Search results

Information security is a growing concern in society, across businesses and government. As the offshore IT services market continues to grow providing numerous benefits, there are also perceived risks with respect to the quality of information security delivered in the supply chain. This paper aims to examine, as a case, the perceptions of Indian software services provider (service provider) employees with respect to information security governance and its impact on information security service quality that is delivered to customers.

The paper provides a framework built upon the existing dimensions and instruments for total quality management and service quality, suitably modified to reflect the context of information security. SmartPLS, a structural equation modelling technique, has been used to analyse field survey data collected from across various Indian cities and companies.

Significant finding is that information security governance in an IT outsourcing company providing software services has a highly significant impact on the information security service quality, which can be predicted. The paper also establishes that there is a positive relationship collectively between elements of information security governance and information security service quality.

Since data used in this study were taken solely from the responses of employees of outsourced service companies in India, it does not show if this translates into service improvements as perceived by the customer.

Information security governance should be made an integral part of corporate governance and is an effective strategic technique, if software outsourcing business enterprises want to achieve a competitive edge, provide client satisfaction and create trust.

The paper presents empirical data validation of the connection between information security governance and quality of service.

Highly sensitive information pertaining to citizens and government transactions is processed in an electronic format, making information security a critical part of e-Government applications and architectures. Information security measures should ideally span from authentication to authorisation and from logical/physical access control to auditing of electronic transactions and log books. The lack of such measures compromises confidentiality, integrity and availability of information. Today, most e-Government projects in developing countries in Southern Africa Developing Community (SADC) face challenges in two main areas, namely, information security and application software integration. This paper aims to discuss and analyse the information security requirements for e-Government projects and proposes an information security governance model for service-based architectures (SBAs).

The current state of information security in emerging economies in SADC countries was researched. The main problems identified were the lack of software integration and information security governance, policy and administration. The design consists of three basic layers: information security governance defined at the strategic level of the government; information security policy/management defined at the management/operational level; and information security measures, implemented at the technical level. This section also proposes a policy for implementing public key infrastructures to protect information, transactions and e-services. A Token-Ring-based mechanism for implementing Single-Sign-On has also been developed as part of this study.

The main problems identified were the lack of software integration and information security governance, policy and administration. These challenges are causing e-government projects to stagnate.

The proposed approach for implementing information security in e-Government systems will ensure a holistic approach to ensuring confidentiality, integrity and non-repudiation, allowing e-Government maturity to progress from “interaction” to “online transaction” stage in emerging economies.

Research has not focused on developing a solution for emerging economies which are facing difficulties in integration software applications to deploy end-to-end e-services and to produce an underlying identity management architecture and information security governance to secure the e-services developed and deployed using an SBA. The work produced in this paper is specific to SBAs in e-government environments where legacy systems already exist. The work includes: information security governance defined at the strategic level of the government; information security policy/management defined at the management/operational level; and information security measures implemented at the technical level. This section also proposes a policy for implementing public key infrastructures to protect information, transactions and e-services. A Token-Ring-based mechanism for implementing Single-Sign-On has also been developed as part of this study.

Over the past decade, many small‐ and medium‐sized enterprises have incurred dramatic losses due to major disasters, causing loss of their business information systems and transaction data, so, they have started to outsource their information operations to data centers (DCs), in order to monitor critical business data operations. The purpose of this paper is to propose a dual‐sided business data integrity policy framework.

Based on a review of the available literature, case studies, and in‐depth interviews with top CEOs and experts in the field, a fuzzy Delphi method is proposed in two frameworks. In addition, a risk evaluation rule is derived by applying Bayesian decision analysis to mitigate the risk and lower the cost in their outsourcing policy; and Delphi method is used to extract 11 DC service quality evaluation indicators and also use these indicators to conduct a benchmark in Taiwan. Furthermore, the proposed framework is applied to figure out critical service advantages as well as suggestions for the DC involved in the benchmark.

The results of framework point out that enterprises should monitor the four operation elements (facility and infrastructure, server system management, information security management, and disaster recovery (DR) mechanism) to ensure and improve their data integrity; and DC firms need to build robust facilities and services in the five operation elements (customizability, serviceability, information technology infrastructure, security management, and knowledge intensity).

This paper uses a hybrid Delphi‐Bayesian method to propose a new framework, which is adequately integrated with the consensus of experts and business decision makers; higher professionalism and content validity are achieved. Enterprises can use these indicators to evaluate the service quality of DCs among DC firms.

The primary purpose of this study is to investigate the impact of information security breaches on hotel guests' perceived service quality, satisfaction, likelihood of recommending a hotel and revisit intentions.

Five‐hundred seventy‐four US travelers participated in this experimental study. The respondents were exposed to one of three different scenarios: “negative”, where an information security breach happened in the hotel where a person stayed last and guest information was compromised; “neutral”, where an information security breach happened and guest information remained safe; and “positive”, where participants were told that the hotel where they last stayed successfully passed a comprehensive security audit, meaning that their guest information is properly handled and secured.

The results of the study revealed a significant impact of the treatments on three of the four outcome variables: satisfaction, likelihood of recommending a hotel, and revisit intentions. Information security breach scenarios resulted in a negative impact on the outcome variables regardless of whether or not the guest's credit card information was compromised. A positive scenario revealed a significant increase in guest satisfaction and revisit intentions scores.

The findings of the study provide clear indication that hotel operators must continually strive to keep the sensitive data that is collected from their guests secure, and that failure to do so can have significant negative ramifications on current and future guests. The results also suggest that hotels should openly publicize their achievements in the field of PCI compliance.

The study contributes to the body of knowledge on the importance of credit card information security breaches to hotel guest satisfaction and future behavior. To date, this is the only study that has investigated this topic in the hospitality industry, and it therefore makes a significant improvement towards the understanding of the impact of information security breach on hotel guest perceptions and future intentions.

Although cloud storage services can bring users valuable convenience, they can be technically complex and intrinsically insecure. Therefore, this research explores the concerns of academic users regarding cloud security and technical issues and how such problems may influence their continuous use in daily life.

This qualitative study used a semi-structured interview approach comprising six main open-ended questions to explore the information security and technical issues for the continuous use of cloud storage services by 20 undergraduate students in Hong Kong.

The analysis revealed cloud storage service users' major security and technical concerns, particularly synchronization and backup issues, were the most significant technical barrier to the continuing personal use of cloud storage services.

Existing literature has focused on how cloud computing services could bring benefits and security and privacy-related risks to organizations rather than security and technical issues of personal use, especially in the Asian academic context.

Establishing information security in a downsized multi‐platform, multi‐vendor, enterprise‐wide information technology environment is emerging as the greatest challenge yet to confront the information security industry. Outlines the problems, describes the ideal solution and suggests some currently possible solutions.

This paper proposes a holistic, proactive and adaptive approach to cybersecurity from a service lens, given the continuously evolving cyber-attack techniques, threat and vulnerability landscape that often overshadow existing cybersecurity approaches.

Through an extensive literature review of relevant concepts and analysis of existing cybersecurity frameworks, standards and best practices, a logical argument is made to produce a dynamic end-to-end cybersecurity service system model.

Cyberspace has provided great value for businesses and individuals. The COVID-19 pandemic has significantly motivated the move to cyberspace by organizations. However, the extension to cyberspace comes with additional risks as traditional protection techniques are insufficient and isolated, generally focused on an organization's perimeter with little attention to what is out there. More so, cyberattacks continue to grow in complexity creating overwhelming consequences. Existing cybersecurity approaches and best practices are limited in scope, and implementation strategies, differing in strength and focus, at different levels of granularity. Nevertheless, the need for a proactive, adaptive and responsive cybersecurity solution is recognized.

This paper presents a model that promises proactive, adaptive and responsive end-to-end cybersecurity. The proposed cybersecurity continuity and management model premised on a service system, leveraging on lessons learned from existing solutions, takes a holistic analytical view of service activities from source (service provider) to destination (Customer) to ensure end-to-end security, whether internally (within an organization) or externally.

The purpose of this study is to assess the levels of information security governance (ISG) implementation among major Ghanaian industry sectors. The intent is to benchmark inter-industry sector ISG implementation and to identify areas that may require improvement.

Random sampling strategy was used, and data were collected via Web survey. The data analysis utilized a one-way analysis of variance to determine the differences in means of the levels of implementation of ISG focus areas among five main industry sectors.

The results showed that, as a whole, all the industry sectors have only partially implemented ISG. In particular, there existed statistical significant differences in ISG implementation among the industry sectors. Ranking ISG implementation, Financial Institutions were close to completion, Utility Companies, Others (Information Technology, Oil and Gas, Manufacturing) and Public Services had PI ISG and health care and educational institutions were at the planning stages. The result also revealed that all the industry sectors made marginal effort trying to align information security to business strategy, and performance measurement remained the least implemented focus area.

Organizational leaders could use these findings to benchmark industry sectors’ ISG implementation, which could lead to competitiveness. Again, international enterprises that do businesses with these industry sectors would better understand the level of involvement of the top executives in governing information security toward the protection of valuable information assets.

Top management is responsible for the wellbeing of the organization. Most organizations nowadays are dependent totally on the availability and effectiveness of their information service resources. For this reason it is imperative that top management gets involved and stays involved in the protection of the information service assets of the organization. This can only be accomplished through a process of continuous information security evaluation and reporting. An information security evaluation and reporting tool, representing the information security status in a concise, clear manner, will help a great deal in ensuring top management involvement. Suggests implementation of an information security management model by means of an evaluation tool. This tool will provide top management with information security status reporting in a clear, non‐technical format.

Many organizations struggle to utilize security-as-a-service (SecaaS) advantages effectively, thus challenging the assumption that adopting the SecaaS model will necessarily lead to post-adoption satisfaction. This research paper draws on the organizational mindfulness theory and investigates the factors that lead to satisfaction with SecaaS.

The key informant-based survey approach was employed to collect data from 215 organizations that were using the SecaaS model. PLS was used for data analysis.

Organizations with greater extents of internal security resources report higher satisfaction levels with SecaaS, thanks to the mediating effect of organizational mindfulness, and that organizations with extensive and mature security auditing were especially well-positioned to experience satisfaction with SecaaS.

This research provides new theoretical insights into the conditions under which organizations' post-adoption satisfaction with the SecaaS model is shaped by investigating the role of internal security resources and organizational mindfulness.