Investigating the Factors Inhibiting SMEs from Recognizing and Measuring Losses From Cyber Crime in South Africa pp167‑178
The level of cyber attacks on organisations has increased tremendously in recent years. When such attacks occur, organisations need to assess the damage and loss from this crime. While large organisations have the mechanisms to determine such losses, SMEs lack such capability and often ignore the need to implement effective information security measures (Kyobe, 2008; Altbeker, 2000; Upfold and Sewry, 2005). Consequently, their risk exposure to cyber threats and the losses they incur from these attacks are often high (Ngo, Zhou, Chonka and Singh, 2009). However, the current legislative requirements, costly legal liabilities for non‑compliance, and increasing pressure by stakeholders (e.g., lenders, business partners) on SMEs to comply with good practices suggest that SMEs cannot ignore security any longer. In order to ensure accountability and compliance with security requirements, it is imperative for SMEs to identify, account and report cyber incidents and losses resulting from cyber attacks. This study investigated the factors that inhibit SMEs from recognizing and measuring losses from cyber attacks in South Africa. A survey involving twenty organisations from different business sectors was conducted and the results indicate that victimisation, resulting from a lack of awareness of cyber‑crime has the greatest influence on SMEs ability to recognise and prepare losses from cyber attacks.
The history of the management of information systems includes many ideas that were intended to simplify the complexities of the management task, but there is still a great deal of wasted investment that produces no significant benefits. Much of the thinking has been rational and structured, but it can be argued that structured thinking will not solve the problems presented by the ever‑increasing scope and depth of information systems, the need for improved responsiveness and agility, and the need to deal with a range of requirements that are sometimes behavioural and sometimes legislative. Three of the more frequently cited frameworks for information management (Zachman, Henderson & Venkatraman, Ward), are briefly reviewed and found to have common characteristics. They are combined into a new, simple arrangement of the central (and critically important) ideas. This new framework has been used as the basis of a survey instrument that is introduced and explained; it works at two levels ‑ the "micro" and "macro" levels. It assesses perceptions of organisational capability to manage information well, as seen by respondents who are normally employees working in different roles with varying responsibilities. The survey instrument comes with an analysis and reporting package that is found to be suitable for the needs of busy managers, and the way in which micro and macro data is presently analysed and presented is demonstrated using data from a reference dataset, a CIO workshop, an investigation within a real estate agency and a large financial services organisation. The contribution of this work to the research programme from which it emanated is summarised and future directions briefly explained.
This paper examines the approach taken to Information Technology (IT) outsourcing in four local government councils in the UK. This is important because, whilst outsourcing has become a significant issue in the restructuring of organisations and is increasingly used within both the private and public sectors, there has been a lack of research into IT outsourcing in the public sector and particularly within local government. This paper provides an in‑depth study into how outsourcing is managed in local councils and how successful it has been; especially considering its sometimes controversial nature and the mixed press results it receives. To complete this study, interviews, containing both qualitative and quantitative questions, were conducted with key people at the four councils. These interviews examined the rationale for IT outsourcing. The findings from the interviews were then compared to the current literature on IT outsourcing to identify best practice. This research shows that, whilst cost savings remain important, councils focus on achieving best value when outsourcing IT rather than simply lowest cost. Indeed, it shows that whilst outsourcing can result in improved efficiency, councils that focus primarily on cost savings are often less successful. However, whilst the results revealed that IT outsourcing was more successful at councils who focused on long‑term strategic goals, the interviewees considered the strategic benefits of outsourcing less important than improving the service. The structured selection process that is imposed by legislation allows council managers to gain a better understanding of the outsourcing requirements and make informed decisions to achieve best value, however the need for cost efficiency can result in a more short‑term focus. The cost of the process and its inflexibility makes it more difficult for councils to focus on long‑term goals. The study concludes that, whilst councils recognise that both the contract and trust are important to ensure that outsourcing is successful, the culture of risk aversion in the public sector tends to lead to a play it safe mentality resulting in an overemphasis on the contract. This can lead to a short‑term focus that could make it difficult for the council and the provider to work together to meet long‑term goals. The councils were generally skeptical of developing partnerships; however, the research reveals that councils who focused predominantly on the contract were less successful than those who developed partnerships with their providers. The authors therefore recommend that, in order to achieve greater success, councils should develop partnerships and focus on best value and long‑term strategic goals when outsourcing IT.
Keywords: Information Technology, IT, Information Systems, IS, outsourcing, public sector, local government
Human Resources Transformation Beyond Boundaries in Outsourcing Business Model ‑ Expatriate Benchmarking pp204‑215
Human Resource (HR) divisions of multi national companies (MNCs) are under tremendous pressure globally with the challenges and opportunities with the outsourcing business models to maintain competitive position in the marketplace. Attracting the mobile talent with multi dimensional skill set to address effective, efficient and controllable business needs is becoming complex, hence expatriate management and training has gained much attention. Successful Expatriate assignments drive revenue, value and growth to the organization. The expatriation process requires huge amount of effort for analysis, planning, selection and training before the departure of the associate to the host country from the home country. The authors would like to bring the practical approaches that needs to be considered in global business outsourcing model considering 3 dimensions Associate delight, Customer delight and Investor delight with expatriate benchmarking. The research study also brings the expatriate management strategies in 3 categories Onsite (foreign location / host country), Offshore (home country) and Near‑shore (country close to host country, but with lesser delivery cost). To substantiate the research, the data is collected from several Human resource leaders and managers at various levels HR Executives, HR Analysts, HR Managers, Senior Managers from IT organizations in different geographies through interviews and web based surveys. Statistical analyses are conducted on the data collected through multiple channels and these analysis reveal that a) the organizations with good global management strategy had larger number of associates with better expatriate experience, steadier focus on leadership, resulted in better financials b) The training is mor e focused on technology and job related skill set, but often ignored the level of depth in imparting the behavioural and cultural skills. The main contributions of the paper are we have proposed expatriate transformation canonical model for expatriate resource requirements fulfilment requests originating across the globe for IT services organizations. Following the IT services industry, we have followed the benchmarking methodology and used a template to understand the expatriate management practices, in the past and present, as a part of the human resource management function and extrapolated the data for the future expatriate operations by strategically building a manageable operational model by utilizing and tuning the organization culture
Keywords: benchmarking, expatriate management, expatriate training, ROI, onsite, offshore, near-shore
Assessing Future Value of Investments in Security‑Related IT Governance Control Objectives Surveying IT Professionals pp216‑227
Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security‑related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.
The use of RFID and Web 2.0 Technologies to Improve Inventory Management in South African Enterprises pp228‑241
Cost‑effective inventory management includes balancing the cost of inventory with its profit. Most business owners fail to recognize the value of the cost of carrying inventory, which include not only the direct cost of storage, insurance and taxes but also the cost of money tied up in inventory. Running inventory using paper‑based systems, Excel files and traditional enterprise software is a costly and resource‑intensive approach that may not even address the appropriate issues for most businesses. It is with this in mind that this research proposes taking advantage of the Internet of Things (IoT) technology i.e. Radio Frequency Identification (RFID) and Web 2.0 tools in the management of inventory. RFID promotes the communication of things/object through sensors. On the other hand Web 2.0 tools promote the communication of people through their phones or desktop computers. The collaboration of these two technologies could improve inventory management. A comprehensive literature survey is conducted on inventory management functionalities. RFID and Web 2.0 technologies are then mapped to the identified inventory management functionalities. As a result the research proposes inventory management architecture. The paper looks at the architecture of a system that fully integrates the technical advantages of RFID and Web 2.0 tools, such as Twitter for loss prevention and as an enabler for locating misplaced stock, anti‑counterfeiting of stock, and notifications on stock level on the shelve, amongst other applications. The system focuses on enterprises in developing regions in Africa, and South Africa in particular.
Keywords: Internet of things, IoT, Radio Frequency Identification, RFID, Web 2.0 tools, inventory management, South African Enterprises, Twitter
A Framework for Enhancing the Information Systems Innovation: Using Competitive Intelligence pp242‑253
Knowledge is used as a focal factor for competitive advantage, through effective and efficient performances by employees in many organisations. As a result, knowledgeable employees are expected to share their knowledge with others to increase innovation within the organisation. Unfortunately, this is not always the case. Generally, employees behave differently within an organisation. The main challenge is that no organisation has total control of its employees behaviour and actions. The behaviour and action has impact on how information systems are deployed for innovation, in creating competitive advantage. As a result, many systems have been deployed by different organisations in attempt to address this challenge for the interest. Others have deployed competitive intelligence products and services. This is primarily intended to provide decision ‑ makers with information that can contribute to the innovative process in order to meet customer needs. For an organisation to survive, it must be able to innovate and market its innovations. Also, innovation creates uncertainty about its consequences in the mind of potential adopters. There exists a discrepancy between what customers perceive as their problems or needs and what organisations understand these problems to be. This study was conducted with the primary aim to understand the impact of Competitive Intelligence (CI) on Information systems (IS) innovation products and services in organisations. The case study research method was employed, using a financial organisation. The Innovation‑decision process, from the perspective of Diffusion of Innovation theory (DOI) was applied in the data analysis.
Keywords: competitive intelligence, CI, diffusion of innovation, DoI, Information systems, IS, innovation
Software testing is the one of the primary methods used in the validation and verification of output in the software development industry. It is seen as a key method for achieving software quality, reliability, fitness for purpose and customer satisfaction. Software testing is however an expensive process accounting for as much as 50% of the cost of developing software based systems. In recent years, software testing as a discipline has come under pressure due to time, cost and skills constraints. These constraints impact negatively upon software test effectiveness. Therefore it is critical to identify and implement test tools that reduce the negative impact of software test constraints on software test effectiveness. In this paper the researchers examines some of the most popular software testing tools such as test case prioritisation, test suite reduction and test selection criteria, to identify: Which individual test tools are most likely to yield optimal test effectiveness and, Which combination of test tools is most likely to yield optimal test effectiveness and mitigate the effect of test constraints An extensive review of the software testing literature was conducted and used to construct a survey instrument as the basis for examining the impact of test constraints on software test methodology. The survey was issued to expert software test practitioners from various locations globally; the sample consisted of 43 test cases. The main findings were that no one approach to testing would yield satisfactory results but a combination of two or more test types from Automated testing, Smoke testing, Test case prioritisation and Regression test selection could yield effective software testing results and mitigate the effects of test constraints.
Keywords: software test tools, software test effectiveness, software test constraints, test selection methodology, test case selection criteria
Adding Action to the Information Audit pp271‑281
The Information Audit (IA) has long been seen as an important tool within the Information Management field, with its origins stemming from financial audits. It is used extensively in libraries as an improvement tool and, although many have tried to define it, such as Guy St. Clair (1997), Orna (1999) and Henczel (2001a), there is still no general consensus on a definition, or the steps taken to achieve it. Whatever form it may take, it is agreed that to undertake such a task requires a structured approach. The following study will propose a hybrid approach in which Henczels seven‑stage Information Audit model will be coupled with the Action Research (AR) methodology in order to assist a mid‑sized architectural practice to manage their information throughout the architectural design process, and, in particular, as they attempt to design a new academic building for a prominent Australian university.