Search results

Information security has become an essential entity for organizations across the globe to eliminate the possible risks in their organizations by conducting information security risk assessment (ISRA). However, the existence of numerous different types of risk assessment methods, standards, guidelines and specifications readily available causes the organizations to face the daunting tasks in determining the most suitable method that would augur well in meeting their needs. Therefore, to overcome this tedious process, this paper suggests collective information structure model for ISRA.

The proposed ISRA model was developed by deploying a questionnaire using close-ended questions administrated to a group of information security practitioners in Malaysia (N = 80). The purpose of the survey was to strengthen and add more relevant additional features to the existing framework, as it was developed based on secondary data.

Previous comparative and analyzed studies reveals that all the six types of ISRA methodologies have features of the same kind of information with a slight difference in form. Therefore, questionnaires were designed to insert additional features to the research framework. All the additional features chosen were based on high frequency of more than half percentage agreed responses from respondents. The analyses results inspire in generating a collective information structure model which more practical in the real environment of the workplace.

Generally, organizations need to make comparisons between methodologies and decide on the best due to the inexistence of agreed reference benchmark in ISRA methodologies. This tedious process leads to unwarranted time, money and energy consumption.

The collective information structure model for ISRA aims to assist organizations in getting a general view of ISRA flow and gathering information on the requirements to be met before risk assessment can be conducted successfully. This model can be conveniently used by organizations to complete all the required planning as well as to select the suitable methods to complete the ISRA.

This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.

Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices.

The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services.

As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.

Many methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information used by organisations. This paper argues that these methodologies have a traditional orientation towards the identification and assessment of technical information assets. This obscures key risks associated with the cultivation and deployment of organisational knowledge. The purpose of this paper is to explore how security risk assessment methods can more effectively identify and treat the knowledge associated with business processes.

The argument was developed through an illustrative case study in which a well‐documented traditional methodology is applied to a complex data backup process. Follow‐up interviews were conducted with the organisation's security managers to explore the results of the assessment and the nature of knowledge “assets” within a business process.

It was discovered that the backup process depended, in subtle and often informal ways, on tacit knowledge to sustain operational complexity, handle exceptions and make frequent interventions. Although typical information security methodologies identify people as critical assets, this study suggests a new approach might draw on more detailed accounts of individual knowledge, collective knowledge and their relationship to organisational processes.

Drawing on the knowledge management literature, the paper suggests mechanisms to incorporate these knowledge‐based considerations into the scope of information security risk methodologies. A knowledge protection model is presented as a result of this research. This model outlines ways in which organisations can effectively identify and treat risks around process knowledge critical to the business.

This paper aims to investigate the influence of the determinants (pricing, type of structure, Shariah auditing, Shariah risk and Shariah documentation) and the sukuk legitimacy among Islamic financial institutions using a qualitative approach. The paper further explained the significance of the determinants on legitimacy, evaluated the relationship between sukuk characteristics and sukuk legitimacy and examined the moderating effect of Shariah Supervisory Board (SSB) on the relationship.

The study used a purposive sampling technique to select the target respondents required for the survey (semi-structured interview). This technique is applied by selecting members of SSBs among Islamic financial institutions. A total number of ten members are selected as the sample size for the study based on their experience and basic knowledge of Fiqh Al-Mua’malat and its application in Islamic financial institutions.

The findings revealed that the determinants have a significant impact on the sukuk legitimacy, meaning that there is a positive and significant relationship between the determinants and the sukuk legitimacy. In addition, this study indicates the empirical evidence of the moderating effect of SSB on the relationship between the determinants and the sukuk legitimacy.

This study has added to the literature by examining the determinants of sukuk legitimacy while evaluating the moderating effect of SSB on the relationship. Besides, this might add benefits to the numerous Islamic financial institutions relating to the amendment of its regulatory frameworks with the view to pushing the sukuk market investors to move toward asset-backed structure. In addition, the SSB in central banks must also focus its attention regarding the sukuk legitimacy and its application among the various Islamic financial institutions.

This study has added a new discussion to the body of knowledge, i.e. examining the sukuk legitimacy and its relationship with sukuk determinants; hence, an approach that is not widely discussed in the previous studies. Furthermore, conducting such research in the field of Islamic finance provides novelty in the literature among both emerging and developed economies including Malaysia. This is because to the best knowledge of the researchers, there was no empirical study (within the literature) that combined these variables and evaluated their empirical significance. Accordingly, this would enlighten the Islamic Ummah and propel the society’s intensity toward contributing to knowledge and might further provide clarification on the determinants and the sukuk legitimacy to prospective scholars, precisely on the moderating effect of SSB on the relationship between determinants and legitimacy of sukuk.

Islamic financial institutions (IFIs) are required to establish a Shariīʿah Governance Framework (SGF) to strengthen their Sharīʿah-compliance mechanism and ensure that all relevant IFI regulations are in line with Sharīʿah rules and principles. Effective implementation of the Shariīʿah-compliance function will further promote stakeholder confidence, as well as the integrity of IFIs, by reducing Shariīʿah non-compliance risks. This study aims to examine the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and explore the extent to which it can be incorporated in the Sharīʿah-compliance function of IFIs.

This study adopts a qualitative method of inquiry, utilizing the inductive method and content analysis to build comprehensive knowledge that will assist in exploring the framework of COSO methodology and the extent to which it can be adopted by IFIs.

The findings indicate that the existing frameworks of Sharīʿah governance, whether that of the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) or Bank Negara Malaysia (BNM), need to be further developed. Therefore, the adoption of COSO methodology in the internal Sharīʿah audit of IFIs, as suggested by AAOIFI, is not only possible but desirable. The study also finds that the COSO framework places the highest priority on risk management in that it makes it an integral part of the decision-making process in all the institution's activities. As a result, incorporating the comprehensive COSO risk management structure within the Sharīʿah-compliance function will enhance risk management in IFIs.

This study highlights the importance of the COSO internal control framework and examines its components, principles and the possibility of its adoption by IFIs. The findings of this study are expected to contribute to enhancing the Sharīʿah-compliance function of IFIs.

This paper aims to explore issues arising from ṣukūk (Islamic bonds) on blockchain, including Sharīʾah (Islamic law) and legal matters.

A qualitative methodology is used in conducting this research where relevant literature on ṣukūk was reviewed. Through a doctrinal approach, the paper presents analyses on the practice of ṣukūk and ṣukūk on blockchain by discussing its legal, Sharīʾah and regulatory issues. This culminates in a conceptual analysis of blockchain ṣukūk and its peculiar challenges.

This paper reveals that digitizing ṣukūk issuance through blockchain remedies certain inefficiencies associated with ṣukūk transactions. Indeed, structuring ṣukūk on a blockchain platform can increase transparency of underlying ṣukūk assets and cash flows in addition to reducing costs and the number of intermediaries in ṣukūk transactions. The paper likewise brings to light legal, regulatory, Sharīʾah and cyber risks associated with ṣukūk on blockchain that confront investors, practitioners and regulators. This calls for deeper collaboration in research among Sharīʾah scholars, lawyers, regulators and information technology experts.

As a pioneering subject, the paper notes the prospects of blockchain ṣukūk and the current dearth of literature on it. The paper would assist relevant Islamic capital market entities and authorities to determine the potential and impact of blockchain ṣukūk in their respective businesses and the financial system.

Blockchain ṣukūk will assist in addressing issues inherent in classical ṣukūk and in paving the way to innovative solutions that will facilitate and enhance the quality of ṣukūk transactions. For that, ṣukūk would require appropriate regulatory technology to address its governance and regulation peculiarities.

Integrating ṣukūk with blockchain technology will add value to it. The paper advances the idea that blockchain ṣukūk revolutionises ṣukūk and enhances its practice against known inadequacies.

Agriculture must transform as climate change progresses. The international community has promoted climate-smart agriculture (CSA) as a set of solutions. Previous analyses of opportunities for scaling up CSA have not looked closely at building political and social support for policies, practices and programs. The purpose of this paper is to fill that gap in the case study country of Senegal.

The study applies the conceptual definitions, operationalizations and assessment targets from the political will and public will (PPW) approach to social change. Semi-structured interviews and documents constitute the sources of data and information.

The analysis identifies opportunities to generate political will for supplying an enabling environment for the widespread adoption of CSA. On the public will side, the analysis identifies opportunities to generate and channel demand for CSA.

Researchers investigated some definitional components more completely than others due to resource and access constraints. Further, the context specificity of the components limits generalizability of certain findings.

Social structures may need to change for successful adoption of certain CSA innovations, but improved agricultural outcomes are likely to result.

This examination of crucial elements for scaling up CSA efforts constitutes the most extensive application of the PPW approach to date, thus providing an example of this generalizable method.

This study aims to investigate the extent of Shariah compliance in wakalah sukuk and Shariah non-compliant risk disclosure in the sukuk documents and to analyse the risk management techniques associated with the disclosed risks.

This study uses qualitative document analysis as both data collection and analysis methods. The document analysis acts as a data collection method for 23 wakalah sukuk documents selected from 32 issuances of wakalah sukuk from 2017 to 2021. These sukuk documents were selected based on their availability from relevant websites. Document analysis, both content analysis and thematic analysis, were used to analyse the data. Codes were grounded from that data through keywords search of Shariah noncompliant risk and its risk management. Besides these, interviews were also conducted with four active industry players, i.e. two legal advisors of wakalah sukuk, a wakalah sukuk trustee and a sukuk institutional issuer. These interview data were analysed based on categorical themes, on the aspects of the extent of Shariah compliance in sukuk, and the participant’s views on the risk management techniques associated with the risks or used in the sukuk documents.

Overall, the findings reveal three types of Shariah non-compliant risks disclosed in the sukuk documents and seven risk management techniques associated with them. However, the disclosure and the risk management techniques can be considered minimal in contrast to the extent of Shariah compliance in a sukuk, i.e. Shariah compliance at the pre-issuance stage, ongoing stage and post-issuance stage. On top of these, it was also found from the interviews that not all risk management techniques are workable to manage Shariah non-compliant risk in sukuk. As a result, these findings suggest rigorous reviews of the existing Shariah non-compliance risk (SNCR) disclosures and risk management techniques by the relevant parties.

Sukuk documents used in the study are limited to corporate wakalah sukuk issued in Malaysia. Out of 32 issuances from 2015 to 2021, only 23 documents are available in relevant website. Thus, Shariah non-compliant risk disclosure and its risk management techniques analysed in this study are only limited in those documents.

The findings of this study suggest rigorous reviews on the existing Shariah non-compliance disclosures and risk management techniques. Other than these, future research in relation to uncommon risk management clauses, i.e. assurance, Shariah waiver and transfer of risk, are needed.

The insights presented in the analysis are of importance to sukuk issuers and the sukuk due diligence working group in enhancing the sukuk Shariah compliance and Shariah non-compliant risks disclosure and towards sukuk investors, in capturing and assessing Shariah non-compliant risks in a sukuk and to assist them to make informed investment decisions. More importantly, this study has found few areas of future study in relation to SNCR disclosures and SNCR risk management techniques.

The increase in mobile telephone penetration has offered new opportunities for technology to improve payment operations all over the world. Little research has examined the issues related to the decision-making (DM) of mobile payment systems usage in the Jordanian context. The purpose of this study is to examine the factors that may have an influence on the adoption of mobile payment systems. This study has empirically tested the expanded unified theory of acceptance and use of technology (UTAUT2) together with awareness (AW), trust (TR), security (SE) and privacy (PR) as independent variables to explain the mobile payment system adoption in Jordan.

In total, 270 employees participated in a field survey questionnaire from the public sector in Amman city, the capital city of Jordan. Data were analyzed through a quantitative approach of partial least squares–structural equation modeling.

The results mainly showed that the determinants of DM to use mobile payment system are price value, social influence, performance expectancy, AW and TR. All of these determinants explained 60.2% of the variation of DM. In total, 72.2% has been explained as the TR to use m-payment system by SE and PR. Furthermore, the results revealed that TR mediates the association between SE as well as PR and the DM to use mobile payment system.

Interestingly, these new variables were found to be important and contribute to the UTAUT2 model. Consequently, the decision-makers in the Central Bank of Jordan should consider all these factors when re-upgrading a Jordan Mobile Payment system in the near future.

Today, the presence of unwanted activities threatening the safety of the field, which has negative effects on daily life and social psychology, is increasing day by day. There is no doubt that it is inevitable to avoid these threats, but it is possible to take some measures to reduce the destructive power of these threats. Nowadays, increasing terrorist attacks increase the importance of field safety design in urban areas. There is a loss of life in attacks around the world. The subject of this study is to investigate the design criteria related to the built environment and the measures to be taken in the case of bomb attacks in the built environment. In this study, a checklist will designed to measure the security design process around the building. The checklist titles are taken mainly from the “Safety design and Landscape Architecture” series of the Landscape Architecture Technical Information Series/LATIS publications by the American Society of Landscape Architects (ASLA) and the Risk Management Series of the Federal Emergency Management Agency/FEMA (FEMA, 2003, 2007; LATIS, 2016) and others. The checklist created as a result of literature review will be tested in Istanbul Sultanahmet Square. As a result of the study, it was determined that improvements should be made in the areas of vehicular and pedestrian access, parking lots, lighting and trash receptacle designs around Sultanahmet Square.