Search results

Information security has become an essential entity for organizations across the globe to eliminate the possible risks in their organizations by conducting information security risk assessment (ISRA). However, the existence of numerous different types of risk assessment methods, standards, guidelines and specifications readily available causes the organizations to face the daunting tasks in determining the most suitable method that would augur well in meeting their needs. Therefore, to overcome this tedious process, this paper suggests collective information structure model for ISRA.

The proposed ISRA model was developed by deploying a questionnaire using close-ended questions administrated to a group of information security practitioners in Malaysia (N = 80). The purpose of the survey was to strengthen and add more relevant additional features to the existing framework, as it was developed based on secondary data.

Previous comparative and analyzed studies reveals that all the six types of ISRA methodologies have features of the same kind of information with a slight difference in form. Therefore, questionnaires were designed to insert additional features to the research framework. All the additional features chosen were based on high frequency of more than half percentage agreed responses from respondents. The analyses results inspire in generating a collective information structure model which more practical in the real environment of the workplace.

Generally, organizations need to make comparisons between methodologies and decide on the best due to the inexistence of agreed reference benchmark in ISRA methodologies. This tedious process leads to unwarranted time, money and energy consumption.

The collective information structure model for ISRA aims to assist organizations in getting a general view of ISRA flow and gathering information on the requirements to be met before risk assessment can be conducted successfully. This model can be conveniently used by organizations to complete all the required planning as well as to select the suitable methods to complete the ISRA.

This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.

Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices.

The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services.

As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.

Many methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information used by organisations. This paper argues that these methodologies have a traditional orientation towards the identification and assessment of technical information assets. This obscures key risks associated with the cultivation and deployment of organisational knowledge. The purpose of this paper is to explore how security risk assessment methods can more effectively identify and treat the knowledge associated with business processes.

The argument was developed through an illustrative case study in which a well‐documented traditional methodology is applied to a complex data backup process. Follow‐up interviews were conducted with the organisation's security managers to explore the results of the assessment and the nature of knowledge “assets” within a business process.

It was discovered that the backup process depended, in subtle and often informal ways, on tacit knowledge to sustain operational complexity, handle exceptions and make frequent interventions. Although typical information security methodologies identify people as critical assets, this study suggests a new approach might draw on more detailed accounts of individual knowledge, collective knowledge and their relationship to organisational processes.

Drawing on the knowledge management literature, the paper suggests mechanisms to incorporate these knowledge‐based considerations into the scope of information security risk methodologies. A knowledge protection model is presented as a result of this research. This model outlines ways in which organisations can effectively identify and treat risks around process knowledge critical to the business.

This paper aims to investigate the influence of the determinants (pricing, type of structure, Shariah auditing, Shariah risk and Shariah documentation) and the sukuk legitimacy among Islamic financial institutions using a qualitative approach. The paper further explained the significance of the determinants on legitimacy, evaluated the relationship between sukuk characteristics and sukuk legitimacy and examined the moderating effect of Shariah Supervisory Board (SSB) on the relationship.

The study used a purposive sampling technique to select the target respondents required for the survey (semi-structured interview). This technique is applied by selecting members of SSBs among Islamic financial institutions. A total number of ten members are selected as the sample size for the study based on their experience and basic knowledge of Fiqh Al-Mua’malat and its application in Islamic financial institutions.

The findings revealed that the determinants have a significant impact on the sukuk legitimacy, meaning that there is a positive and significant relationship between the determinants and the sukuk legitimacy. In addition, this study indicates the empirical evidence of the moderating effect of SSB on the relationship between the determinants and the sukuk legitimacy.

This study has added to the literature by examining the determinants of sukuk legitimacy while evaluating the moderating effect of SSB on the relationship. Besides, this might add benefits to the numerous Islamic financial institutions relating to the amendment of its regulatory frameworks with the view to pushing the sukuk market investors to move toward asset-backed structure. In addition, the SSB in central banks must also focus its attention regarding the sukuk legitimacy and its application among the various Islamic financial institutions.

This study has added a new discussion to the body of knowledge, i.e. examining the sukuk legitimacy and its relationship with sukuk determinants; hence, an approach that is not widely discussed in the previous studies. Furthermore, conducting such research in the field of Islamic finance provides novelty in the literature among both emerging and developed economies including Malaysia. This is because to the best knowledge of the researchers, there was no empirical study (within the literature) that combined these variables and evaluated their empirical significance. Accordingly, this would enlighten the Islamic Ummah and propel the society’s intensity toward contributing to knowledge and might further provide clarification on the determinants and the sukuk legitimacy to prospective scholars, precisely on the moderating effect of SSB on the relationship between determinants and legitimacy of sukuk.

Islamic financial institutions (IFIs) are required to establish a Shariīʿah Governance Framework (SGF) to strengthen their Sharīʿah-compliance mechanism and ensure that all relevant IFI regulations are in line with Sharīʿah rules and principles. Effective implementation of the Shariīʿah-compliance function will further promote stakeholder confidence, as well as the integrity of IFIs, by reducing Shariīʿah non-compliance risks. This study aims to examine the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and explore the extent to which it can be incorporated in the Sharīʿah-compliance function of IFIs.

This study adopts a qualitative method of inquiry, utilizing the inductive method and content analysis to build comprehensive knowledge that will assist in exploring the framework of COSO methodology and the extent to which it can be adopted by IFIs.

The findings indicate that the existing frameworks of Sharīʿah governance, whether that of the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) or Bank Negara Malaysia (BNM), need to be further developed. Therefore, the adoption of COSO methodology in the internal Sharīʿah audit of IFIs, as suggested by AAOIFI, is not only possible but desirable. The study also finds that the COSO framework places the highest priority on risk management in that it makes it an integral part of the decision-making process in all the institution's activities. As a result, incorporating the comprehensive COSO risk management structure within the Sharīʿah-compliance function will enhance risk management in IFIs.

This study highlights the importance of the COSO internal control framework and examines its components, principles and the possibility of its adoption by IFIs. The findings of this study are expected to contribute to enhancing the Sharīʿah-compliance function of IFIs.

This paper aims to explore issues arising from ṣukūk (Islamic bonds) on blockchain, including Sharīʾah (Islamic law) and legal matters.

A qualitative methodology is used in conducting this research where relevant literature on ṣukūk was reviewed. Through a doctrinal approach, the paper presents analyses on the practice of ṣukūk and ṣukūk on blockchain by discussing its legal, Sharīʾah and regulatory issues. This culminates in a conceptual analysis of blockchain ṣukūk and its peculiar challenges.

This paper reveals that digitizing ṣukūk issuance through blockchain remedies certain inefficiencies associated with ṣukūk transactions. Indeed, structuring ṣukūk on a blockchain platform can increase transparency of underlying ṣukūk assets and cash flows in addition to reducing costs and the number of intermediaries in ṣukūk transactions. The paper likewise brings to light legal, regulatory, Sharīʾah and cyber risks associated with ṣukūk on blockchain that confront investors, practitioners and regulators. This calls for deeper collaboration in research among Sharīʾah scholars, lawyers, regulators and information technology experts.

As a pioneering subject, the paper notes the prospects of blockchain ṣukūk and the current dearth of literature on it. The paper would assist relevant Islamic capital market entities and authorities to determine the potential and impact of blockchain ṣukūk in their respective businesses and the financial system.

Blockchain ṣukūk will assist in addressing issues inherent in classical ṣukūk and in paving the way to innovative solutions that will facilitate and enhance the quality of ṣukūk transactions. For that, ṣukūk would require appropriate regulatory technology to address its governance and regulation peculiarities.

Integrating ṣukūk with blockchain technology will add value to it. The paper advances the idea that blockchain ṣukūk revolutionises ṣukūk and enhances its practice against known inadequacies.

Agriculture must transform as climate change progresses. The international community has promoted climate-smart agriculture (CSA) as a set of solutions. Previous analyses of opportunities for scaling up CSA have not looked closely at building political and social support for policies, practices and programs. The purpose of this paper is to fill that gap in the case study country of Senegal.

The study applies the conceptual definitions, operationalizations and assessment targets from the political will and public will (PPW) approach to social change. Semi-structured interviews and documents constitute the sources of data and information.

The analysis identifies opportunities to generate political will for supplying an enabling environment for the widespread adoption of CSA. On the public will side, the analysis identifies opportunities to generate and channel demand for CSA.

Researchers investigated some definitional components more completely than others due to resource and access constraints. Further, the context specificity of the components limits generalizability of certain findings.

Social structures may need to change for successful adoption of certain CSA innovations, but improved agricultural outcomes are likely to result.

This examination of crucial elements for scaling up CSA efforts constitutes the most extensive application of the PPW approach to date, thus providing an example of this generalizable method.

The increase in mobile telephone penetration has offered new opportunities for technology to improve payment operations all over the world. Little research has examined the issues related to the decision-making (DM) of mobile payment systems usage in the Jordanian context. The purpose of this study is to examine the factors that may have an influence on the adoption of mobile payment systems. This study has empirically tested the expanded unified theory of acceptance and use of technology (UTAUT2) together with awareness (AW), trust (TR), security (SE) and privacy (PR) as independent variables to explain the mobile payment system adoption in Jordan.

In total, 270 employees participated in a field survey questionnaire from the public sector in Amman city, the capital city of Jordan. Data were analyzed through a quantitative approach of partial least squares–structural equation modeling.

The results mainly showed that the determinants of DM to use mobile payment system are price value, social influence, performance expectancy, AW and TR. All of these determinants explained 60.2% of the variation of DM. In total, 72.2% has been explained as the TR to use m-payment system by SE and PR. Furthermore, the results revealed that TR mediates the association between SE as well as PR and the DM to use mobile payment system.

Interestingly, these new variables were found to be important and contribute to the UTAUT2 model. Consequently, the decision-makers in the Central Bank of Jordan should consider all these factors when re-upgrading a Jordan Mobile Payment system in the near future.

This study aims to argue that in the case of quantitative security risk assessment, individuals do not estimate probabilities as a likelihood measure of event occurrence.

The study uses the most commonly used quantitative assessment approach, the annualized loss expectancy (ALE), to support the three research hypotheses.

The estimated probabilities used in quantitative models are subjective.

The ALE model used in security risk assessment, although it is presented in the literature as quantitative, is, in fact, qualitative being influenced by bias.

The study provides a factual basis showing that quantitative assessment is neither realistic nor practical to the real world.

A model that cannot be tested experimentally is not a scientific model. In fact, the probability used in ISRM is an empirical probability or estimator of a probability because it estimates probabilities from experience and observation.

The purpose of this empirical research is to attempt to explore the effect of information security initiatives (ISI) on supply chain performance, considering various intra- and inter-organization information security aspects that are deemed to have an influence on supply chain operations and performance.

Based on extant information security management and supply chain security management literature, a conceptual model was developed and validated. A questionnaire survey instrument was developed and administered among supply chain managers to collect data. Data were collected from 197 organizations belonging to various sectors. The study used exploratory and confirmatory factor analysis for data analysis. Further, to test the hypotheses and to fit the theoretical model, structural equation modeling techniques were used.

Results of this study indicate that ISI, comprising technical, formal and informal security aspects in an intra- and inter-organizational environment, are positively associated with supply chain operations, which, in turn, positively affects supply chain performance.

This study provides the foundation for future research in the management of information security in supply chains. Findings are expected to provide the communities of practice with better information security decision-making in a supply chain context, by clearly formulating technical, formal and informal information security policies for improving supply chain performance.

In today’s global supply chain environment where competition prevails among supply chains, this research is relevant in terms of capability that an organization has to acquire for managing internal and external information security. In that sense, this study contributes to the body of knowledge with an empirical analysis of organizations’ information security management initiatives as a blend of technical, formal and informal security aspects.