Search results

The purpose of this study is to demonstrate that Strategic Enterprise Management (SEM) and Business Intelligence (BI) have the potential to integrate management decisions vertically through an organization’s hierarchy. This study also aims to present a design theory framework and build a model dimension using eight principles serving as mid-range theories.

This study uses a design science perspective to posit how organizations can successfully implement SEMBI (a union of SEM and BI). This study then completes the design theory by building the method dimension using two principles. Finally, the study presents testable hypotheses for the theory and an evaluation using stakeholder attitudes and judgments as proxies for objective measures.

In the search for a prescription for SEMBI success, this study finds that the notion of the Capability Maturity Model (CMM) is a good artifact with which to organize the principles the authors are seeking. CMM has since been adapted to suit different contexts by incorporating relevant principles from those domains. Hereafter, this study refers to SEMBI–CMM as the adapted solution for SEMBI's success.

This study coins and uses the term SEMBI to represent the union of SEM and BI. This term retains its distinct identities and principles and forms a holistic and integrated view of SEM and BI implementation strategies. In an effort to advance this line of research, this study employs a design science perspective to address the question of how an organization can successfully implement SEMBI.

This paper presents a method for adapting an Information Security Focus Area Maturity (ISFAM) model to the organizational characteristics (OCs) of a small- and medium-sized enterprise (SME) cluster. The purpose of this paper is to provide SMEs with a tailored maturity model enabling them to capture and improve their information security capabilities.

Design Science Research was followed to design and evaluate the method as a design artifact.

The method has successfully been used to adapt the ISFAM model to a group of SMEs within a regional cluster resulting in a model that is aligned with the OCs of the cluster. Areas for further investigation and improvements were identified.

The study is based on applying the proposed method for the SMEs active in the transport, logistics and packaging sector in the Port of Rotterdam. Future research can focus on different sectors and regions. The method can be used for adapting other focus area maturity models.

The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources.

The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources.

This paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.

The research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.

The investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.

The main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.

As evident from the literature review, the research on cyber security performance is centered on security metrics, maturity models, etc. Essentially, all these are helpful for evaluating the efficiency of cyber security organization but what matters is how the factors of internal efficiency affect the business performance, i.e. the external effectiveness. The purpose of this research paper is to derive the factors of internal efficiency and external effectiveness of cyber security and develop impact model to identify the most and least preferred parameters of internal efficiency with respect to all the parameters of external effectiveness.

There are two objectives for this research: Deriving the factors of internal efficiency and external effectiveness of cyber security; Developing a model to identify the impact of internal efficiency factors on the external effectiveness of cyber security since there is not much evidence of research in defining the factors of internal efficiency and external effectiveness of cyber security, the authors have chosen grounded theory methodology (GTM) to derive the parameters. In this study emic approach of GTM is followed and an algorithm is developed for administering the grounded theory research process. For the second research objective survey methodology and rank order was used to formulate the impact model. Two different samples and questionnaires were designed for each of the objectives.

For the objective 1, 11 factors of efficiency and 10 factors of effectiveness were derived. These are used as independent and dependent variable respectively in the later part of the research for the second objective. For the objective 2 the impact models among independent and dependent variables were formulated to find out the following. Most and least preferred parameters lead to internal efficiency of cyber security organization to identify the most and least preferred parameters of internal efficiency with respect to all the parameters external effectiveness.

The factors of internal efficiency and external effectiveness constructed by using grounded theory cannot remain constant in the long run, because of dynamism of the domain itself. Over and above this, there are inherent limitations of the tools like grounded theory, used in the research. Few important limitations of GTM are as below in grounded theory, it is comparatively difficult to maintain and demonstrate the rigors of research discipline. The sheer volume of data makes the analysis and interpretation complex, and lengthy time consuming. The researchers’ presence during data gathering, which is often unavoidable and desirable too in qualitative research, may affect the subjects’ responses. The subjectivity of the data leads to difficulties in establishing reliability and validity of approaches and information. It is difficult to detect or to prevent researcher-induced bias.

The internal efficiency and external effectiveness factors of cyber security can be further correlated by the future researchers to understand the correlations among all the factors and predict cyber security performance. The grounded theory algorithm developed by us can be further used for qualitative research for deriving theory through abstractions in the areas where there is no sufficient availability of data. Practitioners of cyber security can use this research to focus on relevant areas depending on their respective business objective/requirements. The models developed by us can be used by the future researchers to for various sectoral validations and correlations.

Though the financial costs of a cyber-attack are steep, the social impact of cyber security failures is less readily apparent but can cause lasting damage to customers, employees and the company. Therefore, it is always important to be mindful of how the impact of cyber security affects society as well as the bottom line when they are calculating the potential impact of a breach. Underestimating either impact can destroy a brand. The factor of internal efficiency and external effectiveness derived by us will help stakeholder in focusing on relevant area depending on their business. The impact model developed in this research is very useful for focusing a particular business requirement and accordingly tune the efficiency factor.

During literature study the authors did not find any evidence of application of grounded theory approach in cyber security research. While the authors were exploring research literature to find out some insight into the factor of internal efficiency and external effectiveness of cyber security, the authors did not find concrete and objective research on this. This motivated us to use grounded theory to derive these factors. This, in the authors’ opinion is one of the pioneering and unique contribution to the research as to the authors’ knowledge no researchers have ever tried to use this methodology for the stated purpose and cyber security domain in general. In this process the authors have also developed an algorithm for administering GTM. Further developing impact models using factors of internal efficiency and external effectiveness has lots of managerial and practical implication.

Recent research outputs can be difficult to implement into ongoing safety critical processes. Hence, research is well beyond current practices in railway asset management. This paper demonstrates the process of creating tangible change within a railway asset management organization by introducing a framework for advancing track geometry deterioration analyses (TGDA) in practice.

The research was conducted in three parts: (1) maturity models were reviewed and adapted as the basis for the framework, (2) the initial maturity level was investigated by conducting semi-structured expert interviews, and (3) a framework for development was created in cooperation with stakeholders during three workshops. The methodology and findings were tested and applied in the Finnish state rail network asset management.

The main output of this study is the framework for advancing TGDA in railway asset management. The novel framework provides structure for controlled incremental development, which is essential when altering a safety critical process.

The research process was successfully applied in Finland. Following the steps presented in this article, any organization can apply the framework to plan their development schemes for railway asset management.

Full-scale implementation of novel models and methods is often overlooked, which prevents practical asset management from obtaining tangible benefits from research. This research provides an innovative approach in narrowing the overlooked research gap and brings research results within the reach of practitioners.

Insufficient productivity development in the global and Finnish infrastructure sectors indicates that there are challenges in genuinely achieving the goals of resource efficiency and digitalization. This study adapts the approach of capability maturity model integration (CMMI) for examining the capabilities for productivity development that reveal the enablers of improving productivity in the infrastructure sector.

Civil engineering in Finland was selected as the study area, and a qualitative research approach was adopted. A novel maturity model was constructed deductively through a three-step analytical process. Previous research literature was adapted to form a framework with maturity levels and key process areas (KPAs). KPA attributes and their maturity criteria were formed through a thematic analysis of interview data from 12 semi-structured group interviews. Finally, validation and refinement of the model were performed with an expert panel.

This paper provides a novel maturity model for examining and enhancing the infrastructure sector’s maturity in productivity development. The model brings into discussion the current business logics, relevance of lifecycle-thinking, binding targets and outcomes of limited activities in the surrounding infrastructure system.

This paper provides a new approach for pursuing productivity development in the infrastructure sector by constructing a maturity model that adapts the concepts of CMMI and change management. The model and findings benefit all actors in the sector and provide an understanding of the required elements and means to achieve a more sustainable built environment and effective operations.

This article examines the opportunities to create optimal conditions for individuals with autism, to work successfully within the contemporary workplace and improve their well-being. These opportunities arise from digital technology (DT) development, enabling the work environment to be remodeled by providing new possibilities and ways of working. The author discusses both technology-based as well as non-technological accommodations supporting overcoming the workplace challenges faced by employees with autism.

A qualitative research was conducted with the use of in-depth interviews with 21 individuals with expertise in the field.

Possible technology-based work environment modifications and non-technological managerial practices facilitating work integration and the long-term well-being of individuals with autism were proposed. These solutions address four main problems: (1) effective communication; (2) time management, task prioritizing, and organization of work; (3) stress management and emotion control; and (4) sensory sensitivity.

Proposed solutions include primarily the wide usage of electronic mediated forms of communicating based on non-direct and non-verbal contact; a flexible approach towards work organization; accurate stress monitoring systems; and an individualized approach toward office space arrangements limiting external stimuli.

All this could lead not only to an increase in employment in individuals on the autism spectrum but also influence the improvement of the job performance of already employed. Modifications introduced could improve the long-term well-being of all employees, both with autism and neurotypical ones.

Information systems' security is more critical than ever before since security threats are rapidly growing. Before putting in place information systems' security measures, organizations are required to determine the maturity level of their information security governance. Literature review reveals that there is no recent study on information systems' security maturity level of banks in Ethiopia. This study thus seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators.

Four private banks are selected as a representative sample. The system security engineering capability maturity model (SSE-CMM) is used as the maturity measurement criteria, and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study were gathered using a questionnaire.

A total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations but its existence was not thoroughly proven and institutional inconsistency still exists.

This study seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. This topic has not been attempted previously in the context of Ethiopian financial sector.

The purpose of this paper is to contribute to the understanding of the servitization phenomenon of product-centric companies, by identifying the resources, capabilities and organizational aspects needed to successfully deploy a servitized business model (BM).

By adopting a literature-based approach, this paper develops a servitization maturity model (SeMM) aimed at assessing and positioning companies in the servitization journey. The paper also illustrates the model application to two small and medium-sized enterprises (SMEs), a machinery and a forklift truck company.

The SeMM identifies a set of 85 critical requirements that are used to evaluate the servitization level of product-centric companies, through a specific five-stage measurement scale. The requirements are categorized into: five maturity dimensions (organizational approach, process management, performance management, tools, capabilities) and nine BM Canvas components. The empirical application exemplifies how the SeMM can support managers in identifying and bridging the gaps in their servitization journey.

The SeMM adopts an original bi-dimensional approach and provides an operationalization of the servitization process through the identification of specific critical requirements framed on established BM and maturity dimensions taken from the literature. Moreover, the model responds to a call for research to develop practitioner-oriented tools and guidelines to support the servitization process, in particular for SMEs, and to the need to go beyond to measures of servitization based on indicators about number of services offered or their turnover.

The description of “blockchain banking”, the determination of “the sub-processes” of “blockchain banking” as a “business process”, and the assessment of “maturity level” in Parsian Bank.

Theoretical sources on “blockchain banking” were initially investigated. Then the “sub-processes” of “blockchain banking” as a “business process” were extracted by Parsian Bank's experts through the “Delphi method”. Next, the “sequence” of the “sub-processes” was determined by means of the “AHP”. Eventually, Parsian Bank's maturity levels for all the sub-processes as well as the overall maturity level were specified on the basis of the “CMMI” V1.3 in order for Business Process Management (BPM).

Blockchain banking’ combines traditional banking with cryptocurrencies, which can be provided by merging “hybrid e-wallet” with “bank account” and “bank card” – all together as “crypto bank account”. Plus, “hybrid e-wallet” is a form of mobile e-wallet on blockchain that supports both cryptocurrencies and traditional currencies in the same platform by which the purchase and sale of cryptocurrencies are possible. Besides, “Blockchain banking service” can also be offered within the framework of “open banking” aligned with “open innovation” through a FinTech (or a beta bank) in collaboration with a licensed bank via “open API”, which is called “blockchain banking based on FinTech”. At last, the eight sub-processes of “blockchain banking” were determined and Parsian Bank's “maturity level” was specified.

This is the very first practical guide to “blockchain banking service”.