Effects of information technology alignment and information sharing on supply chain operational performance

The paper aims to investigate the effects of information technology (IT) alignment and information sharing on operational performance in the context of supply chain. Based on the resource-based view, this study identifies IT alignment and information sharing as specific resources/capabilities for supply chain partnership. Data from 141 Chinese manufacturers are collected to test the relationships among IT alignment, information sharing, and operational performance. The results show that (1) both IT alignment and information sharing have direct and positive effects on operational performance, (2) IT alignment has an indirect effect on operational performance through information sharing, and (3) IT alignment and information sharing have different emphases in operational performance improvement. The resource-capability-performance paradigm is extended to supply chain context in the emerging economy. Chinese managers may have different emphases on IT resource/information sharing capability deployment for operational efficiency and effectiveness.     

Private Clouds: Secure Managed Services

ABSTRACT

The continuously evolving state of information technology and network infrastructure has created a thriving market for Managed Services (MS). More and more public sector and private companies operate in mixed-mode with internally deployed but externally hosted IT applications and resources. As a result, Managed Service Providers (MSPs) are assuming operational IT responsibility for the enterprise while the customer maintains management oversight. While this MS business model has many advantages, information security remains an inherent weakness. This has lead to the adoption of Private Clouds.     

Sarbanes—Oxley and Enterprise Security: IT Governance — What It Takes to Get the Job Done

Abstract

Several sections of the Sarbanes— Oxley Act of 2002 (SOX) directly affect the governance of the information technology (IT) organization, including potential SOX certification by the chief information officer, Section 404 internal control assessments, “rapid and current” disclosures to the public of material changes, and authentic and immutable record retention. The Securities and Exchange Commission (SEC) requires publicly traded companies to comply with the Treadway Commission's Committee of Sponsoring Organizations (COSO) that defines enterprise risk and places security as a critical variable in enterprise risk assessment. Effective IT and security governance are examined in terms of SOX compliance. Motorola IT security governance demonstrates effective structures, processes, and communications; centralized security leaders participate with Motorola's Management Board to create an enabling security organization to sustain long-term change.     

Integrating Information Security through Total Quality Management

Abstract

As companies begin to increase their electronic presence, digitizing increasingly more of their private and sensitive information, the need for information security becomes mandatory. While the relationship between technology and business functionality expands, information security has safeguarded the information the business needs to survive. Organizations are increasingly aware of information security issues and are constantly seeking control measures. Information security studies predominantly focused on the presence of information security controls rather than the quality of those controls. Security, as an element of quality, must be addressed in the development, implementation, and monitoring of strategy and policy. In order to ensure that adequate controls are established for information systems, quality assurance and information systems auditors should maintain a close working relationship. Total Quality Management is mandatory in the successful application and proliferation of information security controls.     

From a resource rich country to an information rich society: An evaluation of information technology policies in Malaysia

Abstract

Malaysia is a resource rich country and a major socio‐economic force in the Asia‐Pacific region. Historically, the economy of Malaysia was based on agriculture and natural resources. In its efforts to transform Malaysia to a developed and industrialized country, the government started to focus on industry and high technology in the 1980s. A key area of focus was Information Technology (IT). The government chose to adopt several policies with respect to the supply and demand sides of IT instead of a national IT plan¹. The policies addressed IT infrastructure, education and training, research and development, use of IT in the public sector, and fiscal incentives. These IT policies and the broad economic and industrial policies implemented during this period had a positive influence on demand for IT products and services, number of IT professionals, number of telephones per 100 population, and IT production and use. This experience has laid a firm foundation for formulating more definitive national IT policies for the 1990s and in achieving the government's objective of transforming Malaysia into a developed and information rich society by 2020.     

Can Political Skill Enhance Business and IT Knowledge?

ABSTRACT

We examine whether Chief Information Officers’ (CIOs’) political skill enhances their IT and business knowledge as a means of influencing executive teams’ commitment to strategic and operational IT initiatives. We empirically examine these relationships using data collected from 139 CIOs. The results suggest CIOs’ business and IT knowledge is significantly related to influencing executive team commitment to strategic and operational IT initiatives, but political skill only enhances business knowledge for influencing executive team commitment to operational IT initiatives.     

试谈IT安全运维管理的应用

利用IT安全运维系统能够全面、正确、及时地反映被管系统的运行状态,提高运维的质量和效率,确保信息部门的技术支持服务,以及信息化管理工作更为畅通、透明、完整和有效.提出了将信息安全运维管理应用到工业控制中,应对安全攻击,切实保障工控网络信息安全.     

Comparative analysis of the organisational learning process in Slovenia, Croatia, and Malaysia

Several empirical studies have proved that better organisational learning induces higher organisational performance. However, none of them addressed the issue of organisational learning process simultaneously in several countries. In our contribution, we aim to test differences in the way companies learn in Slovenia, Croatia, and Malaysia. We used the OLIMP questionnaire, a measurement instrument developed and tested by [Dimovski, V. (1994), Organisational learning and competitive advantage. PhD Thesis, Cleveland, Ohio; Dimovski, V., & Škerlavaj, M. (2005). Performance effects of organisational learning in a transitional economy. Problems and Perspectives in Management 3(4), 56–67]. It employs three measurement variables (information acquisition, information interpretation, and behavioural and cognitive changes) as well as 38 items (presented in the paper) to measure the organisational learning construct. In autumn 2005 data from 203 Slovenian, 202 Croatian and 300 Malaysian companies were gathered. The results indicate that companies in all three countries under scrutiny are closest in terms of behavioural and cognitive changes, meaning that globalisation and other challenges of the modern business environment demand all of them to change and adapt quickly. However, the ways they are coping with these challenges are different. There are more similarities than dissimilarities between Slovenia and Croatia, while this is not the case when comparing both countries to Malaysia. When acquiring information, Slovenian and Croatian companies rely more on internal sources (own employees, past decisions, etc.), while Malaysian companies tend to rely more on external sources and more often have employees dedicated to searching for external information. When trying to interpret the information acquired, Slovenian and Croatian companies rely more on personal contacts, informal team meetings and believe that information given to subordinates must be simple and concise, while Malaysian companies tend to use more formal collective decision-making and written communication to understand the meaning of information.     

Balancing exploration and exploitation of IT resources: the influence of Digital Business Intensity on perceived organizational performance

Facing a barrage of novel information technology (IT), organizations must invest on the basis of the impact of IT capabilities on the organization’s performance. This research extends Bharadwaj’s (MIS Quarterly 169–196, 2000) resource-based view of the relationship between IT capability and performance by introducing both the mediating and moderating effects of Digital Business Intensity (DBI). Empirical data collected from CIO’s from US firms reveal that although IT capability positively influences organizational performance, this relationship may differ in strength at different levels of DBI. Our study also finds that IT capability is important in determining DBI, which in turn influences organizational performance. Findings highlight tensions between DBI exploration and IT capabilities exploitation. Results also suggest that companies that leverage their existing IT capabilities to drive DBI are more adept at securing performance returns. However, when DBI investments do not complement existing IT capabilities, DBI appears to dampen performance, further accentuated for high-DBI firms.     

Strategy, IT applications for planning and control, and firm performance: The impact of impediments to IT implementation

Our study examined the association among strategy, the extent of IT applications to 12 planning and control functions, and firm performance. Special attention was paid to the moderating effect on these relationships of 15 technical, human, and organizational impediments to IT implementation. We analyzed survey data obtained from 296 Taiwanese companies, supplemented by financial data from publicly disclosed financial reports. Results indicated that strategy significantly influenced the extent of IT applications for planning and control. In turn, the extent of IT applications had a significant direct effect on firm performance, while the direct effect of strategy was insignificant. The relationship between strategy and the extent of IT applications, and between the latter and firm performance were both stronger when the level of impediments to IT implementation was low. The findings went beyond these general relationships to reveal systematic differences in the specific IT applications and impediments of firms pursuing different strategies.     

Digital technology-enabled dynamic capabilities and their impacts on firm performance: Evidence from the COVID-19 pandemic

To understand whether companies can lock in the benefits of digital technology (DT) usage during the COVID-19 pandemic, we draw on a dynamic capability view to examine how digitalization capabilities generate impacts on firm performance. Through the analysis of 165 Chinese manufacturing companies, we find that market capitalizing agility and operational adjustment agility fully mediate the relationship between digitalization capabilities and firm performance. More interestingly, of the effect size of different mediation paths, market capitalizing agility has the strongest effect. We contribute to the existing information systems literature by revealing the possible mediational mechanisms that can solve the digital dilemma.     

The rise and fall of the competitive local exchange carriers in the U.S.: An institutional perspective

The debacle of the telecommunications industry at the turn of the millennium resulted in significant consequences for investors, workers, financial institutions, telecom companies, and the economy in general worldwide. In the midst of the telecom bubble, the CLECs (competitive local exchange carriers) adopted similar or identical business plans and saturated the market, which resulted in destructive competition. In this study, we investigate the isomorphic business models of the CLECs from the perspectives of the new institutional theory. We argue that the combined coercive, mimetic, and normative institutional forces exerted on the companies by the actors who controlled the funding, managed the business, and provided the information fashioned the isomorphic CLEC business models, which in turn contributed to the demise of these companies and thus the burst of the telecom bubble. Evidence of the institutional influences on CLECs and the actors exerted the influences are presented and their consequences are discussed. Qing Hu is Professor of Information Systems in the Department of Information Technology & Operations Management at Florida Atlantic University. He earned his Ph.D. in Computer Information Systems from the University of Miami. His research interests include economics of information technology (IT), IT strategy and management, and information security. His work has been published in leading academic journals including Information Systems Research, Journal of Management Information Systems, Communications of the ACM, Communications of the AIS, California Management Review, and IEEE Transactions on Software Engineering. He also serves as associate and guest-editors for a number of IS journals and major conferences. C. Derrick Huang is Assistant Professor in the Department of Information Technology & Operations Management in the College of Business at Florida Atlantic University. Previously, as a practitioner, he held executive-level positions in the area of marketing and strategic planning in a number of high-tech companies. Dr. Huang’s research interest lies in the business value and strategic impact of information technology in organizations, and his current focus is on the economics and management of information security investments. He holds Ph.D. from Harvard University.     

Matching information technology and organizational structure: an empirical study with implications for performance

In information systems and organization theory research, the alignment or fit between information technology (IT) and organizational structure has long been hypothesised to be a sine qua non for success. However, few solid results have been found linking this relationship to enterprise level performance, as problems abound in defining and measuring IT, performance and the fit between technology and structure. In view of this, an empirical study was conducted among 108 small and medium-sized manufacturing firms, using a comprehensive instrument to measure overall IT sophistication along two dimensions, namely IT usage and IT management. Taking organizational size and environmental uncertainty into account, it was found that IT sophistication is positively related to structural sophistication, IT usage is positively related to organizational performance, and the relationship between IT management and structural sophistication is stronger among the better-performing firms than among the worst-performing firms.     

Impact of information quality and decision-maker quality on decision quality: a theoretical model and simulation analysis

The impact of information technology (IT) on firm performance is widely studied but little understood. A common perception is that IT improves the quality of information, which, in turn, improves decision quality and performance. Several studies of IT-performance relationship have used managers' perceived as opposed to actual performance. We investigate the impact of information quality and decision-maker quality on actual decision quality using a theoretical and a simulation model. We use accuracy as the measure of quality. Our analysis shows that, depending on the decision-maker quality, decision quality may improve or degrade when information quality improves. The decision quality improves with higher information quality for a decision-maker that has knowledge about the relationships among problem variables. However, the decision quality of a decision-maker that doesn't know these relationships may degrade with higher information quality. Simultaneous improvement in information quality and decision-maker quality results in higher decision quality. The simulation model, which relaxes some of the assumptions made by the theoretical model, yields similar results. We explain how our results supplement the results of prior studies of IT-performance relationship. Our results underscore the need for including decision-maker quality in the investigation of the IT-performance relationship and the importance of developing quality decision support tools.     

2014 Top Security Topics

Abstract

Recent data breaches at major retailers have created an extra awareness of information security risks within the IT internal auditors. This article focuses on top security topics which every internal auditor must consider before they finalize their audit plans     

Information security breaches and IT security investments: Impacts on competitors

In current business climate, a firm’s information systems security is no longer independent from the industry’s broader security environment. A question arises, then, whether stock market values reflect the interdependence of security breaches and investments. In this paper, we used the event study methodology to investigate how a firm’s security breaches and IT security investments influence its competitors. We collected and reviewed 118 information security breaches and 98 IT security investment announcements from 2010 to 2017. We found substantial evidence supporting our hypothesis that information security breaches do, indeed, have a competition effect: when one firm is breached, its competitors have opportunities to absorb market power. For the IT security investment announcements, however, we observed the positive externalities, or contagion effect, in play: market investors feel that the security investments made by one firm increase the security level of the entire network, and hence, competitors also get benefits. Additionally, we found that the competition effect was higher when the breaches occurred after the preceding security investments than when there were no preceding investments before the breaches.     

论网络信息保密安全维护

网络信息泄露及其给信息安全带来的安全隐患愈来愈受到人们的普遍关注。本文分析了当前网络信息泄露的四种表现,并就维护信息保密和防止信息泄漏的提出了对策。     

Identifying high perceived value practices of CMMI level 2: An empirical study

ObjectiveIn this paper, we present findings from an empirical study that was aimed at identifying the relative “perceived value” of CMMI level 2 specific practices based on the perceptions and experiences of practitioners of small and medium size companies. The objective of this study is to identify the extent to which a particular CMMI practice is used in order to develop a finer-grained framework, which encompasses the notion of perceived value within specific practices.MethodWe used face-to-face questionnaire based survey sessions as the main approach to collecting data from 46 software development practitioners from Malaysia and Vietnam. We asked practitioners to choose and rank CMMI level 2 practices against the five types of assessments (high, medium, low, zero or do not know). From this, we have proposed the notion of ‘perceived value’ associated with each practice.ResultsWe have identified three ‘requirements management’ practices as having a ‘high perceived value’. The results also reveal the similarities and differences in the perceptions of Malaysian and Vietnamese practitioners with regard to the relative values of different practices of CMMI level 2 process areas.ConclusionsSmall and medium size companies should not be seen as being “at fault” for not adopting CMMI – instead the Software Process Improvement (SPI) implementation approaches and its transition mechanisms should be improved. We argue that research into “tailoring” existing process capability maturity models may address some of the issues of small and medium size companies.     

隐通道传递信息机理的研究

可信计算机系统中一些隐蔽数据流避开了安全机制的监控,造成信息的泄漏。本文通过对这种隐蔽流泄漏信息的机理进行分析和抽象,提出了一个通道元模型。将每一类通道元看成一个有限状态机,以Plotkin的结构化操作语义等为基础,计算出状态机的状态变化序列。通过对不满足隐通道定义的状态变迁序列的归纳,得到了抽象机中安全状态转移的约束条件,找出两个通道元通过共享客体泄露信息的工作机理,从而开发出一种基于操作语义的隐通道标识方法。对电梯调度算法模型进行实验,可有效地标识出存在的隐通道。     

云计算与网络信息安全研究

网络信息安全一直是IT行业的一个热门话题和研究热点。云计算是一个新兴技术,给网络信息安全提供机遇的同时,也带来了很多挑战。本文介绍了云计算的基本概念和实现机制,并在此基础上分析了云计算与网络信息安全的关系。最后,针对云计算面临的网络信息安全的挑战,给出了几点建设性的提议并对云计算进行了展望。