Search results

The purpose of this study is to demonstrate that Strategic Enterprise Management (SEM) and Business Intelligence (BI) have the potential to integrate management decisions vertically through an organization’s hierarchy. This study also aims to present a design theory framework and build a model dimension using eight principles serving as mid-range theories.

This study uses a design science perspective to posit how organizations can successfully implement SEMBI (a union of SEM and BI). This study then completes the design theory by building the method dimension using two principles. Finally, the study presents testable hypotheses for the theory and an evaluation using stakeholder attitudes and judgments as proxies for objective measures.

In the search for a prescription for SEMBI success, this study finds that the notion of the Capability Maturity Model (CMM) is a good artifact with which to organize the principles the authors are seeking. CMM has since been adapted to suit different contexts by incorporating relevant principles from those domains. Hereafter, this study refers to SEMBI–CMM as the adapted solution for SEMBI's success.

This study coins and uses the term SEMBI to represent the union of SEM and BI. This term retains its distinct identities and principles and forms a holistic and integrated view of SEM and BI implementation strategies. In an effort to advance this line of research, this study employs a design science perspective to address the question of how an organization can successfully implement SEMBI.

This paper presents a method for adapting an Information Security Focus Area Maturity (ISFAM) model to the organizational characteristics (OCs) of a small- and medium-sized enterprise (SME) cluster. The purpose of this paper is to provide SMEs with a tailored maturity model enabling them to capture and improve their information security capabilities.

Design Science Research was followed to design and evaluate the method as a design artifact.

The method has successfully been used to adapt the ISFAM model to a group of SMEs within a regional cluster resulting in a model that is aligned with the OCs of the cluster. Areas for further investigation and improvements were identified.

The study is based on applying the proposed method for the SMEs active in the transport, logistics and packaging sector in the Port of Rotterdam. Future research can focus on different sectors and regions. The method can be used for adapting other focus area maturity models.

The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources.

The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources.

This paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.

The research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.

The investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.

The main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.

As evident from the literature review, the research on cyber security performance is centered on security metrics, maturity models, etc. Essentially, all these are helpful for evaluating the efficiency of cyber security organization but what matters is how the factors of internal efficiency affect the business performance, i.e. the external effectiveness. The purpose of this research paper is to derive the factors of internal efficiency and external effectiveness of cyber security and develop impact model to identify the most and least preferred parameters of internal efficiency with respect to all the parameters of external effectiveness.

There are two objectives for this research: Deriving the factors of internal efficiency and external effectiveness of cyber security; Developing a model to identify the impact of internal efficiency factors on the external effectiveness of cyber security since there is not much evidence of research in defining the factors of internal efficiency and external effectiveness of cyber security, the authors have chosen grounded theory methodology (GTM) to derive the parameters. In this study emic approach of GTM is followed and an algorithm is developed for administering the grounded theory research process. For the second research objective survey methodology and rank order was used to formulate the impact model. Two different samples and questionnaires were designed for each of the objectives.

For the objective 1, 11 factors of efficiency and 10 factors of effectiveness were derived. These are used as independent and dependent variable respectively in the later part of the research for the second objective. For the objective 2 the impact models among independent and dependent variables were formulated to find out the following. Most and least preferred parameters lead to internal efficiency of cyber security organization to identify the most and least preferred parameters of internal efficiency with respect to all the parameters external effectiveness.

The factors of internal efficiency and external effectiveness constructed by using grounded theory cannot remain constant in the long run, because of dynamism of the domain itself. Over and above this, there are inherent limitations of the tools like grounded theory, used in the research. Few important limitations of GTM are as below in grounded theory, it is comparatively difficult to maintain and demonstrate the rigors of research discipline. The sheer volume of data makes the analysis and interpretation complex, and lengthy time consuming. The researchers’ presence during data gathering, which is often unavoidable and desirable too in qualitative research, may affect the subjects’ responses. The subjectivity of the data leads to difficulties in establishing reliability and validity of approaches and information. It is difficult to detect or to prevent researcher-induced bias.

The internal efficiency and external effectiveness factors of cyber security can be further correlated by the future researchers to understand the correlations among all the factors and predict cyber security performance. The grounded theory algorithm developed by us can be further used for qualitative research for deriving theory through abstractions in the areas where there is no sufficient availability of data. Practitioners of cyber security can use this research to focus on relevant areas depending on their respective business objective/requirements. The models developed by us can be used by the future researchers to for various sectoral validations and correlations.

Though the financial costs of a cyber-attack are steep, the social impact of cyber security failures is less readily apparent but can cause lasting damage to customers, employees and the company. Therefore, it is always important to be mindful of how the impact of cyber security affects society as well as the bottom line when they are calculating the potential impact of a breach. Underestimating either impact can destroy a brand. The factor of internal efficiency and external effectiveness derived by us will help stakeholder in focusing on relevant area depending on their business. The impact model developed in this research is very useful for focusing a particular business requirement and accordingly tune the efficiency factor.

During literature study the authors did not find any evidence of application of grounded theory approach in cyber security research. While the authors were exploring research literature to find out some insight into the factor of internal efficiency and external effectiveness of cyber security, the authors did not find concrete and objective research on this. This motivated us to use grounded theory to derive these factors. This, in the authors’ opinion is one of the pioneering and unique contribution to the research as to the authors’ knowledge no researchers have ever tried to use this methodology for the stated purpose and cyber security domain in general. In this process the authors have also developed an algorithm for administering GTM. Further developing impact models using factors of internal efficiency and external effectiveness has lots of managerial and practical implication.

Recent research outputs can be difficult to implement into ongoing safety critical processes. Hence, research is well beyond current practices in railway asset management. This paper demonstrates the process of creating tangible change within a railway asset management organization by introducing a framework for advancing track geometry deterioration analyses (TGDA) in practice.

The research was conducted in three parts: (1) maturity models were reviewed and adapted as the basis for the framework, (2) the initial maturity level was investigated by conducting semi-structured expert interviews, and (3) a framework for development was created in cooperation with stakeholders during three workshops. The methodology and findings were tested and applied in the Finnish state rail network asset management.

The main output of this study is the framework for advancing TGDA in railway asset management. The novel framework provides structure for controlled incremental development, which is essential when altering a safety critical process.

The research process was successfully applied in Finland. Following the steps presented in this article, any organization can apply the framework to plan their development schemes for railway asset management.

Full-scale implementation of novel models and methods is often overlooked, which prevents practical asset management from obtaining tangible benefits from research. This research provides an innovative approach in narrowing the overlooked research gap and brings research results within the reach of practitioners.

Insufficient productivity development in the global and Finnish infrastructure sectors indicates that there are challenges in genuinely achieving the goals of resource efficiency and digitalization. This study adapts the approach of capability maturity model integration (CMMI) for examining the capabilities for productivity development that reveal the enablers of improving productivity in the infrastructure sector.

Civil engineering in Finland was selected as the study area, and a qualitative research approach was adopted. A novel maturity model was constructed deductively through a three-step analytical process. Previous research literature was adapted to form a framework with maturity levels and key process areas (KPAs). KPA attributes and their maturity criteria were formed through a thematic analysis of interview data from 12 semi-structured group interviews. Finally, validation and refinement of the model were performed with an expert panel.

This paper provides a novel maturity model for examining and enhancing the infrastructure sector’s maturity in productivity development. The model brings into discussion the current business logics, relevance of lifecycle-thinking, binding targets and outcomes of limited activities in the surrounding infrastructure system.

This paper provides a new approach for pursuing productivity development in the infrastructure sector by constructing a maturity model that adapts the concepts of CMMI and change management. The model and findings benefit all actors in the sector and provide an understanding of the required elements and means to achieve a more sustainable built environment and effective operations.