Search results

This paper presents a method for adapting an Information Security Focus Area Maturity (ISFAM) model to the organizational characteristics (OCs) of a small- and medium-sized enterprise (SME) cluster. The purpose of this paper is to provide SMEs with a tailored maturity model enabling them to capture and improve their information security capabilities.

Design Science Research was followed to design and evaluate the method as a design artifact.

The method has successfully been used to adapt the ISFAM model to a group of SMEs within a regional cluster resulting in a model that is aligned with the OCs of the cluster. Areas for further investigation and improvements were identified.

The study is based on applying the proposed method for the SMEs active in the transport, logistics and packaging sector in the Port of Rotterdam. Future research can focus on different sectors and regions. The method can be used for adapting other focus area maturity models.

The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources.

The resulting adapted maturity model can facilitate the creation and further development of a base of common or shared knowledge in the cluster. The adapted maturity model can cut the cost of over implementation of information security capabilities for the SMEs with scarce resources.

The purpose of this paper is twofold: first, to describe Lean maturity in primary care using a questionnaire based on Liker’s description of Lean, complemented with observations; and second, to determine the extent to which Lean maturity is associated with quality of care measured as staff-rated satisfaction with care and adherence to national guidelines (NG). High Lean maturity indicates adoption of all Lean principles throughout the organization and by all staff.

Data were collected using a survey based on Liker’s four principles, divided into 16 items (n=298 staff in 45 units). Complementary observations (n=28 staff) were carried out at four units.

Lean maturity varied both between and within units. The highest Lean maturity was found for “adhering to routines” and the lowest for “having a change agent at the unit.” Lean maturity was positively associated with satisfaction with care and with adherence to NG to improve healthcare quality.

Quality of primary care may benefit from increasing Lean maturity. When implementing Lean, managers could benefit from measuring and adopting Lean maturity repeatedly, addressing all Liker’s principles and using the results as guidance for further development.

This is one of the first studies to evaluate Lean maturity in primary care, addressing all Liker’s principles from the perspective of quality of care. The results suggest that repeated actions based on evaluations of Lean maturity may help to improve quality of care.

Information systems' security is more critical than ever before since security threats are rapidly growing. Before putting in place information systems' security measures, organizations are required to determine the maturity level of their information security governance. Literature review reveals that there is no recent study on information systems' security maturity level of banks in Ethiopia. This study thus seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators.

Four private banks are selected as a representative sample. The system security engineering capability maturity model (SSE-CMM) is used as the maturity measurement criteria, and the measurement was based on ISO/IEC 27001 information security control areas. The data for the study were gathered using a questionnaire.

A total of 93 valid questionnaires were gathered from 110 participants in the study. Based on the SSE-CMM maturity model assessment criteria the private banking industry's current maturity level is level 2 (repeatable but intuitive). Institutions have a pattern that is repeated when completing information security operations but its existence was not thoroughly proven and institutional inconsistency still exists.

This study seeks to measure the existing maturity level and examine the security gaps in order to propose possible changes in Ethiopian private banking industry's information system security maturity indicators. This topic has not been attempted previously in the context of Ethiopian financial sector.

Recent research outputs can be difficult to implement into ongoing safety critical processes. Hence, research is well beyond current practices in railway asset management. This paper demonstrates the process of creating tangible change within a railway asset management organization by introducing a framework for advancing track geometry deterioration analyses (TGDA) in practice.

The research was conducted in three parts: (1) maturity models were reviewed and adapted as the basis for the framework, (2) the initial maturity level was investigated by conducting semi-structured expert interviews, and (3) a framework for development was created in cooperation with stakeholders during three workshops. The methodology and findings were tested and applied in the Finnish state rail network asset management.

The main output of this study is the framework for advancing TGDA in railway asset management. The novel framework provides structure for controlled incremental development, which is essential when altering a safety critical process.

The research process was successfully applied in Finland. Following the steps presented in this article, any organization can apply the framework to plan their development schemes for railway asset management.

Full-scale implementation of novel models and methods is often overlooked, which prevents practical asset management from obtaining tangible benefits from research. This research provides an innovative approach in narrowing the overlooked research gap and brings research results within the reach of practitioners.

The aim of this paper is to contribute to empirical research dealing with the measurement of green and sustainable supply chain management(SSCM) practices. The paper intends to empirically evaluate the practices maturity related to green supply chain management (GSCM) in one of the most strategic sectors in Saudi Arabia, namely, pharmaceutical sector.

Based on a research questionnaire, data were collected from 111 respondents in pharmaceutical companies. Data analysis has been conducted based on Statistical Package for the Social Sciences (SPSS) program to evaluate the extent to which pharmaceutical companies in Kingdom of Saudi Arabia (KSA) are mature regarding each sustainable SCM dimension.

The results reflect high adoption of green practices related to SCM by pharmaceutical companies operating in KSA that are highly meeting environmental requirements that represent one of the core objectives of KSA vision 2030.

The study presents a platform based on which future studies can link the maturity of Sustainable SCM with the firm's performance.

This study provided professionals and managers in the pharmaceutical sector with in-depth insights regarding the maturity of their green practices related to SCM. This study also proposed a framework that could be by managers to continuously assess their Sustainable SCM practices.

This research intends to demonstrate to what extent SSCM in pharmaceutical sector are mature.

Insufficient productivity development in the global and Finnish infrastructure sectors indicates that there are challenges in genuinely achieving the goals of resource efficiency and digitalization. This study adapts the approach of capability maturity model integration (CMMI) for examining the capabilities for productivity development that reveal the enablers of improving productivity in the infrastructure sector.

Civil engineering in Finland was selected as the study area, and a qualitative research approach was adopted. A novel maturity model was constructed deductively through a three-step analytical process. Previous research literature was adapted to form a framework with maturity levels and key process areas (KPAs). KPA attributes and their maturity criteria were formed through a thematic analysis of interview data from 12 semi-structured group interviews. Finally, validation and refinement of the model were performed with an expert panel.

This paper provides a novel maturity model for examining and enhancing the infrastructure sector’s maturity in productivity development. The model brings into discussion the current business logics, relevance of lifecycle-thinking, binding targets and outcomes of limited activities in the surrounding infrastructure system.

This paper provides a new approach for pursuing productivity development in the infrastructure sector by constructing a maturity model that adapts the concepts of CMMI and change management. The model and findings benefit all actors in the sector and provide an understanding of the required elements and means to achieve a more sustainable built environment and effective operations.

Despite many efforts within organizations toward business process orientation (BPO), research on real-world experiences remains in its infancy. The purpose of this paper is to redress the existing knowledge gap by analyzing a Swedish public housing company that has made notable effects regarding BPO and to explore lessons learned from the BPO journey (from 1998 to 2013).

The point of departure is principles in the BPO foundation, principles of successful BPM and effects in empirically based literature. The reconstruction of the narrative case study describes milestones and critical junctions, as well as effects based on quantitative and qualitative data.

Effects in BPO are demonstrated in terms of higher customer satisfaction, increased innovative ability, improved operational performance, higher employee satisfaction and, as a result of these, increased profitability. Theoretical constructs with implications for the theory building on BPO are suggested in a three-layer management framework – with capabilities and abilities emerging from the case study used as an illustrative example.

Lessons are learned regarding critical practices related to advancement in BPO. A strategy-building process based on eight design propositions is suggested to define the pre-conditions for BPO in an organization.

This is the first longitudinal case study to provide a comprehensive view and detailed insights of a BPO journey and top management performance toward a business process-oriented organization. Practitioners and BPM community get valuable insights into how the temporality and the context shape the BPO maturity process in terms of new organizational structure and roles during the journey.

As evident from the literature review, the research on cyber security performance is centered on security metrics, maturity models, etc. Essentially, all these are helpful for evaluating the efficiency of cyber security organization but what matters is how the factors of internal efficiency affect the business performance, i.e. the external effectiveness. The purpose of this research paper is to derive the factors of internal efficiency and external effectiveness of cyber security and develop impact model to identify the most and least preferred parameters of internal efficiency with respect to all the parameters of external effectiveness.

There are two objectives for this research: Deriving the factors of internal efficiency and external effectiveness of cyber security; Developing a model to identify the impact of internal efficiency factors on the external effectiveness of cyber security since there is not much evidence of research in defining the factors of internal efficiency and external effectiveness of cyber security, the authors have chosen grounded theory methodology (GTM) to derive the parameters. In this study emic approach of GTM is followed and an algorithm is developed for administering the grounded theory research process. For the second research objective survey methodology and rank order was used to formulate the impact model. Two different samples and questionnaires were designed for each of the objectives.

For the objective 1, 11 factors of efficiency and 10 factors of effectiveness were derived. These are used as independent and dependent variable respectively in the later part of the research for the second objective. For the objective 2 the impact models among independent and dependent variables were formulated to find out the following. Most and least preferred parameters lead to internal efficiency of cyber security organization to identify the most and least preferred parameters of internal efficiency with respect to all the parameters external effectiveness.

The factors of internal efficiency and external effectiveness constructed by using grounded theory cannot remain constant in the long run, because of dynamism of the domain itself. Over and above this, there are inherent limitations of the tools like grounded theory, used in the research. Few important limitations of GTM are as below in grounded theory, it is comparatively difficult to maintain and demonstrate the rigors of research discipline. The sheer volume of data makes the analysis and interpretation complex, and lengthy time consuming. The researchers’ presence during data gathering, which is often unavoidable and desirable too in qualitative research, may affect the subjects’ responses. The subjectivity of the data leads to difficulties in establishing reliability and validity of approaches and information. It is difficult to detect or to prevent researcher-induced bias.

The internal efficiency and external effectiveness factors of cyber security can be further correlated by the future researchers to understand the correlations among all the factors and predict cyber security performance. The grounded theory algorithm developed by us can be further used for qualitative research for deriving theory through abstractions in the areas where there is no sufficient availability of data. Practitioners of cyber security can use this research to focus on relevant areas depending on their respective business objective/requirements. The models developed by us can be used by the future researchers to for various sectoral validations and correlations.

Though the financial costs of a cyber-attack are steep, the social impact of cyber security failures is less readily apparent but can cause lasting damage to customers, employees and the company. Therefore, it is always important to be mindful of how the impact of cyber security affects society as well as the bottom line when they are calculating the potential impact of a breach. Underestimating either impact can destroy a brand. The factor of internal efficiency and external effectiveness derived by us will help stakeholder in focusing on relevant area depending on their business. The impact model developed in this research is very useful for focusing a particular business requirement and accordingly tune the efficiency factor.

During literature study the authors did not find any evidence of application of grounded theory approach in cyber security research. While the authors were exploring research literature to find out some insight into the factor of internal efficiency and external effectiveness of cyber security, the authors did not find concrete and objective research on this. This motivated us to use grounded theory to derive these factors. This, in the authors’ opinion is one of the pioneering and unique contribution to the research as to the authors’ knowledge no researchers have ever tried to use this methodology for the stated purpose and cyber security domain in general. In this process the authors have also developed an algorithm for administering GTM. Further developing impact models using factors of internal efficiency and external effectiveness has lots of managerial and practical implication.

The purpose of this study is to develop and validate the business streamlining (BS) model proposed in 2017.

This study/paper develops and validates the qualitatively generated BS model, a conceptual model of service sourcing relationships, by testing it quantitatively. A survey was sent to chief exective officers, chief purchasing officers or facility managers in 764 private or public companies in Sweden with an annual turnover exceeding € 10m. The categories were tested and analyzed by means of factor analysis.

The BS model for managing service sourcing processes was confirmed to be significant overall, meaning that it is applicable irrespective of service sourcing context. The efficiency pursuing (EP) was found to have an interlinking role that calls for a revision of the BS model. Furthermore, the four categories tended to load pairwise.

Although this cross-sectional study confirms the relevance of the BS model for managing service-sourcing processes, further studies should examine both the relative significance of its categories in different service-sourcing contexts and why the four main categories tend to pair.

The results support that the model is flexible and adaptable to a wide range of service-sourcing circumstances. Irrespective of the relative complexity of facility management (FM) sourcing processes, the categories can be adapted to fit the service sourcing context. Thus, it can be used as a tool to analyze and facilitate strategic decision-making.

The paper validates that the BS model can represent the dynamics of different service-sourcing processes, regardless of the complexity of the context.