Search results

This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.

Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices.

The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services.

As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.

Learning across teams and organisational levels enables organisations to deal with challenges that arise from changing contexts. Project-oriented organisations increasingly use programme management to cope with such challenges and improve performance. This paper aims to find out how different programme configurations affect learning across project teams and between project teams and their parent organisation in project-oriented organisations.

A case study of a project-oriented organisation involved in five infrastructure programmes was performed.

The studied programmes linked learning processes at group and organisational levels by creating relationships across project teams and their parent organisation and acting as a knowledge centre. Team learning benefits from the learning culture and stable environment that programmes create for project teams. This study indicates that a programme’s features and focus strongly determines whether a programme predominantly enhances learning across project teams or learning between project teams and their parent organisation.

Although programme management is increasingly used by project-oriented organisations, there are few studies relating to learning in programmes. This study provides new insights into learning across teams through programmes.