A framework for multinational information systems planning

The purpose of this study was to develop and identify formal strategic planning and control approaches and requisites to better manage and integrate the information systems resources (e.g. information systems, telecommunications and office automation) more effectively with the business plans and processes in a large multidivisional, multiproduct and transnational corporate environment. Additionally, an examination of certain external and internal environmental factors and pressures was conducted to assist business and information systems executives, and professionals to focus on those factors which influence the successful management and direction of the multinational information systems resources and functions (MNISR) within their environments.Twenty-five U.S. based multinational organizations participated in the research. Most of the organizations were selected from the manufacturing (e.g. energy, pharmaceuticals, consumer products and electronic) industry with some representation from the banking and financial services industry. In addition, four case studies were conducted to provide in-depth analysis, comparisons and verifications of actual MNISR planning and control practices.A pragmatic strategic planning framework and structure consisting of multiple but interrelated components and activities is suggested as the formal end product of this research. In addition, five general conclusions stand out from the research. First, the MNISR plan structure must accomodate both the similarities and differences between the domestic and international MNISR environments and the key factors which influence them. Second, business and MNISR plan linkages must be established by addressing strategic business and MNISR support issues and strategies at several organizational levels based on the involvement of multiple personnel across business and geographic unit boundaries. Third, the utilization of a uniform MNISR planning language, process, cycle and structure similar to the business plan language, process, cycle and structure is critical. Fourth, the role of the corporate (central MNISR) staff should be well defined and limited to only those activities where its expertise is either clearly recognized and/or established by corporate policy. Fifth, corporate MNISR should provide funding for MNISR strategies that are either mandated by corporate headquarters or have a demonstrable comparative advantage to the individual multinational business components as well as the corporation as a whole.     

A study of context inference for Web-based information systems

Recently, context-awareness has been a hot topic in the ubiquitous computing field. Numerous methods for capturing, representing and inferring context have been developed and relevant projects have been performed. Existing research has tried to determine user’s contextual information physically by using stereo type cameras, RFID, smart devices, etc. These are heavily focusing on external context such as location, temperature, light, etc. However, cognitive elements of the context are important and need more study. This paper confines its research domain to the Web-based information system (IS) and, first, proposes two algorithms, the context inference algorithm and the service recommendation algorithm, for inferring cognitive context in the IS domain. Second, this paper demonstrates cognitive context-awareness on the Web-based information systems through implementing prototype deploying the proposed algorithms. The proposed system deploying the context inference and service recommendation algorithm can help the IS user to work with an IS conveniently and enable an existing IS to deliver ubiquitous service. In this fashion, we show the direction of existing IS and, ultimately, shows the typical services of a ubiquitous computing-based IS.     

A baseline security policy for distributed healthcare information systems

In this paper, the need for identifying and analyzing the generic security characteristics of a healthcare information system is, first, demonstrated. The analysis of these characteristics is based upon a decision-support roadmap. The results from this profiling work are then analyzed in the light of the fact that more than 1000 accidental deaths happened due to computer system failures. As a result of this analysis, a set of recommendations is drawn up, leading to the development of a baseline security policy for healthcare institutions. Such a policy should be flexible enough to reflect the local needs, expectations and user requirements, as well as strict enough to comply with international recommendations. An example of such a baseline policy is then provided. The policy refers to a given security culture and has been based upon an abstract approach to the security needs of a healthcare institution.     

Protection from reconnaissance for establishing information security systems

ABSTRACT

The paper presents a generalized method for improving security of information systems based on protection of the systems from reconnaissance by adversaries. Attacks carried out by exploiting almost all vulnerabilities require particular information about the architecture and operating algorithms of an information system. Obstructions to obtain that information also complicates carrying out attacks. Reconnaissance-protection methods can be utilized for establishing such systems (continuous change of attack surface). Practical implementation of the techniques demonstrated their high efficiency in reducing the risk of information resources to be cracked or compromised.     

A contingency model for estimating success of strategic information systems planning

Strategic information system planning (SISP) has been identified as a critical management issue. It is considered by many as the best mechanism for assuring that IT activities are congruent with those of the rest of the organization and its evolving needs.     

Issues in information systems planning

Numerous difficulties face information systems managers as they develop IS plans. Three nominal group technique sessions used IS practitioners from different levels of management to identify specific difficulties. The findings indicate a wide variety of problems faced by these managers. Top IS managers were concerned most with learning the objectives of top general management. Middle IS managers were concerned most with adopting a methodology for planning. Operating IS managers were concerned most with understanding the perceived needs of the user. These results suggest the need for more sophisticated management techniques (or the better use of existing techniques) and the need for research to address the development, utilization and evaluation of such techniques.     

Successful strategic information systems planning

Abstract. Strategic information systems planning (SISP) is the process of ensuring alignment between business plans and objectives and information systems plans and objectives and/or the process of identifying information systems which will provide the organization with a competitive edge. This paper distinguishes SISP from both tactical and operational information systems planning, discusses the reasons for management concern with SISP, summarizes problems which may be encountered with the planning process and resultant plant implementation and then focuses on the issue of SISP success. Specifically, success is considered not only in terms of how it may be achieved but also in terms of how it can be defined (i.e. what constitutes SISP success) and how SISP success can be measured. Specific research questions addressing the measurement of SISP success are identified.     

Negotiating context information in context-aware systems

Context-aware environments must allow adaptive and autonomous access to context information. This multi-agent middleware uses a negotiation protocol and ontology model to make the environment more easily personalized at runtime and adapted and managed at provisioning time. In a pervasive environment, a wide range of devices and resources use heterogeneous networks to perform the tasks involved in spontaneous ad hoc communication. The environment's infrastructure must therefore make available a rich set of computing capabilities and services at all times and in all locations in a transparent, integrated, and convenient way. Context provides perceptual information about the location and status of the people, places, and other devices in the environment.     

A model of digital identity for better information security in e-learning systems

The Journal of Supercomputing - The trend of rapid development of information technologies is creating new challenges in information security such as security management of identities in e-learning...     

Conceptualising improvisation in information systems security

Information Systems Security (ISS) has constantly been ranked as a key concern for Information Systems (IS) managers. Research in the field has largely assumed rational choice (functional) approaches to managing ISS. Such approaches do not give due recognition to the role of improvisation in ISS work. Empirical evidence in organisations suggests that in the context of dynamic, volatile and uncertain environments practitioners are both rational and adaptive (a manifestation of improvisation). In this paper, we conceptualise and demonstrate the manifestation of improvisation in ISS. In order to develop a better understanding of improvisation in ISS activities, hermeneutical and exegetical techniques were employed. Empirical data were collected through in-depth interviews in a single case study. The data obtained were analysed and interpreted hermeneutically. Generally it was found that improvisation is manifested in ISS activities. Implications of these and other findings for the scholarly community and for practical use are discussed.     

Information systems resources and information security

Recent studies suggest that the number of information security incidents has increased dramatically and has caused significant economic loss worldwide. Awareness of the significance of information security is evidenced by a rapid increase in information security investments. Despite the fact that information security has taken on a new level of importance, academic research on this subject is still in its infancy. A review of literature indicated that past studies largely took a resource based view, suggesting that organizations invest and develop a variety of IS resources so as to ease potential threats caused by information security breaches. However, the resource-based perspective as used in previous studies was somewhat limited. Based on and extending from previous work, this study employed the resource-based view as a theoretical lens to examine the role that IS resources play in determining the level of information security. A field study was conducted to test the hypotheses. The results of the model testing show that IT human, relational, and infrastructure resources have significant impacts on information security.     

The configuration and detection strategies for information security systems

Intrusion Detection Systems (IDSs) have become an important element of the Information Technology (IT) security architecture by identifying intrusions from both insiders and outsiders. However, security experts questioned the effectiveness of IDSs recently. The criticism known as Base Rate fallacy states that when IDS raises an alarm, the event is more likely to be benign rather than intrusive since the proportion of benign activity is significantly larger than that of intrusive activity in the user population. In response to too many false alarms, system security officers (SSO) either ignore alarm signals or turn off the IDS as the information provided by IDS is very skeptical. To alleviate this problem of IDSs, Ogut et al. (2008) [6] suggest that the firm may choose to wait to get additional signal and to make better decision about user type. One of the limitations of their model is that configuration point at which IDSs operate (the false negative and false positive rates) is exogenously given. However, the firm trying to minimize expected cost should also make a decision regarding the configuration level of IDSs since these probabilities are one of the determinants of future cost. Therefore, we extend Ogut et al. (2008) [6] by considering configuration and waiting time decisions jointly in this paper. We formulate the problem as dynamic programming model and illustrate the solution procedure for waiting time and configuration decision under optimal policy when cost of undetected hacker activity follows step wise function. As it is difficult to obtain waiting time and configuration decision under optimal policy, we illustrate the solution procedures for under myopic policy and focus on the characteristics of configuration decision under myopic policy. Our numerical analysis suggested that configuration decision is as important as waiting time decision to decrease the cost of operating IDS.     

A system planning method based on templates for large-scale manufacturing information systems

In the field of manufacturing, there is a need to develop large-scale manufacturing information systems. This is especially true in the Japanese steel manufacturing industry where CIM is the core management technology. But developing such systems requires large amounts of time and manpower, and furthermore, these type of projects are very difficult to manage. Therefore, in order to ease the process of analysis and design, we propose procedures based on a two-dimensional template with specific criteria for large-scale manufacturing IS architectures. In each manufacturing system, there are two important elements that correspond to the two dimensions of the template. One is a functional category and the other is a management structure. We show here the effectiveness of applying this method to system planning of large-scale IS in one representative steel manufacturing plant.     

A model for evaluating computer network security systems with 2-tuple linguistic information

With respect to comprehensive evaluation model for computer network security with linguistic information and incomplete weight information, a new comprehensive evaluation model is proposed. In the method, the 2-tuple linguistic representation developed in recent years is used to aggregate the linguistic assessment information. In order to get the weight vector of the attribute, we establish an optimization model based on the basic ideal of traditional TOPSIS, by which the attribute weights can be determined. Then, the optimal alternative(s) is determined by calculating the shortest distance from the 2-tuple linguistic positive ideal solution (TLPIS) and on the other side the farthest distance of the 2-tuple linguistic negative ideal solution (TLNIS). The method has exact characteristics in linguistic information processing. It avoided information distortion and losing which occurred formerly in linguistic information processing. Finally, a numerical example of the evaluation of network security systems is used to illustrate the use of the proposed method. The result shows the approach is simple, effective and easy to calculate.     

Quality assurance systems information requirements planning

The rapid development of Computer Integrated Manufacturing (CIM) is causing significant difficulties for planning the information requirements for the technical managers of quality assurance systems. This paper examines the general model of information requirements planning for quality assurances with emphasis on the problems of structuring and adapting to a CIM environment.     

Coordinating context building in heterogeneous information systems

We present an architecture to coordinate the construction of the context within which meaningful information between heterogeneous information systems can be exchanged. We call this coordinator SCOPES (Semantic Coordinator Over Parallel Exploration Spaces). A classification of semantic conflicts we proposed elsewhere is used to build and refine the context, by discovering the semantic mapping rules (inter-schema correspondence assertions) between corresponding elements of the communicating systems. A truth maintenance system is used to manage the multiple intermediate contexts. It provides a mechanism to infer or retract assertions on the basis of the knowledge acquired during the reconciliation process. This nonmonotonic technique is used in conjunction with the Dempster-Shafer theory of belief functions to model the likelihood of alternative contexts. Finally, we propose an algorithm which illustrates how the various components of the architecture interact with one another in order to build context.     

企业信息系统安全规划设计与实施探讨

企业信息化建设规模逐渐扩展,有关内部支撑系统已经成为企业经营的必要支撑媒介,按照特定平稳运行潜力观察,有关整个企业的快速运营与发展动力需要引起有关人员的高度重视。为了全面应对信息安全管理问题,巩固安全防护体系架构．需要针对数据安全性和业务交互性特征实施逐层延展,这已经成为企业创新规划阶段需要全面考虑的深刻问题。因此．本文主要联合企业安全信息系统规划纲要,稳定内部防护机制和建设条件,保证细化任务的部署速率,最终为企业安全事业发展灌输最新活性因素,避免阶段隐患问题的再次滋生。     

Management of information security risks in a context of uncertainty

The article proposes a method for selecting the optimal tactics to reduce the current level of information security risks to an acceptable level specified by a decision maker based on the introduction of a metric of assessment characteristics of acceptable and current risks, as well as algorithms for constructing the acceptable risk curve and for determining the values of current information security risks.     

Model for planning seasonal sales in corporate information systems

This paper addresses automated enterprise control, namely, the use of modern information technologies to plan sales. A new model intended for seasonal products and linked with the ideas of cluster analysis is proposed. Its construction and efficiency are demonstrated using real data.