy. It also offers several avenues of potential future research using Venkatraman's six perspectives of fit.
Thesis
Information technology has been used in various fields, such as business, health, and education. This includes in government field, which is often called electronic government or eGovernment. In fact, many countries had implemented eGovernment, including Indonesia. The eGovernment initiative is aimed to improve government services to the public by improving the quality and availability of services that can be accessed regardless of time and place. Consequently, the services must always be available at any time, and any threat to the information and systems should receive attention to ensure business continuity in the event of an incident. However, in Indonesia, the implementation of eGovernment is still unsatisfying according to the United Nations eGovernment Development Index 2018. One of the reasons, as stated by the Director of eGovernment of Ministry of Communication and Information of Indonesia, is the information security aspect of eGovernment in Indonesia is still relatively vulnerable. Therefore, in the implementation of eGovernment, information assurance (IA) should be considered. The main purpose of IA is to protect the business by reducing risks associated with information and information systems as well as ensuring business continuity. However, there is no study so far that has focused on IA for eGovernment in Indonesia. For this reason, research on a framework of IA is needed to support the implementation of eGovernment in Indonesia. This research focuses on the development of an IA framework for eGovernment within the Indonesian context. The development of the framework is divided into four stages, which are identifying the factors from international best practices for IA, determining factors from literature, identifying the challenges, and evaluating and harmonising all the factors. The proposed framework is expected to assist eGovernment implementation in Indonesia to achieve eGovernment initiatives in Indonesia. The framework confirmed using the triangulation method by conducting a literature review, experts’ interview, and survey with practitioners in the field of IA, eGovernment, and information security from various institutions in Indonesia. ii The findings show that all the proposed factors in the framework are significant in IA implementation for eGovernment in Indonesia. Moreover, an instrument to measure IA implementation status derived from the confirmed framework was developed and validated. The results show that the instrument is able to assess accurately the status of IA implementation in government organisations in Indonesia and therefore it can be concluded that the framework is feasible to be implemented in Indonesia.
Chapter
This chapter focuses on the collaborative use of computing resources to support decision making in industry. Through the use of middleware for desktop grid computing, the idle CPU cycles available on existing computing resources can be harvested and used for speeding-up the execution of applications that have “non-trivial” processing requirements. This chapter focuses on the desktop grid middleware BOINC and Condor, and discusses the integration of commercial simulation software together with free-to-download grid middleware so as to offer competitive advantage to organizations that opt for this technology. It is expected that the low-intervention integration approach presented in this chapter (meaning no changes to source code required) will appeal to both simulation practitioners (as simulations can be executed faster, which in turn would mean that more replications and optimization are possible in the same amount of time) and management (as it can potentially increase the return on investment on existing resources).
Book
Full-text available
The empirical research in this thesis demonstrates that a shift in the information security paradigm took place, in which information security turns from being a defensive to becoming a progressive, value-adding management tool. Twenty-three interviews conducted in a qualitative study of four cases in the UK, Switzerland and Germany in the banking, telecommunications and software development sectors provide empirical validation for the Internal/ External Function of Corporate Security (IFCS/EFCS) theory. The theory is based on the observation that the function of corporate security has been undergoing important changes due to new possibilities of processing, safeguarding and accessing information, constantly newly emerging risks and technologies, standards and regulations, and an increasing public attention to security issues. A consequence of these changes, the thesis argues, leads to an interrelationship between information security and business strategy. The IFCS/EFCS theory introduces the concept of an internal function and an external function of corporate security using the conceptual framework of responsibility modelling. The internal function comprises what is understood to relate to the classical information risk management that is concerned with defending the existing assets of the organisation. Only the Basel II framework establishes a correlation between operational risk and performance in the financial service industry. The external function circumscribes the technical interface between the internal function and the organisation’s external stakeholders. Organisations use trust and reputation to attract investors and customers and create revenue, gain competitive advantage and improve their performance by marketing information security products and services to their customers. The research further shows that a revenue possibility for organisations emerges when customers perceive security to be within their own responsibility. This perception is determined by legal requirements and the customer’s knowledge, and ethical and cultural background. Different standards and expectations apply to business and retail customers that have different levels of expertise and technical capabilities as well as different security concerns. Additionally, the threat of new entrants, peer group pressure and the internalisation of assets were found to determine the business strategy in the four cases. Against prior assumption, certification was not found to create an added value for organisations. Finally, the theory provides an attribution of the three information security principles - confidentiality, integrity and availability - according to their business related function inside the organisation. Key
Article
Management support is a pre-requisite for any IT security team to survive, evolve and provide value to the organisation. This chapter explains why IT security teams need line, but most importantly, senior management sponsorship, understanding and backing. We link IT security with the concept of information security and operational risk management and we introduce an overarching management initiative in the organisation, enterprise risk management (ERM). We proceed to locate the role of IT security within operational risk management and ERM through a management model presented in this chapter: The “risk house” model.