Porters’ Elements for a Business Information Security Strategy

Group Support for the Board’s Involvement in a Smart Security Decision-making Process Decision making during business meetings is an elusive phenomenon for a couple of reasons. Business meetings have been defined as “…a gathering where people speak up, say nothing, and then all disagree.” In general, the main objectives of meetings are to facilitate and enable decision makers in exchanging knowledge, discussing complex topics and monitoring large projects, and this all happens under pressure and amid uncertainties...

DIGITAL TRANSFORMATION FRAMEWORK: EXCELLENCE OF THINGS (EoT) FOR BUSINESS EXCELLENCE, 2019

The entire digital ecosystem is disrupted due to disruptive innovation. Digital Transformation (DT) is the way of enabling business with innovative technology to either disrupt others in the ecosystem or protect digital firm itself from disruption. Digital firms can either be failure or success based on how they approach DT because DT is now at the heart of the business model of a digital firm. In the 21st century, organizations incline to the implementation of DT which is an exceptional means of achieving business excellence (BE) to achieve outstanding quality. Inspired by IoT’s “of the things” concept, DT based excellence framework, “EoT – Excellence of Things” can be developed that also utilizes frameworks, platforms, services and best practices related to BE for adding value in digital firms. Thus, this study explores a theoretical model of DT based BE. Also, the meaning of EoT for digital firms and the components of DT based BE is explored through an in-depth interview. Delphi method has been applied as a tool for data collection from a panel of experts who are chosen from a different educational and professional background. They are from several industries too. The responses acquired from the open-ended questions are run by Nvivo application. The analysis generated a few ‘drivers’ that influence a digital firm to achieve EoT. Moreover, based on EoT framework discussed in this thesis, there are three enablers such as Corporate of Things (CoT), Lean of Things (LoT) and Data of Things (DoT). As per the participants’ responses, the significant aspects of EoT that have to be taken care off during implementation of EoT to add value to a digital firm are supportive Organizational Culture (38%), Process Driven (23%), Strong Leadership (14%), Employee Motivation (8%), Quality Management (6%) and Excepting Digital Transformation (6%). However, other factors such as Management Commitment (2%) and Transparency (3%) are also considered as aspects of EoT implementation. Finally, the relationship of drivers, integration of three enablers is discussed elaborately. The findings have implications in four principles of EoT framework. Lastly, an EoT Reference Model (ERM) has been generated from the analysis. Other implications have been discussed too.

2009

Sobeys Inc., abandoned an $89 million SAP implementation, taking an after-tax charge of $49.9 million, or $0.82 per share. 2 Sydney Water, a public utilities company in Australia, abandoned a customer relationship management and billing system in 2002, with an estimated write off of AUD $61 million. The auditor-general for New South Wales wrote a scathing report, criticizing its Board for failing to exercise proper oversight.

Proceedings of the 8th International Conference on Innovation and Knowledge Management in Asia Pacific (IKMAP)

Repeated information security (InfoSec) incidents have been haunting the confidence of people on how well enterprises have been maintaining the confidentiality, integrity, and availability (CIA) of their InfoSec systems. Most organizations adopt information system control framework such as ISO27001 and COBIT, requiring regular audits by either internal or external channels. Most audits combine the use of check-list based quantitative and qualitative procedures, focusing on how well the auditee has met the criteria of the audit, including the knowledge level of stakeholders. Nonetheless, such traditional audits do not adopt the contemporary knowledge management methodology such as those suggested by Nonaka and do not explore on how knowledge may contribute toward the maturity of InfoSec. Knowledge-audit (KA) helps businesses to identify what knowledge and information are needed to achieve the business goal. However, there has been little research about applying KA in InfoSec audit. Sizable companies would use information technology governance (ITG) as an organizational vehicle to drive and leverage the proper deliverable of information systems and security functions. This research intends to develop an ITG driven Knowledge Framework (ITGKF) which is expected to reinforce the InfoSec maturity as well as auditability of enterprises. Moreover, it tries to assess whether ITG can embrace proper knowledge circulation within the InfoSec community. Based on the framework, we will offer some recommendations on how to conduct knowledge-audit for InfoSec (KA-InfoSec) as a supplement. The framework and the recommendations should provide enterprises additional dimensions and alternatives, based on knowledgecentric ideology, on how knowledge can be a critical factor for InfoSec maintenance.

Springer, 2019

Implementing and maintaining Business Information Security (BIS) is cumbersome. Frameworks and models are used to implement BIS, but these are perceived as complex and hard to maintain. Most companies still use spreadsheets to design, direct and monitor their information security improvement plans. Regulators too use spreadsheets for supervision. This paper reflects on ten years of Design Science Research (DSR) on BIS and describes the design and engineering of an artefact which can emancipate boards from silo-based spreadsheet management and improve their visibility, control and assurance via an integrated dash-boarding and reporting tool. Three cases are presented to illustrate the way the artefact, of which the realisation is called the Securimeter, works. The paper concludes with an in-depth comparison study acknowledging 91% of the core BIS requirements being present in the artefact.

Cloud computing has gained mass popularity in the business environment. However, this technology also imposes some risk concerns, such as weak protection to security and privacy. Since its nature of distant and remote connectivity, the auditing process to this technology becomes challengeable. This paper focuses on issues related to cloud computing risk and audit tasks.

COBIT (Control Objective for Information and Related Technology) has become one of the most important frameworks for information technology governance (ITG), which provides organizations with a useful guidelines tool to initially evaluate their own ITG systems. COBIT initiates ITG framework and supporting toolset that allows IT managers to join mismatch between control requirements, technical issues and business risks. The purpose of this study is to look at the phenomenon of the use of IT formalities, audit, responsibility and accountability in the implementation of the COBIT framework to management at Mulawarman State University, Samarinda, East Kalimantan, Indonesia. The targeted population of the research includes the Chancellor's Office, 14 faculties, three bureaus, and the Distance Learning Center. An experimental survey, using a self-administered questionnaire, will be conducted to achieve the objectives. Questionnaire will be distributed to a sample population and will b...

Control Objectives for Information and Related Technology (COBIT) becomes very popular in recent years and is regarded as the most comprehensive IT governance framework. However, its actual utilization and effectiveness are not clear due to the lack of academic studies. Also, the proliferation of other IT standards and best practices, such as ISO27000 series and ITIL, creates great challenges for organizations to understand their relations and to take advantage of them. The main objective of this research is to explore the practicability of COBIT framework and its actual usage in established IT environment.

Proceeding BIMP-EAGA-UMS (Brunei-Indonesia-Malaysia-Philippines East-ASEAN Growth Area), 2012

COBIT (Control Objective for Information and Related Technology) has become one of the most important frameworks for information technology governance (ITG), which provides organizations with a useful guidelines tool to initially evaluate their own ITG systems. COBIT initiates ITG framework and supporting toolset that allows IT managers to join mismatch between control requirements, technical issues and business risks. The purpose of this study is to look at the phenomenon of the use of IT formalities, audit, responsibility and accountability in the implementation of the COBIT framework to management at Mulawarman State University, Samarinda, East Kalimantan, Indonesia. The targeted population of the research includes the Chancellor’s Office, 14 faculties, three bureaus, and the Distance Learning Center. An experimental survey, using a self-administered questionnaire, will be conducted to achieve the objectives. Questionnaire will be distributed to a sample population and will be collected and analyzed using Statistical Package for Social Science (SPSS) version 16. This study intends to analyze the constraints in optimizing the utilization of IT resources that are implemented by using the COBIT framework as a standard at the Mulawarman State University.