Search results

Though logistics security only took care of trading phase in the past, many countries in the world have begun to introduce logistics security system as its coverage has been extended from production stage to delivery at the final destination. Logistics security system has become indispensable element for global corporations involved in international trading and studies on logistics security keep going on. Most of the studies, however, are focused on discussion of system, cost and influence of logistics security and few of them have been specifically dealing with substantial effectiveness thereof. This study developed the models of supply chain security activities and their outcome by means of using Balanced Scorecard (BCS) which is a well known performance indicator to identify relationship between supply chain security activities and their accomplishment. In this study we have presented 8 supply chain frameworks, human resources management, information system management, facilities/freight management, security process, crisis management capability, relationship with partners, sharing of logistics information and logistics security accomplishment, with reference to standards of C-TPAT and AEO based on WCO framework, 10 supply chain security capabilities. This study further indicates that relationship with partners has more effect on logistics security accomplishment than sharing of logistic information. Just as relationship between corporations in chain of supply and sharing of information among them are important elements in management of supply chain, relationship with partners and sharing of logistic information will have positive effect on supply chain security accomplishment and raise its effectiveness.

This paper aims to provide a maturity model for information security awareness (MMISA), based on the literature, expert interviews and feedback. In addition to developing the MMISA, the authors investigate the role of the three decisive factors that affect ISA maturity level: risk management mechanism, organizational structure and ISA.

The research methodology is a combined one; qualitative and quantitative methods were applied, including surveying the literature, interviews and developing a survey to collect quantitative data about decisive factors that affect ISA maturity level. The authors perform a variance-based partial least squares-structural equation modeling (PLS-SEM) investigation of the relationships between these factors.

The investigation of decisive factors of ISA maturity levels revealed that if the authors identify a strong risk assessment mechanism (through a documented methodology and reliable results), the authors can expect a high level of ISA. If there is a well-defined organizational structure with clear responsibilities, this supports the linking of a risk management mechanism with the level of ISA. The connection between organizational structure and ISA maturity level is supported by ISA activities: an increased level of awareness actions strengthens an organizational structure via the best practices learned by the staff.

The main contribution of the proposed MMISA model is that the model offers controls and audit evidence for maturity levels. Beyond that, the authors distinguish in the MMISA model controls supporting knowledge and controls supporting attitude, emphasizing that this is not enough to know what to do, but the proper attitude is required too. The authors didn't find any other ISA maturity model which has a similar feature. The contribution of the authors' work is that the authors provide a method for solving this complex measurement problem via the MMISA, which also offers direct guidance for the daily practices of organizations.

As evident from the literature review, the research on cyber security performance is centered on security metrics, maturity models, etc. Essentially, all these are helpful for evaluating the efficiency of cyber security organization but what matters is how the factors of internal efficiency affect the business performance, i.e. the external effectiveness. The purpose of this research paper is to derive the factors of internal efficiency and external effectiveness of cyber security and develop impact model to identify the most and least preferred parameters of internal efficiency with respect to all the parameters of external effectiveness.

There are two objectives for this research: Deriving the factors of internal efficiency and external effectiveness of cyber security; Developing a model to identify the impact of internal efficiency factors on the external effectiveness of cyber security since there is not much evidence of research in defining the factors of internal efficiency and external effectiveness of cyber security, the authors have chosen grounded theory methodology (GTM) to derive the parameters. In this study emic approach of GTM is followed and an algorithm is developed for administering the grounded theory research process. For the second research objective survey methodology and rank order was used to formulate the impact model. Two different samples and questionnaires were designed for each of the objectives.

For the objective 1, 11 factors of efficiency and 10 factors of effectiveness were derived. These are used as independent and dependent variable respectively in the later part of the research for the second objective. For the objective 2 the impact models among independent and dependent variables were formulated to find out the following. Most and least preferred parameters lead to internal efficiency of cyber security organization to identify the most and least preferred parameters of internal efficiency with respect to all the parameters external effectiveness.

The factors of internal efficiency and external effectiveness constructed by using grounded theory cannot remain constant in the long run, because of dynamism of the domain itself. Over and above this, there are inherent limitations of the tools like grounded theory, used in the research. Few important limitations of GTM are as below in grounded theory, it is comparatively difficult to maintain and demonstrate the rigors of research discipline. The sheer volume of data makes the analysis and interpretation complex, and lengthy time consuming. The researchers’ presence during data gathering, which is often unavoidable and desirable too in qualitative research, may affect the subjects’ responses. The subjectivity of the data leads to difficulties in establishing reliability and validity of approaches and information. It is difficult to detect or to prevent researcher-induced bias.

The internal efficiency and external effectiveness factors of cyber security can be further correlated by the future researchers to understand the correlations among all the factors and predict cyber security performance. The grounded theory algorithm developed by us can be further used for qualitative research for deriving theory through abstractions in the areas where there is no sufficient availability of data. Practitioners of cyber security can use this research to focus on relevant areas depending on their respective business objective/requirements. The models developed by us can be used by the future researchers to for various sectoral validations and correlations.

Though the financial costs of a cyber-attack are steep, the social impact of cyber security failures is less readily apparent but can cause lasting damage to customers, employees and the company. Therefore, it is always important to be mindful of how the impact of cyber security affects society as well as the bottom line when they are calculating the potential impact of a breach. Underestimating either impact can destroy a brand. The factor of internal efficiency and external effectiveness derived by us will help stakeholder in focusing on relevant area depending on their business. The impact model developed in this research is very useful for focusing a particular business requirement and accordingly tune the efficiency factor.

During literature study the authors did not find any evidence of application of grounded theory approach in cyber security research. While the authors were exploring research literature to find out some insight into the factor of internal efficiency and external effectiveness of cyber security, the authors did not find concrete and objective research on this. This motivated us to use grounded theory to derive these factors. This, in the authors’ opinion is one of the pioneering and unique contribution to the research as to the authors’ knowledge no researchers have ever tried to use this methodology for the stated purpose and cyber security domain in general. In this process the authors have also developed an algorithm for administering GTM. Further developing impact models using factors of internal efficiency and external effectiveness has lots of managerial and practical implication.

The purpose of this paper is to survey existing information security policy (ISP) management research to scrutinise the extent to which manual and computerised support has been suggested, and the way in which the suggested support has been brought about.

The results are based on a literature review of ISP management research published between 1990 and 2017.

Existing research has focused mostly on manual support for managing ISPs. Very few papers have considered computerised support. The entire complexity of the ISP management process has received little attention. Existing research has not focused much on the interaction between the different ISP management phases. Few research methods have been used extensively and intervention-oriented research is rare.

Future research should to a larger extent address the interaction between the ISP management phases, apply more intervention research to develop computerised support for ISP management, investigate to what extent computerised support can enhance integration of ISP management phases and reduce the complexity of such a management process.

The limited focus on computerised support for ISP management affects the kind of advice and artefacts the research community can offer to practitioners.

Today, there are no literature reviews on to what extent computerised support the ISP management process. Findings on how the complexity of ISP management has been addressed and the research methods used extend beyond the existing knowledge base, allowing for a critical discussion of existing research and future research needs.

Although brand risk management (BRM) is widely acknowledged as critical concern of business leaders, there exists little empirical evidence regarding what activities firms could do to make their brand secured in the increasingly competitive market. Moreover, previous studies find out the important role of innovation stimulus in firm performance, but little attention is paid on how firm's innovation stimulates the firm's brand security. This study aims at exploring the impacts of BRM activities on brand security with the innovation stimulus as a moderator.

Mixed method is applied in conducting this research. In the qualitative research, an interview with managers of 20 large-size foodstuff companies in Vietnam is conducted to obtain insights into their understanding BRM activities and brand security as well as the role of innovation stimulus in managing brand risk and developing measurements for new constructs. In the quantitative research, a sample of 258 respondents is collected for the tests of reliability and validity as well as all hypotheses using SPSS software.

The authors’ findings show that the level of implementation of BRM activities influences the brand security with the moderating effect of innovation stimulus. Specifically, four dimensions of BRM activities including: strategy, personnel, processes and investment have direct, positive and significant impact on brand security. Innovation stimulus including innovation in leadership and innovation in knowledge management could serve as a moderating variable.

The findings of the current study have contributed to BRM literature by highlighting the importance of the implementation of BRM activities and the key role of innovation stimulus in ensuring the brand security, on which previous studies have paid little attention. The study suggests some guidance for firms about how to improve the innovation stimulus in enhancing the effectiveness of BRM activities and, as a result, increasing the brand security of the firm.

This study is aimed at assessing the information security management practice with a focus on banking card security in selected financial institutions in Ethiopia, using an international information security standard as a benchmark. It is to identify the gaps and recommend best security practices to help financial institutions meet the required security compliance.

Two financial sectors were purposively selected. A total of twenty-five respondents (IT executives and IT staff) were included in the study. Quantitative data was collected using the PCI-DSS (Payment Card Industry Data Security Standard) security standard questionnaire. In addition, observation and document analysis were made.

The result shows that most of the essential security management activities in the financial sectors do not comply with the international security standard. Similarly, the level of most of the indispensable security requirements that should be in place is found to be below the acceptable level. The study also revealed major security factors that prohibit the financial sectors from PCI-DSS security standard compliance.

This study assessed the information security management practice with a focus on banking card security and tried to figure out the limitations of security practices of the organizations surveyed based on the standard adopted. The topic has not been well explored especially in the Ethiopia context. Hence, the result can positively influence security policies, particularly in the banking sector.

In recent years, there has been a growing dialogue around community-based and systems-based approaches to security risk management through the introduction of top-down and bottom-up knowledge acquisition. In essence, this relates to knowledge elicited from academic experts, or security subject-matter experts, practitioner experts, or field workers themselves and how much these disparate sources of knowledge may converge or diverge. In many ways, this represents a classic tension between organisational and procedural perspectives of knowledge management (i.e. top-down) versus more pragmatic and experience focussed perspectives (i.e. bottom-up).

This chapter considers these approaches and argues that a more consistent approach needs to address the conflict between procedures and experience, help convert field experience into knowledge, and ultimately provide effective training that is relevant to those heading out into demanding work situations. Ultimately, ethics and method are intricately bound together in whichever approach is taken and the security of both staff and at-risk populations depends upon correctly managing the balance between systems and communities.

Autonomous ports and digital ports are a modern trend of global commercial ports that are established to develop toward smart ports in many ports. Smart port indicators (SPIs) are used as important tools for measuring, encouraging, and indicating smart port performance. These are the main indicators to operate smart port management as the practical direction and port development planning are enclosed. This research aims to identify the SPIs and to develop a conceptual model of smart port performance in a case study of The Eastern Economic Corridor (EEC) in Thailand. Triangulation data are used in the data collection with three sources: the reviewed literature of five international databases in 2016–2021, participant observations, and in-depth interviews. Content analysis is utilized to analyze these data to develop a conceptual model approach. The findings of this research are shown in three main domains classified as smart port operation, smart port environment/energy, and smart port safety/security. These indicators represent 29 SPIs for developing smart port performance, which can be explained with a conceptual model. This information will exist as the foundation framework guiding Thai smart ports towards international standards of smart port efficiency.

Due to the globalization of trade, hundreds of millions containers pass every year through world ports. Such a situation is extremely challenging in terms of securing freight transport operations. However, costs and lead-times are still very important components of supply chains' performance models. Therefore, the drive for enhanced safety and security cannot be made at the expense of these other two factors of competitiveness, and the processes implemented by the global supply chain links, including the maritime port one, should tend to a joint optimization of trade facilitation and operational safety / security.

The research on which this paper feeds back falls within the frame of this mixed performance requirement. More specifically, the paper presents a decision-support system dedicated to managing the risks associated with land and maritime container transportation; this system is based on the modeling of the knowledge of a group of experts, and covers the three phases of risk identification, assessment and avoidance / mitigation.

The purpose of this paper is to provide a method to formalize information security control descriptions and a decision support system increasing the automation level and, therefore, the cost efficiency of the information security compliance checking process. The authors advanced the state-of-the-art by developing and applying the method to ISO 27002 information security controls and by developing a semantic decision support system.

The research has been conducted under design science principles. The formalized information security controls were used in a compliance/risk management decision support system which has been evaluated with experts and end-users in real-world environments.

There are different ways of obtaining compliance to information security standards. For example, by implementing countermeasures of different quality depending on the protection needs of the organization. The authors developed decision support mechanisms which use the formal control descriptions as input to support the decision-maker at identifying the most appropriate countermeasure strategy based on cost and risk reduction potential.

Formalizing and mapping the ISO 27002 controls to the security ontology enabled the authors to automatically determine the compliance status and organization-wide risk-level based on the formal control descriptions and the modelled environment, including organizational structures, IT infrastructure, available countermeasures, etc. Furthermore, it allowed them to automatically determine which countermeasures are missing to ensure compliance and to decrease the risk to an acceptable level.