Search results

Situation awareness theory is a primary mean to take decisions and actions in a dynamically changing environment. Nowadays, to implement situation awareness, theories and models in organizational scenarios have become an important research challenge. The purpose of this paper is to investigate the relationship between the situation awareness theory and cybernetics. Further, the aim is to use this relationship to check the feasibility of situation awareness-based information security risk management (ISRM) implementation in the organizational scenario.

To investigate the relationship between situation awareness theory and cybernetics, Endsley’s situation awareness theory and Norbert Wiener’s cybernetics concepts and philosophy have been used in the present work. For a detailed study, concepts, techniques and philosophy of the cybernetics have been extracted from the thesis of Norbert Wiener titled “The human use of human beings” and “Cybernetics or control and communication in the animal and the machine”.

The present paper demonstrates that relationship can be successfully established between cybernetics and situation awareness theory. Further, this relationship can be used to solve organizational implementation issues related to situation awareness based systems. To demonstrate relationship and solutions of implementation issues, two case studies related to ISRM are also incorporated in the present case study.

The present work bridges two parallel and prominent theories of situation awareness and cybernetics. It also demonstrates that combination of both the theories can be used to feasibly implement situation awareness based systems in organizations.

An intelligent supplier relationship management system (ISRMS) integrating a company’s customer relationship management (CRM) system, supplier rating system (SRS) and product coding system (PCS) by the case based reasoning (CBR) technique to select preferred suppliers during the new product development (NPD) process is discussed. By using ISRMS in Honeywell Consumer Product (Hong Kong) Limited, it is found that the outsource cycle time from the searching of potential suppliers to the allocation of order, as well as the delay in delivery of goods of suppliers after order allocation, are greatly reduced. In addition, performance of suppliers can be monitored effectively.

The study aims to revisit six previously defined challenges in information security risk management to provide insights into new challenges based on current practices.

The study is based on an empirical study consisting of in-depth interviews with representatives from public sector organisations. The data were analysed by applying a practice-based view, i.e. the lens of knowing (or knowings). The results were validated by an expert panel.

Managerial and organisational concerns that go beyond a technical perspective have been found, which affect the ongoing social build-up of knowledge in everyday information security work..

The study has delimitation as it consists of data from four public sector organisations, i.e. statistical analyses have not been in focus, while implying a better understanding of what and why certain actions are practised in their security work.

The new challenges that have been identified offer a refined set of actionable advice to practitioners, which, for example, can support cost-efficient decisions and avoid unnecessary security trade-offs.

Information security is increasingly relevant for organisations, yet little is still known about how related risks are handled in practice. Recent studies have indicated a gap between the espoused and the actual actions. Insights from actual, situated enactment of practice can advise on process adaption and suggest more fit approaches.

In this paper, a server‐based enterprise collaborative management system using enterprise application integration technology is developed for trial implementation at Honeywell Consumer Products (Hong Kong) Limited, in the area of supplier relationship management. The system facilitates supplier selection using an integrative case‐based supplier selection and help desk approach to select the most appropriate suppliers, based on their past performance records from a case‐based warehouse. Discusses a case study to integrate Honeywell's supplier rating system and product coding system by case‐based reasoning technique to select preferred suppliers during the new product development process. Finds that the outsource cycle time from the searching of potential suppliers to the allocation of orders is greatly reduced while performance of suppliers can be monitored simultaneously.

In increasingly competitive markets, customer satisfaction is a vital corporate objective. Key elements to increasing customer satisfaction include producing consistently high‐quality products and providing high‐quality customer service. Also, supplier relationship management (SRM) contributes to the supplier selection and increases the competitive advantage of manufacturers. SRM can enhance customer satisfaction and increase market share. Thus the development of a customer‐SRM system in the areas of outsourcing is essential for a company to remain competitive. Discusses an intelligent customer‐SRM system (ISRMS), using case‐based reasoning to help solve problems such as supplier selection and the help desk problem‐solving approach. By using ISRMS, companies can select the most suitable suppliers from the supplier list, as well as establishing a good customer‐supplier relationship between parties.

The purpose of this paper is to develop and test a research model that looks at the direct impact of information technology (IT) capabilities on firm performance and the mediating effects of the information security management system (ISMS) on this relationship.

The study uses a hypothetico-deductive approach based on quantitative data collected from 136 surveyed professionals in the field of IS, IT and the related security environment.

The results confirm the direct impact of IT capabilities on firm performance and the mediating effects of ISMS on this relationship.

The study draws on the resource-based view theory to develop a model that assesses the direct impact of IT capabilities on firm performance and the mediating effects of ISMS on this relationship in Cameroon, a developing country in Africa.

The determination of mode-I fracture toughness of brittle structural materials by means of the notched Brazilian disc configuration is studied. Advantage is taken of a recently introduced analytical solution and, also, of data provided by an experimental protocol with notched marble specimens under diametral compression using the loading device suggested by International Society for Rock Mechanics (ISRM) and also the three-dimensional digital image correlation (3D-DIC) technique.

The analytical solution highlighted the role of geometrical factors, like, for example, the width of the notch, which are usually disregarded. The data of the experimental protocol were comparatively considered with those concerning the response of the specific material under uniaxial tensile load.

This combined study provided interesting data concerning some open issues, as it is the exact crack initiation point and the level of the critical load causing crack initiation. It was definitely indicated that the crack initiation point is not a priori known (even for notched specimens) and, also, that the maximum recorded load does not correspond by default to the critical load responsible for the onset of catastrophic macroscopic fracture.

It was suggested that the load considered critical one for the determination of mode-I fracture toughness K_IC is erroneous. At a load equal to about 70% of the maximum one, a process zone is formed (zone of non-reversible phenomena) around the notch's crown, designating termination of the validity of any linear elastic solution used to determine the normalized stress intensity factors (SIFs). Moreover, at a load level equal to about 95% of the macroscopically observed fracture load, crack propagation has already begun. Therefore, the experimental procedure must be monitored with additional equipment, providing an overview of the displacement field developed during loading.

This study aims to argue that in the case of quantitative security risk assessment, individuals do not estimate probabilities as a likelihood measure of event occurrence.

The study uses the most commonly used quantitative assessment approach, the annualized loss expectancy (ALE), to support the three research hypotheses.

The estimated probabilities used in quantitative models are subjective.

The ALE model used in security risk assessment, although it is presented in the literature as quantitative, is, in fact, qualitative being influenced by bias.

The study provides a factual basis showing that quantitative assessment is neither realistic nor practical to the real world.

A model that cannot be tested experimentally is not a scientific model. In fact, the probability used in ISRM is an empirical probability or estimator of a probability because it estimates probabilities from experience and observation.

Opportunities for malicious cyber activities have expanded with the globalisation and advancements in information and communication technology. Such activities will increasingly affect the security of businesses with online presence and/or connected to the internet. Although the real estate sector is a potential attack vector for and target of malicious cyber activities, it is an understudied industry. This paper aims to contribute to a better understanding of the information security threats, awareness, and risk management standards currently employed by the real estate sector in South Australia.

The current study comprises both quantitative and qualitative methodologies, which include 20 survey questionnaires and 20 face-to-face interviews conducted in South Australia.

There is a lack of understanding about the true magnitude of malicious cyber activities and its impact on the real estate sector, as illustrated in the findings of 40 real estate organisations in South Australia. The findings and the escalating complexities of the online environment underscore the need for regular ongoing training programs for basic online security (including new cybercrime trends) and the promotion of a culture of information security (e.g. when using smart mobile devices to store and access sensitive data) among staff. Such initiatives will enable staff employed in the (South Australian) real estate sector to maintain the current knowledge of the latest cybercrime activities and the best cyber security protection measures available.

This is the first academic study focusing on the real estate organisations in South Australia. The findings will contribute to the evidence on the information security threats faced by the sector as well as in develop sector-specific information security risk management guidelines.

The aim of this study is to encourage management boards to recognize that employees play a major role in the management of information security. Thus, these issues need to be addressed efficiently, especially in organizations in which data are a valuable asset.

Before developing the instrument for the survey, first, effective measurement built upon existing literature review was identified and developed and the survey questionnaires were set according to past studies and the findings based on qualitative analyses. Data were collected by using cross-sectional questionnaire and a Likert scale, whereby each question was related to an item as in the work of Witherspoon et al. (2013). Data analysis was done using the SPSS.3B.

Based on the results from three surveys and findings, a principle of information security compliance practices was proposed based on the authors’ proposed nine-five-circle (NFC) principle that enhances information security management by identifying human conduct and IT security-related issues regarding the aspect of information security management. Furthermore, the authors’ principle has enabled closing the gap between technology and humans in this study by proving that the factors in the present study’s finding are interrelated and work together, rather than on their own.

The main objective of this study was to address the lack of research evidence on what mobilizes and influences information security management development and implementation. This objective has been fulfilled by surveying, collecting and analyzing data and by giving an account of the attributes that hinder information security management. Accordingly, a major practical contribution of the present research is the empirical data it provides that enable obtaining a bigger picture and precise information about the real issues that cause information security management shortcomings.

In this sense, despite the fact that this study has limitations concerning the development of a diagnostic tool, it is obviously the main procedure for the measurements of a framework to assess information security compliance policies in the organizations surveyed.

The present study’s discoveries recommend in actuality that using flexible tools that can be scoped to meet individual organizational needs have positive effects on the implementation of information security management policies within an organization. Accordingly, the research proposes that organizations should forsake the oversimplified generalized guidelines that neglect the verification of the difference in information security requirements in various organizations. Instead, they should focus on the issue of how to sustain and enhance their organization’s compliance through a dynamic compliance process that involves awareness of the compliance regulation, controlling integration and closing gaps.

The rapid growth of information technology (IT) has created numerous business opportunities. At the same time, this growth has increased information security risk. IT security risk is an important issue in industrial sectors, and in organizations that are innovating owing to globalization or changes in organizational culture. Previously, technology-associated risk assessments focused on various technology factors, but as of the early twenty-first century, the most important issue identified in technology risk studies is the human factor.