Search results

This paper aims to identify the critical success factors in improving information security in Ghanaian firms.

Through an exploratory study of both public and private Ghanaian organizations. The study relied on a research model based on the technology–organization–environment (TOE) framework and a survey instrument to collect data from 525 employees. The data was analyzed using partial least squares-structural equation modeling (PLS-SEM).

The findings confirm the role of the technological, organizational and environmental contexts as significant determinants in the implementation of information security in Ghanaian organizations. Results from PLS-SEM analysis demonstrated a positive correlation between the technology component of information security initiative, organization’s internal efforts toward its acceptance and a successful implementation of information security in Ghanaian firms. Top management support and fund allocation among others will result in positive information security initiatives and positive attitudes toward securing the organization’s information assets.

The authors discussed the implications of the authors’ findings for research, practice and policy.

The results of this study will be useful for both governmental and non-governmental organizations in terms of best practices for increasing information security. Results from this study will aid organizations in developing countries to better understand their information security needs and identify the necessary procedures to address them.

This study contributes to filling the knowledge gap in organizational information security research and the TOE framework. Despite the TOE framework being one of the most influential theories in contemporary research of information system domains in an organizational context, there is not enough research linking the domains of information security and the TOE model.

The main goal of this research work is the optimization of the purchasing business process in the Moroccan public sector in terms of transparency and budgetary optimization. The authors have worked on the public university as an implementation field.

The design of the research work followed the design science research (DSR) methodology for information systems. DSR is a research paradigm wherein a designer answers questions relevant to human problems through the creation of innovative artifacts, thereby contributing new knowledge to the body of scientific evidence. The authors have adopted a techno-functional approach. The technical part consists of the development of an intelligent recommendation system that supports the choice of optimal information technology (IT) equipment for decision-makers. This intelligent recommendation system relies on a set of functional and business concepts, namely the Moroccan normative laws and Control Objectives for Information and Related Technology's (COBIT) guidelines in information system governance.

The modeling of business processes in public universities is established using business process model and notation (BPMN) in accordance with official regulations. The set of BPMN models constitute a powerful repository not only for business process execution but also for further optimization. Governance generally aims to reduce budgetary wastes, and the authors' recommendation system demonstrates a technical and methodological approach enabling this feature. Implementation of artificial intelligence techniques can bring great value in terms of transparency and fluidity in purchasing business process execution.

Business limitations: First, the proposed system was modeled to handle one type products, which are computer-related equipment. Hence, the authors intend to extend the model to other types of products in future works. Conversely, the system proposes optimal purchasing order and assumes that decision makers will rely on this optimal purchasing order to choose between offers. In fact, as a perspective, the authors plan to work on a complete automation of the workflow to also include vendor selection and offer validation. Technical limitations: Natural language processing (NLP) is a widely used sentiment analysis (SA) technique that enabled the authors to validate the proposed system. Even working on samples of datasets, the authors noticed NLP dependency on huge computing power. The authors intend to experiment with learning and knowledge-based SA and assess the' computing power consumption and accuracy of the analysis compared to NLP. Another technical limitation is related to the web scraping technique; in fact, the users' reviews are crucial for the authors' system. To guarantee timeliness and reliable reviews, the system has to look automatically in websites, which confront the authors with the limitations of the web scraping like the permanent changing of website structure and scraping restrictions.

The modeling of business processes in public universities is established using BPMN in accordance with official regulations. The set of BPMN models constitute a powerful repository not only for business process execution but also for further optimization. Governance generally aims to reduce budgetary wastes, and the authors' recommendation system demonstrates a technical and methodological approach enabling this feature.

The adopted techno-functional approach enabled the authors to bring information system governance from a highly abstract level to a practical implementation where the theoretical best practices and guidelines are transformed to a tangible application.

Prior research (Harrast, Olsen, & Sun, 2023) analyzes the eight emerging topics to be included in future CPA exams and discusses their importance to career success and appropriate teaching locus in light of survey evidence. They find that the general topic of data analytics is the most important of the eight emerging topics. To further understand the topics most important to career success, this study analyzes subtopics underlying the eight emerging topics. The results show that advanced Excel analysis tools, data visualization, and data extraction, transformation, and loading (ETL) are the most important data analytics subskills for career success according to professionals and that these topics should be both introduced and emphasized in the accounting curriculum. The results provide useful information to educators to prioritize general emerging topics and specific subtopics in the accounting curriculum by taking into account the most pressing needs of the profession.

Many organisations, including professional councils, operate manually to ensure document flow to clients and stakeholders. This results in the loss of valuable documentation such as certificates and the incurring of costs due to the returning of post to the sender. The purpose of this study was to explore digital transformation of document flow at the South African Council for Social Science Professionals.

The methodological approach involved qualitative data collected through interviews, observation and document analysis in response to research questions. The study was a participatory action research project that involved collaboration between researchers and study participants in defining and solving the problem through needs assessment exercise. All three phases of participatory action research were followed, namely, the “look phase”: getting to know stakeholders so that the problem is defined on their terms and the problem definition is reflective of the community context; the “think phase”: interpretation and analysis of what was learned in the “look phase” and the “act phase”: planning, implementing, and evaluating, based on information collected and interpreted in the first two phases.

The study identified various issues relating to poor data quality, high rate of registered postal returns and non-delivery electronic messages that cannot reach all the intended recipients and accumulation of data for decades. In this regard, the study proposes a framework that can be used by SACSSP to update and verify their details on the portal, as well as digital certificates for membership.

Although the proposed framework is tailor-made for the professional council, it is not depended on prescribed technologies due to usage of open standards that can be used by industry and researchers. Therefore, it can be applied in other context where institutions such as universities communicate with many clients via postal or courier services.

The study used participatory action research involving the researchers and the organisation to solve the problem. The study presented a workflow that the council can use to ensure that the documents reach intended recipients. Furthermore, digital transformation of the process will ensure that the registered professionals are able to access their certificates online and can print them when necessary.

This study aims to collect empirical data and observe the type of influences that were causing impact to the implementation of information technology governance (ITG) mechanisms in Malaysia’s technical universities. This study enhanced the understanding on the status of ITG implementation and revealed internal and external influences that were shaping the types of ITG mechanisms implemented within universities and present a new perspective through the lens of resource-based view and continuous improvement.

This study focused on two Malaysia’s technical universities belongs under same university’s network. Five IT leaders involved in the implementations of ITG from each university were interviewed. Qualitative content analysis was used as the main analyzing method to extract categories and themes from the transcripts. Final results were produced after multiple efforts of refining categories and themes in ITG implementations.

The findings revealed that both Malaysia’s technical universities had more soundly implementations in structure mechanisms than relational and process mechanisms. The shaping of implemented mechanisms was influenced by environment surrounding the universities, internally and externally. The findings proposed that the internal and external factors are best addressed with the growth of internal ITG expertise.

This research was conducted on two of Malaysia’s technical universities that were under a university network. Although both universities had presented the exact trend in the type of ITG mechanisms implemented in the universities, more empirical data were needed to further solidify the findings from this study. Other than that, the major respondents for this research were middle-level IT officers and leaders in the universities. Further research could be conducted specifically on top-level managements to further understand the point of views of top managements in the aspect of ITG mechanisms implementations in universities.

This study discussed how each factor could influence the types of ITG mechanisms implemented in Malaysia’s technical universities and concluded the attentions needed to improve the overall environment for ITG implementations in universities through the lens of resource-based view and continuous improvement.

Following the surge of documents laying out organizations' ethical principles for their use of artificial intelligence (AI), there is a growing demand for translating ethical principles to practice through AI governance (AIG). AIG has emerged as a rapidly growing, yet fragmented, research area. This paper synthesizes the organizational AIG literature by outlining research themes and knowledge gaps as well as putting forward future agendas.

The authors undertake a systematic literature review on AIG, addressing the current state of its conceptualization and suggesting future directions for AIG scholarship and practice. The review protocol was developed following recommended guidelines for systematic reviews and the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA).

The results of the authors’ review confirmed the assumption that AIG is an emerging research topic with few explicit definitions. Moreover, the authors’ review identified four themes in the AIG literature: technology, stakeholders and context, regulation and processes. The central knowledge gaps revealed were the limited understanding of AIG implementation, lack of attention to the AIG context, uncertain effectiveness of ethical principles and regulation, and insufficient operationalization of AIG processes. To address these gaps, the authors present four future AIG agendas: technical, stakeholder and contextual, regulatory, and process. Going forward, the authors propose focused empirical research on organizational AIG processes, the establishment of an AI oversight unit and collaborative governance as a research approach.

To address the identified knowledge gaps, the authors present the following working definition of AIG: AI governance is a system of rules, practices and processes employed to ensure an organization's use of AI technologies aligns with its strategies, objectives, and values, complete with legal requirements, ethical principles and the requirements set by stakeholders. Going forward, the authors propose focused empirical research on organizational AIG processes, the establishment of an AI oversight unit and collaborative governance as a research approach.

For practitioners, the authors highlight training and awareness, stakeholder management and the crucial role of organizational culture, including senior management commitment.

For society, the authors review elucidates the multitude of stakeholders involved in AI governance activities and complexities related to balancing the needs of different stakeholders.

By delineating the AIG concept and the associated research themes, knowledge gaps and future agendas, the authors review builds a foundation for organizational AIG research, calling for broad contextual investigations and a deep understanding of AIG mechanisms. For practitioners, the authors highlight training and awareness, stakeholder management and the crucial role of organizational culture, including senior management commitment.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

This paper aims to examine the impact of the assurance and advisory role of internal audit (ADRIA) on organisational, human and technical proactive measures to enhance cybersecurity (CS).

The questionnaire was used to collect data for 97 internal auditors (IAu) from the Gulf Cooperation Council countries. The authors used partial least squares (PLS) to test the hypotheses.

The results show a positive effect of the ADRIA on each of the organisational proactive measures, human proactive measures and technical proactive measures to enhance CS. The study also found a positive effect of the confirmatory role of IA on both human proactive measures and technical proactive measures to enhance CS. No effect of the confirmatory role of IA on the organisational proactive measures is found.

This study focused on only three proactive measures to enhance CS, and this study was limited to the opinions of IAu. In addition, the study was limited to using regression analysis according to the PLS method.

The results of this study show that managers need to consider the influential role of IA as a value-adding activity in reducing CS risks and activating proactive measures. Also, IAu must expand its capabilities, skills and knowledge in CS auditing to provide a bold view of cyber threats. At the same time, the institutions responsible for preparing IA standards should develop standards and guidelines that help IAu to play assurance and advisory roles.

To the best of the authors’ knowledge, this is the first study of its kind that deals with the impact of the assurance and ADRIA on proactive measures to enhance CS. In addition, the study determines the nature of the advisory role and the assurance role of IA to strengthen CS.

This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology.

To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM).

The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables.

This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services.

The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.

This paper aims to explore key management actions for implementing security on the cloud, which is a critical issue as many organizations are moving business processes and data on it. The cloud is a flexible, low cost and highly available technology, but it comes with increased complexity in maintaining the cloud consumer’s security. In this research, a model was built to assist strategic decision-makers in choosing from a diverse range of actions that can be taken to manage cloud security.

Published research from 2010 to 2022 was reviewed to identify alternatives to management actions pertaining to cloud security. Analytical hierarchical process (AHP) was applied to rate the most important action(s). For this, the alternatives, along with selection criteria, were summarized through thematic analysis. To gauge the relative importance of the alternatives, a questionnaire was distributed among cloud security practitioners to poll their opinion. AHP was then applied to the aggregated survey responses.

It was found that the respondents gave the highest importance to aligning information security with business needs. Building a cloud-specific risk management framework was rated second, while the actions: enforce and monitor contractual obligations, and update organizational structure, were rated third and fourth, respectively.

The research takes a general view without catering to specialized industry-based scenarios.

This paper highlights the role of management actions when implementing cloud security. It presents an AHP-based multi-criteria decision-making model that can be used by strategic decision-makers in selecting the optimum mode of action. Finally, the criteria used in the AHP model highlight how each alternative contributes to cloud security.