Thematic orientation of the ISJ within a semantic space of IS research

This study examines research published in the first 24 years of Information Systems Journal's (ISJ) publication history using a thematic space of all information systems (IS) research as the backdrop. To that end, abstracts from all contributing articles published in eight prominent IS journals in the period 1991–2014 were analysed to extract a latent semantic space of five broad research areas. A two‐dimensional projection of the results was used to create a two‐by‐two map, where one dimension represents the European vs. North American style of IS research and another dimension represents a micro vs. macro level of IS research. The ISJ is positioned in the ‘micro and European school’ quadrant. Over the course of the journal's first 24 years, research in the ISJ started with a relative focus on the IT artefact and IS development and gradually moved towards a more balanced position that includes a considerable amount of research on IT for teamwork and collaboration, as well as on IT and individuals.     

Value-focused assessment of information system security in organizations

Abstract.  Information system (IS) security continues to present a challenge for executives and professionals. A large part of IS security research is technical in nature with limited consideration of people and organizational issues. The study presented in this paper adopts a broader perspective and presents an understanding of IS security in terms of the values of people from an organizational perspective. It uses the value-focused thinking approach to identify 'fundamental' objectives for IS security and 'means' of achieving them in an organization. Data for the study were collected through in-depth interviews with 103 managers about their values in managing IS security. Interview results suggest 86 objectives that are essential in managing IS security. The 86 objectives are organized into 25 clusters of nine fundamental and 16 means categories. These results are validated by a panel of seven IS security experts. The findings suggest that for maintaining IS security in organizations, it is necessary to go beyond technical considerations and adopt organizationally grounded principles and values.     

IS journal review process: a survey on IS research practices and journal review issues

Journal publication is an important indicator of research productivity for individual researchers as well as academic institutions. It is also a contentious issue as various stakeholders have different and often conflicting interests and perspectives. This study explores how IS researchers view journal review and publication process based on their professional status, institutional mission, and role orientation. It also investigates publication practices of IS researchers, such as frequency of article submissions, acceptance/rejection rates, number of revisions required before publication, and publication outlets.     

当前计算机网络安全防范技术研究

随着计算机网络技术的不断发展,计算机网络的使用已经成为了人们生活中必不可少的一部分,计算机网络技术与我们的生活息息相关,但当前网络上却存在一些隐患并对我们的信息安全构成威胁,现针对计算机网络安全防范技术等问题,本文在此进行简单研究.     

Threats and countermeasures for information system security: A cross-industry study

IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, but their implementation did not necessarily affect the threat perceptions of the managers. Analyses of responses suggested that the scope of the countermeasures adopted were not commensurate with the severity of the perceived threats. Among the threats, networks were rated as contributing the most severe threat and yet had the lowest level of protection, this was followed by threats due to personnel and administrative issues. We therefore addressed threat mitigation strategies, specifically in terms of the differences between industries.     

Using decision tree modelling to support Peircian abduction in IS research: a systematic approach for generating and evaluating hypotheses for systematic theory development

Since their early development, computers have had a profound impact on how we conduct modern scientific research. The disciplines of mathematics and operations research are perhaps the earliest to be dramatically transformed by information technology. However, over the years, computing technologies have provided many new opportunities for information processing, problem solving and knowledge creation. In this paper, we explore the potential of data mining technology for providing support for systematic theory testing based on Peirce's theory of abduction. We propose a data mining approach to abducting and evaluating hypotheses based on Peirce's scientific method. We believe that this approach could assist scientist to more efficiently explore alternative hypotheses for existing theories. We demonstrate our approach with empirical observations collected using instruments from the well known user performance area of information systems research.     

Information security policy noncompliance: An integrative social influence model

Despite the significant advancements made in understanding the factors that drive employees' compliance and noncompliance behaviours with information security policy (ISP), less is known about how different factors interact to impact such behaviours. Having been drawn on the social information processing theory, this research develops an integrative model that investigates how ethical work climate, beliefs, and neutralization interact to jointly explain ISP noncompliance. The model is tested via a survey of a broad cross section of employees. Neutralization, perceived cost of compliance, and perceived cost of noncompliance are found to significantly impact ISP noncompliance. Egoistic, benevolent, and principled climates are found to differentially influence neutralization and individuals' cognitive beliefs about the cost and benefit of ISP compliance versus noncompliance. Neutralization appears to be a more important moderator of the belief‐noncompliance relationship than the principled climate.     

网络安全管理系统的研究与实现

随着网络信息技术的在人们日常生活中的广泛普及,网络信息的安全性问题日益得到公众的重视。计算机技术的专家为了保护网络的安全,研究了一系列保护网络系统的技术,如防火墙、入侵检测系统、安全审计等技术,并广泛应用于网络中,取得相对较好的成绩。但是由于网络病毒的不断更新,原本可以抵御病毒入侵的系统,随着时间的推移,不能防御新生的系统。本文从国内外现有网络安全管理系统的现状进行介绍,分析研究网络安全管理系统地必要性,进而提出实现其研究的办法。     

Epistemological perspectives on IS research: a framework for analysing and systematizing epistemological assumptions

Abstract.  Over the last three decades, a methodological pluralism has developed within information systems (IS) research. Various disciplines and many research communities as well, contribute to this discussion. However, working on the same research topic or studying the same phenomenon does not necessarily ensure mutual understanding. Especially within this multidisciplinary and international context, the epistemological assumptions made by different researchers may vary fundamentally. These assumptions exert a substantial impact on how concepts like validity, reliability, quality and rigour of research are understood. Thus, the extensive publication of epistemological assumptions is, in effect, almost mandatory. Hence, the aim of this paper is to develop an epistemological framework which can be used for systematically analysing the epistemological assumptions in IS research. Rather than attempting to identify and classify IS research paradigms, this research aims at a comprehensive discussion of epistemology within the context of IS. It seeks to contribute to building the basis for identifying similarities as well as differences between distinct IS approaches and methods. In order to demonstrate the epistemological framework, the consensus-oriented interpretivist approach to conceptual modelling is used as an example.     

Bridging the gap between the IS organization and the rest of the business: plotting a route

Abstract. Much of the research literature advocates a strong information system (IS) organization-business relationship if the IS organization and, in particular, technology is to make a value-added contribution to the business. Although research also highlights that in many organizations this relationship is poor, little guidance is provided as to how this 'gap' might be bridged. The research reported in this paper is a longitudinal study of three organizations that are actively seeking to bridge the gap, improve the relationship and consequently the value that they derive from their IS investments. A process model containing six stages, illustrating the route to creating high performance from IS, is constructed from cross-case analysis of the collected data. The paper ends with conclusions and implications.     

Case study research: a multi-faceted research approach for IS

Abstract. A wide variety of approaches can be applied under the heading of case study research; this paper explicitly discusses the range of the alternatives. Many papers discussing case study research emphasize one particular variation of case study research only. The current paper provides an overview of the various uses of case study research in the information systems field by describing the different ways in which case study research can be used, using examples from published IS literature for illustration, and providing references to other method papers for more detailed discussion of each alternative. Researchers are reminded that case study research can be used in the positivist and interpretivist traditions, for testing or building theory, with a single or multiple case study design, using qualitative or mixed methods. The range of case study research alternatives makes it a highly versatile research strategy for IS     

智能化计算机安全监控信息网络技术研究

为了保障计算机以及使用者信息的安全性、隐秘性,并且提高计算机的使用生命周期,需要对计算机进行安全智能监控。但采用当前的计算机安全监控技术对计算机安全进行监控时,没有设置具体的安全监控指标,无法计算出计算机安全监控的非安全因素权重,存在计算机网络可能自动泄密,无法智能监控以及监控数据误差大的问题。为此,将信息网络技术应用于计算机安全智能监控中,提出了一种基于LINUX的计算机安全智能监控方法。该方法先将计算机非安全因素进行分类,其中包括计算机网络配置,自带系统和网络病毒。然后利用SAltera EPM7128S芯片对计算机安全智能监控进行硬件构造,采用CPLD结构根据计算机非安全因素分类结果对计算机安全智能监控软件部分进行设计,软件设计中依据计算机安全智能监控失真衰减的抑制方法,实现计算机远程安全智能监控,最后根据Delphi法来建立计算机安全智能监控网络环境总体运行情况的评估指标体系,对大规模无法定量分析的计算机安全监控因素做出概率估计,以概率估计结果为依据对计算机安全智能监控的风险进行评估,从而实现对计算机安全的智能化监控。实验仿真证明,所提方法提高了计算机安全智能监控的全面性和高效性,减少了计算机安全智能监控数据传输的丢包率。     

计算机网络安全分析研究

随着全球信息化与经济一体化时代的来临,电子技术和计算机技术被广泛应用到社会生产的各个领域。随着信息化在全球的覆盖面积不断增加,计算机的网络安全也面临着严峻的威胁和挑战。本文就计算机网络安全的概念及现状进行研究,并通过分析威胁计算机网络安全的相关因素,为维护计算机网络安全提出了合理的建议。     

Pluralist action research: a review of the information systems literature*

Action research (AR) has for many years been promoted and practised as one way to conduct field studies within the information systems (IS) discipline. Based on a review of articles published in leading journals, we explore how IS researchers practise AR. Our review suggests that AR lends itself strongly towards pluralist approaches which facilitate the production of both theoretical and practical knowledge. First, on the level of each study we analyse how research and problem‐solving activities are mixed, in three ways: the research dominant, the problem‐solving dominant and the interactive approaches. Second, in the context of the wider research programme in which the study is situated, we analyse how AR is mixed with other research methods, in two ways: the dominant and the sequential approaches. We argue that these pluralist practices of mixing types of research activities and types of research methods provide IS action researchers with a rich portfolio of approaches to knowledge production. This portfolio helps them address the risks involved in AR to ensure their efforts contribute to the literature as well as to practical problem‐solving.     

Individualist and collectivist perspectives on knowledge in organizations: Implications for information systems research

Organization scholars differ in their understanding and application of the construct of “knowledge” in theorizing and empirical research. Over the past years, two perspectives have become prevalent in organization science. The individualist perspective assumes the locus of knowledge is people who learn, and that knowledge cannot extend beyond the physical limits of human beings. The collectivist perspective assumes the locus of knowledge is collective. Collective entities accumulate knowledge through forms of social learning. Boundaries of knowledge are drawn around social entities—groups, communities, networks, and organizational units, etc. Recent work in management and organization science has accentuated the differences, and argued against the widespread adoption of a collectivist perspective. This argument holds implications for information systems research. The current paper reviews selected contributions on the locus of knowledge, presents an argument for a combined collectivist and individualist perspective, and outlines future directions for information systems research. Drawing on two significant examples, I show that information systems research has a strategic role to play in greatly advancing this combined perspective.     

无线传感器网络安全技术的分析与研究

本篇文章对传感器网络安全面临的现状、挑战以及如何解决传感器网络安全问题做了详细的叙述.并从安全路由、认证、密钥管理访问控制等方面对传感器网络安全技术做了详细探究和对比.进而为研究者在对相应传感器做出选择时提供相应的依据,并最终讨论出传感器网络安全发展的方向.     

An IS case: The closed loop scenario

Organizations are exploring the potential of inter-organizational information systems (IS^*s) in greater numbers. Generally the incentives are cost reduction and/or productivity improvement. Gaining these potential benefits requires cooperation within the information exchange path. Potential barriers, however, are the recognition of an information processing problem and the readiness to accept automated solutions.     

计算机网络安全课程高校教学的构建研究简

本文对计算机网络安全课程的高校教学经验进行了总结,计算机网络教学课程是一门知识衔接性大、课程实践性强的重要专业课程,其教学活动中,应注重教学的基础知识与实践相结合,通过实验设计的方式加深学生对于基础知识的了解与掌握。经过实践表明,这些方法有着很强的实用性,可以有效的提升学生对于学科教学的一种兴趣与爱好。     

The use of focus groups in complex and pressurised IS studies and evaluation using Klein & Myers principles for interpretive research

Studies of information systems (IS) often involve many complexities, uncertainties and restrictions. As a result, researchers have to adopt innovative research approaches or tailor and extend existing ones. This paper describes and evaluates an innovative focus group approach used to study three IS development teams, which had to cope with the application of a broad, polymorphous framework, untested in practice, seeking to elicit potentially highly sensitive opinions and judgements in a highly pressurised, time‐restricted environment. This paper makes two significant contributions. To conduct this evaluation, the researchers operationalised the Klein & Myers seven principles for interpretive study for the first time, creating a set of questions that other IS researchers can now use to evaluate their own interpretive studies. The paper also applies these to the design of the focus groups and develops a set of recommendations for future IS researchers to consider based on lessons learned in this study.