Search results

This paper proposes a holistic, proactive and adaptive approach to cybersecurity from a service lens, given the continuously evolving cyber-attack techniques, threat and vulnerability landscape that often overshadow existing cybersecurity approaches.

Through an extensive literature review of relevant concepts and analysis of existing cybersecurity frameworks, standards and best practices, a logical argument is made to produce a dynamic end-to-end cybersecurity service system model.

Cyberspace has provided great value for businesses and individuals. The COVID-19 pandemic has significantly motivated the move to cyberspace by organizations. However, the extension to cyberspace comes with additional risks as traditional protection techniques are insufficient and isolated, generally focused on an organization's perimeter with little attention to what is out there. More so, cyberattacks continue to grow in complexity creating overwhelming consequences. Existing cybersecurity approaches and best practices are limited in scope, and implementation strategies, differing in strength and focus, at different levels of granularity. Nevertheless, the need for a proactive, adaptive and responsive cybersecurity solution is recognized.

This paper presents a model that promises proactive, adaptive and responsive end-to-end cybersecurity. The proposed cybersecurity continuity and management model premised on a service system, leveraging on lessons learned from existing solutions, takes a holistic analytical view of service activities from source (service provider) to destination (Customer) to ensure end-to-end security, whether internally (within an organization) or externally.

Performance-based contracting (PBC) plays an increasingly important role in the defense industry. This paper aims to investigate factors that influence service provider’s willingness to accept PBC-induced risks. It also shows how these risks could be managed in a military service supply chain.

The case study focused on the relationship between a service provider and a customer that acted on behalf of other users in the defense sector. The contract involved the sustainment of a military engine in a complex supply chain.

The service provider’s performance attributability appeared to have a strong impact on its willingness to take PBC-induced risks. For the parts where the service provider did not have full control over the service performance, exclusions and Service Level Agreements (SLAs) were used to manage and mitigate the risks associated with uncontrolled performance. The service provider’s willingness to accept PBC-induced risks was also affected by its ability to make accurate forecasts, the applied growth path and the length of the contract.

This case has specific characteristics, unique by time (maturity of the technical system and supply chain) and place (market). It is recommended that results are tested in other research settings.

Organizations should be aware of the factors that influence a service provider’s willingness to bear PBC-induced risks. Customers should limit PBC to those parts of a contract where risks are of an acceptable level. Also, it is recommended to follow a phased growth path when it is not possible to make accurate forecasts in a PBC context.

This study is the first to address critical issues concerning the identification and management of risks under PBC in the defense industry.

HR shared service centers (SSCs) have been claimed to innovate human resource management service delivery by centralizing resources and decentralizing control and, in doing so, create value for other business units. In response, to explain the value of HR shared services for the business units served, the purpose of this paper is to test hypotheses on the joint influence of HR SSC operational and dynamic capabilities and of control mechanism usage by the business units.

A survey methodology was applied to collect data among business unit representatives from 91 business units in 19 Dutch organizations. The data were analyzed using structural equation modeling in AMOS.

This study found that the use of formal control mechanisms (e.g. contracts, service-level agreements) relates negatively with HR shared service value, but that this relationship becomes positive once mediated by informal control mechanisms (e.g. trust and shared language) and operational HR capabilities. Furthermore, it shows that the dynamic capabilities of HR SSCs relate positively to HR shared service value for the business units, but only because of their effect on operational capabilities.

Whereas previous studies into HR SSCs have examined the two antecedents independently, this study shows how organizational control and capabilities interrelate in explaining the value of HR shared services.

The purpose of this paper is to determine best practices of aid agencies for outsourcing logistics to commercial logistics service providers (LSPs) in disaster relief. Moreover, it evaluates the application of the Delphi method for research in humanitarian logistics.

The paper is based on a two-round Delphi study with 31 experts from aid agencies and a complementary full-day focus group with 12 experts from aid agencies and LSPs.

The study revealed 12 best practices for outsourcing logistics in disaster relief and a compilation of more than 100 activities for putting these practices into action. Experts consider a proper balance between efficiency and compliance, a detailed contract and a detailed service request most important. Additionally, the Delphi method was found to be a promising technique for research on humanitarian logistics.

By critically examining the Delphi method, this study establishes the basis for a wider application of the technique in the field of humanitarian logistics. Furthermore, it can help to prioritize future research as the ranking of practices reflects the priorities of practitioners.

The paper provides guidance to practitioners at aid agencies in charge of outsourcing logistics.

This research is one of the first in the field of humanitarian logistics to apply the Delphi method. Moreover, it addresses the lack of literature dealing with approaches for building successful cross-sectoral partnerships.

This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.

Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices.

The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services.

As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.