Andrea Back

Shadow IT - A view from behind the curtain

Shadow IT is a currently misunderstood and relatively unexplored phenomena. It represents all hardware, software, or any other solutions used by employees inside of the organisational ecosystem which have not received any formal IT department approval. But how much do we know about this phenomenon? What is behind the curtain? Is security in organisations jeopardised? In the research study reported here, we conducted an in-depth analysis of the organisational Shadow IT software database, reporting the view from behind the curtain. The study used triangulation approach to investigate the Shadow IT phenomena and its findings open Pandoras Box as they lay a new picture of what Shadow IT looks like from the software perspective. Our study revealed that greynet, content apps, and utility tools are the most used shadow systems. This study offers important insights on the Shadow IT phenomena for information management professionals and provides new research directions for academia.

Knowledge Networks for Business Growth

The first part of this book contains three case studies which illustrate the idea of knowledge networks for growth. The step-by-step methodology of the second part shows the reader how to build up and maintain these networks. The templates in the last part of the book ease the adaptation of networks for the readers own company or his or her specific business needs.

Broadening Participation in Knowledge Management in Enterprise 2.0

Abstract Enterprise 2.0 is an approach to broaden participation of employees in enterprise knowledge management. Building on concepts and tools from the Web 2.0, the effort to participate is minimized and a broad audience is provided. This has positive effects on the motivation of employees to participate. In this article we present an overview of the ideas and tools behind Enterprise 2.0, and discuss challenges and approaches for management. Zusammenfassung Eine Herausforderung für die Umsetzung von Wissensmanagement im Unternehmen ist die Beteiligung der Mitarbeiter. Die Konzepte und Werkzeuge rund um das Web 2.0 bzw. Enterprise 2.0 stellen hierzu Lösungsansätze zur Verfügung. Durch Minimierung des Aufwandes für den Einzelnen und Bereitstellung eines großen Publikums werden einige der bisher vorhandenen Hürden verkleinert. In diesem Beitrag geben wir einen Überblick zu den Grundideen und Werkzeugen im Bereich Enterprise 2.0 und diskutieren vor allem auch Herausforderungen und Lösungsideen für das Management.

Towards a Maturity Model for E-Collaboration - A Design Science Research Approach

Introducing electronic collaboration (e-collaboration) is not a matter of introducing new software, but it is a matter of introducing new, and if applied correctly, more efficient working processes and methods (i.e., e-collaboration capability). As a first step before introducing a collaboration technology, managers should comprehensively examine their organizations underlying capability. Accordingly, this study draws on literature of maturity models and success factors in the areas of e-collaboration and knowledge management as well as results of case studies of SharePoint introduction projects in order to propose a maturity model for e-collaboration as holistic approach which seeks to detect whether an organization exhibits the capabilities for efficient e-collaboration (i.e., analyze as-is situation) or what should be altered or implemented in order to achieve this (i.e., derive measures). Hence, this paper presents the first iteration of an e-collaboration maturity model instantiated as Excel assessment by using the design science research methodology and it results with the proposition of a situational alignment.

Information security: Critical review and future directions for research

Purpose – The purpose of this literature review is to analyze current trends in information security and suggest future directions for research. Design/methodology/approach – The authors used literature review to analyze 1,588 papers from 23 journals and 5 conferences. Findings – The authors identified 164 different theories used in 684 publications. Distribution of research methods showed that the subjective-argumentative category accounted for 81 per cent, whereas other methods got very low focus. This research offers implications for future research directions on information security. They also identified existing knowledge gaps and how the existing themes are studied in academia. Research limitations/implications – The literature review did not include some dedicated security journals (i.e. Cryptography). Practical implications – The study reveals future directions and trend that the academia should consider. Originality/value – Information security is top concern for organizations, and this research analyzed how academia dealt with the topic since 1977. Also, the authors suggest future directions for research suggesting new research streams.

Factors impacting information governance in the mobile device dual‐use context

Purpose – The purpose of this paper is to reveal factors that impact information governance within the mobile technology implementation in organizations in the dual‐use context.Design/methodology/approach – Case study methodology was used and 15 semi‐structured interviews were conducted with records and information management (RIM) and information security professionals from different types of organizations.Findings – There are three main findings. First, stakeholder support is critical to drive the change and leverage organizational security culture. Second, records mobility with data security dimension represents the biggest challenge for RIM stakeholders. Third, mobile strategy and security framework are two must‐win areas for a successful mobile implementation.Research limitations/implications – The paper does not include any end‐user perspective in interviews and this end‐user context is missing.Practical implications – Awareness through education and training of employees needs to be given very part...

Information Security and Open Source Dual Use Security Software: Trust Paradox

Nmap, free open source utility for network exploration or security auditing, today counts for thirteen million lines of code representing four thousand years of programming effort. Hackers can use it to conduct illegal activities, and information security professionals can use it to safeguard their network. In this dual-use context, question of trust is raised. Can we trust programmers developing open source dual use security software? Motivated by this research question, we conducted interviews among hackers and information security professionals, and explored ohloh.net database. Our results show that contributors behind open source security software (OSSS) are hackers, OSSS have important dual-use dimension, information security professionals generally trust OSSS, and large organizations will avoid adopting and using OSSS.

The Influence of Risk Factors in Decision-Making Process for Open Source Software Adoption

“Nobody ever got fired for buying IBM,” was a widely used cliche in the 1970s in the corporate IT (information technology) world. Since then, the traditional process of purchasing software has dramatically changed, challenged by the advent of open source software (OSS). Since its inception in the 1980s, OSS has matured, grown, and become one of the important driving forces of the enterprise ecosystem. However, it has also brought important IT security risks that are impacting the OSS IT adoption decision-making process. The recent Heartbleed bug demonstrated the grandeur of the issue. While much of the noise relates to the amplification of perceived risks by the popular mass media coverage, the effect is that many enterprises, mainly for risk reasons, have still chosen not to adopt OSS. We investigated “how do information security related characteristics of OSS affect the risk perception and adoption decision of OSS” by conducting an online survey of 188 IT decision-makers. The proposed Open Source Risk Adoption Model offers novel insights on the importance of the perceived risk antecedents. Our research brings new theoretical contributions, such as understanding the perceived IT security risk (PISR) relationship with adoption intention (AI) in the OSS context, for researchers and important insights for IT information professionals. We have found that IT security risk has a significant role in OSS adoption intention. Our results offer possible future research directions and extend existing theoretical understanding of OSS adoption.

A Reference Model for E-Collaboration within the Dispersed Sales Force Training Process in Multinational Companies

Multinational pharmaceutical companies are facing the challenge of finding the right balance between local responsiveness and global integration. A cross-case study analysis of the sales force training process at the Swiss company Roche Pharmaceuticals identified four areas of collaboration, each of which comprises a certain number of collaborative tasks. The equivocality and complexity of these tasks should, however, be taken into account when considering information and communication technology (ICT) support. The authors developed a task-media fit matrix and used it to choose and justify the usage of certain information and communication technologies. The end result of this article is a reference model for the three layers of strategy, process, and ICT for e-collaboration within the dispersed sales force training process in multinational pharmaceutical companies. The authors also maintain that the task-media fit matrix can help both practitioners and researchers to either justify investments in e-collaboration tools or to evaluate ICT architectures in the field of e-collaboration.

The Concept of Knowledge Networks for Growth

This article illustrates our concept of knowledge networks for growth, i.e. social networks that support companies’ growth strategy by their ability to share and create knowledge. We adapted the framework of intra-organizational networks to set up networks in three different growth areas: growth through the acquisition of external knowledge and its integration through merger and acquisitions; the support of internal innovation processes through the coordination of the innovation activities of independent business groups or units, and, lastly, growth through the integration of customers’ tacit knowledge in the internal innovation process.