Search results

1 – 10 of 14
Article
Publication date: 14 February 2019

David Lewis Coss and Gurpreet Dhillon

To effectively develop privacy policies and practices for cloud computing, organizations need to define a set of guiding privacy objectives that can be applied across…

Abstract

Purpose

To effectively develop privacy policies and practices for cloud computing, organizations need to define a set of guiding privacy objectives that can be applied across their organization. It is argued that it is important to understand individuals’ privacy values with respect to cloud computing to define cloud privacy objectives.

Design/methodology/approach

For the purpose of this study, the authors adopted Keeney’s (1994) value-focused thinking approach to identify privacy objectives with respect to cloud computing.

Findings

The results of this study identified the following six fundamental cloud privacy objectives: to increase trust with cloud provider, to maximize identity management controls, to maximize responsibility of information stewardship, to maximize individual’s understanding of cloud service functionality, to maximize protection of rights to privacy, and to maintain the integrity of data.

Research limitations/implications

One limitation is generalizability of the cloud privacy objectives, and the second is research bias. As this study focused on cloud privacy, the authors felt that the research participants’ increased knowledge of technology usage, including that of cloud technology, was a benefit that outweighed risks associated with not having a random selection of the general population. The newness and unique qualities of privacy issues in cloud computing are better fitted to a qualitative study where issues can emerge naturally through a holistic approach opposed to trying to force fit an existing set of variables or constructs into the context of privacy and cloud computing.

Practical implications

The findings of this research study can be used to assist management in the process of formulating a cloud privacy policy, develop cloud privacy evaluation criteria as well as assist auditors in developing their privacy audit work plans.

Originality/value

Currently, there is little to no guidance in the literature or in practice as to what organizations need to do to ensure they protect their stakeholders privacy in a cloud computing environment. This study works at closing this knowledge gap by identifying cloud privacy objectives.

Details

Information & Computer Security, vol. 27 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 11 June 2018

Kane J. Smith, Gurpreet Dhillon and Karin Hedström

In this paper, using values of individuals in a Swedish health-care organization, electronic identity management objectives related to security are defined.

Abstract

Purpose

In this paper, using values of individuals in a Swedish health-care organization, electronic identity management objectives related to security are defined.

Design/methodology/approach

By using value-focused thinking, eliciting values from interviews of three groups of health-care staff’s objective hierarchies for three stakeholder groups are identified and defined. Objective hierarchies allow comparison across multiple stakeholder groups such that strategic objectives for identity management can be compared and contrasted.

Findings

This qualitative investigation, which used value-focused thinking, revealed 94 subobjectives, grouped into 12 fundamental and 14 means objectives, which are essential for developing measures that address potential value conflicts in a health-care organization around electronic identity management. The objectives developed in this study are grounded socioorganizationally and provide a way forward in developing measures aimed to reducing potential conflicts at a policy level.

Originality/value

In a final synthesis, congruence (or lack thereof) in the electronic identity management approach for a Swedish health organization is suggested. This also creates a foundation to evaluate and weight different objectives for strategic decision management.

Details

Information & Computer Security, vol. 26 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Article
Publication date: 2 October 2019

Kane J. Smith and Gurpreet Dhillon

Blockchain holds promise as a potential solution to the problem of cybersecurity in financial transactions. However, difficulty exists for both the industry and…

Abstract

Purpose

Blockchain holds promise as a potential solution to the problem of cybersecurity in financial transactions. However, difficulty exists for both the industry and organizations in assessing this potential solution. Hence, it is important to understand how organizations in the financial sector can address these concerns by exploring blockchain implementation for financial transactions in the context of cybersecurity. To do this, the problem question is threefold: first, what objectives are important based on the strategic values of an organization for evaluating cybersecurity to improve the security of financial transactions? Second, how can they be used to ensure the cybersecurity of financial transactions in a financial organization? Third, how can these objectives be used to evaluate blockchain as a potential solution for enhancing the cybersecurity of organizations in the financial sector relative to existing cybersecurity methods? The paper aims to discuss this issue.

Design/methodology/approach

To accomplish this goal we utilize Keeney’s (1992) multi-objective decision analytics technique, termed value-focused thinking (VFT), to demonstrate how organizations can assess a blockchain solution’s value to maximize value-add within financial organization.

Findings

The presented model clearly demonstrates the viability of using Keeney’s (1992) VFT technique as a multi-criteria decision analysis tool for assessing blockchain technology. Further, a clear explanation of how this model can be extended and adapted for individual organizational use is provided.

Originality/value

This paper engages both the academic literature as well as an expert panel to develop an assessment model for blockchain technology related to financial transactions by providing a useful method for structuring the decision-making process of organizations around blockchain technology.

Details

Managerial Finance, vol. 46 no. 6
Type: Research Article
ISSN: 0307-4358

Keywords

Article
Publication date: 1 March 2001

Gurpreet Dhillon, David Coss and Ray Hackney

In interpreting the role of disruptive technologies in the relative success and failure of firms, this paper uses Christensen’s principles to review the strategies of…

4891

Abstract

In interpreting the role of disruptive technologies in the relative success and failure of firms, this paper uses Christensen’s principles to review the strategies of Amazon.com and Barnes & Nobel. The core argument of the paper is based on the assertion that firms that fail to recognize the uniqueness of a disruptive technology fall short of succeeding in their line of business. The argument is conducted by reviewing the various aspects of disruptive technology, as they relate to the business of selling books online. In a final synthesis, insights based on occurrences within the US e‐business context are presented.

Details

Logistics Information Management, vol. 14 no. 1/2
Type: Research Article
ISSN: 0957-6053

Keywords

Content available
Article
Publication date: 1 June 2004

Gurpreet Dhillon

261

Abstract

Details

Business Process Management Journal, vol. 10 no. 3
Type: Research Article
ISSN: 1463-7154

Article
Publication date: 9 February 2010

Mário Caldeira and Gurpreet Dhillon

The purpose of this paper is to present organizational competencies for gaining information technology (IT) benefits within organizations. Following the analysis of 16…

1947

Abstract

Purpose

The purpose of this paper is to present organizational competencies for gaining information technology (IT) benefits within organizations. Following the analysis of 16 in‐depth case studies, a set of six high level, fundamental competencies and 17 facilitating competencies are identified. A framework for orchestrating the organizational competencies is also presented. The results of this research would be useful to academics in developing measures for assessing the level of organizational competence and for practitioners in identifying and nurturing competencies for organizational benefits realization.

Design/methodology/approach

The methodology involved two phases. Phase 1 entailed conducting 16 extensive case studies. Case study methodology employed follows guidelines provided by Yin and Benbasat et al. Case studies are a suitable means to collect the data since the notion of competencies in delivering IT benefits has not been well understood in the literature. By analyzing and understanding the particular situation and factors in each organization in an in‐depth manner, the paper develops a sound interpretation of the abilities that organizations need to have in place to deliver IT benefits.

Findings

In order to gain business benefits from IT investments, organizations must develop competencies to exploit IT. These competencies involve individual skills and organizational processes that enable those skills to be effectively applied. This paper identifies 23 competencies categorized into fundamental and facilitating competencies that firms need to have in place if IT services are to be delivered adequately and business benefits achieved. Also developed is a network of competences based on the data collected in the 16 cases studied.

Research limitations/implications

Like any research, this paper has its limitations. Given the qualitative and interpretive nature of the research, a lot of assertions are interpretations of the authors. While in the literature, this has been argued as a valid way to undertake research, clearly there are biases that creep into the research.

Practical implications

The model of competencies presented forms a good basis for enterprises to fine‐tune their abilities for harnessing IT.

Originality/value

While management researchers have been researching the notion of organizational competence for a while, it has not been well considered in the information systems arena; it is felt that this research makes a positive contribution to that effect.

Details

Business Process Management Journal, vol. 16 no. 1
Type: Research Article
ISSN: 1463-7154

Keywords

Article
Publication date: 1 October 1999

Gurpreet Dhillon

This paper argues that many of the losses owing to computer‐related fraud could be avoided if organizations adopt a more pragmatic approach in dealing with such incidents…

5091

Abstract

This paper argues that many of the losses owing to computer‐related fraud could be avoided if organizations adopt a more pragmatic approach in dealing with such incidents. The paper suggests that in implementing controls, both within organizations and computer systems, a balanced approach be adopted. Such an approach should place equal emphasis on technical, formal and informal interventions. The argument is conducted by reviewing the nature of security breaches that have taken place in different parts of the world.

Details

Information Management & Computer Security, vol. 7 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 October 2000

Gurpreet Dhillon and Mário Caldeira

The aim of this paper is to develop an understanding of the adoption and use of EDI in the Portuguese clothing and textile industry. The inherent argument is that although…

911

Abstract

The aim of this paper is to develop an understanding of the adoption and use of EDI in the Portuguese clothing and textile industry. The inherent argument is that although such inter‐organizational systems in small and medium‐sized enterprises facilitate competitiveness through collaboration, the successful deployment of such systems is not solely a function of transaction costs and the resource base of an organization, as has been argued in the literature. In fact the values and attitudes of senior management play a critical role in the adoption of inter‐organizational systems. Various issues are analyzed by critically reviewing the literature, which has traditionally focused either on reducing transaction costs or managing the resource base. The argument of this paper is conducted by evaluating managers’ beliefs and attitudes towards the use of EDI within the Portuguese clothing and textile industry.

Details

Information Management & Computer Security, vol. 8 no. 4
Type: Research Article
ISSN: 0968-5227

Keywords

Article
Publication date: 1 April 1997

Gurpreet Dhillon and Ray Hackney

Argues that by interpreting the semantic content of different actions, it will be possible to draw boundaries between those aspects of a system that can be computerized…

1534

Abstract

Argues that by interpreting the semantic content of different actions, it will be possible to draw boundaries between those aspects of a system that can be computerized and those that will best serve the purpose if left alone. This will dissuade systems developers from being caught in the technology trap. The argument is conducted in the context of developing IT‐based medical thesauri for drug use management.

Details

Health Manpower Management, vol. 23 no. 2
Type: Research Article
ISSN: 0955-2065

Keywords

Article
Publication date: 1 December 2000

Sanjeev Phukan and Gurpreet Dhillon

The purpose of this paper is to study the beliefs and attitudes of small‐ and medium‐sized enterprises (SMEs) toward the ethical use of information technology (IT). This…

2316

Abstract

The purpose of this paper is to study the beliefs and attitudes of small‐ and medium‐sized enterprises (SMEs) toward the ethical use of information technology (IT). This research in progress paper presents findings from an “ethics survey” conducted in the USA. The initial data presented here suggest that even though IT has become an integral part of the US SMEs, there is a clear lack of awareness of basic ethical issues. The participants on this survey did not seem to understand the importance of their moral and ethical responsibilities in the use of IT. In a follow‐up of this study, we hope to extend and use the initial findings to conduct focused in‐depth interviews with some of the survey participants. In a subsequent stage we wish to conduct a similar research for large enterprises, so as to compare and contrast the extent of IT related ethical practices in businesses.

Details

Information Management & Computer Security, vol. 8 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 10 of 14