Heather Fulford

Aligning the information security policy with the strategic information systems plan

Two of the most important documents for ensuring the effective deployment of information systems and technologies within the modern business enterprise are the strategic information systems plan (SISP) and the information security policy. The strategic information systems plan ensures that new systems and technologies are deployed in a way that will support an organisations strategic goals whilst the information security policy provides a framework to ensure that systems are developed and operated in a secure manner. To date, the literature with regard to the formulation of the information security policy has tended to ignore its important relationship with the strategic information systems plan, and vice versa. In this paper we argue that these two important policy documents should be explicitly and carefully aligned to ensure that the outcomes of strategically important information system initiatives are not compromised by problems with their security.

Do Information Security Policies Reduce the Incidence of Security Breaches: An Exploratory Analysis

Information is a critical corporate asset that has become increasingly vulnerable to attacks from viruses, hackers, criminals, and human error. Consequently, organizations are having to prioritize the security of their computer systems in order to ensure that their information assets retain their accuracy, confidentiality, and availability. While the importance of the information security policy InSPy in ensuring the security of information is acknowledged widely, to date there has been little empirical analysis of its impact or effectiveness in this role. To help fill this gap, an exploratory study was initiated that sought to investigate the relationship between the uptake and application of information security policies and the accompanying levels of security breaches. To this end, a questionnaire was designed, validated, and then targeted at IT managers within large organizations in the UK. The findings presented in this paper are somewhat surprising, as they show no statistically significant relationships between the adoption of information security policies and the incidence or severity of security breaches. The paper concludes by exploring the possible interpretations of this unexpected finding and its implications for the practice of information security management.

The application of information security policies in large UK‐based organizations: an exploratory investigation

Despite its widely acknowledged importance, the information security policy has not, to date, been the subject of explicit, empirical scrutiny, in the academic literature. To help fill this gap an exploratory research project was initiated that sought to investigate the uptake, content, dissemination and impact of information security policies. To this end, a questionnaire was mailed to senior IS executives, in large UK‐based organizations, and 208 valid responses were received. The results of this research have indicated that, while policies are now fairly common, at least amongst the sample, there is still a high degree of variety in terms of their content and dissemination.

Loyalty transfer from offline to online stores in the UK grocery industry

– Aims to examine the effectiveness of UK supermarkets in transferring store loyalty to online loyalty., – An online survey of university staff is used to test both the brand equity proposition that loyal customers are more likely to adopt brand extensions, and the double jeopardy models prediction that market leaders benefit disproportionately from loyalty transference., – The study provides support for the brand equity and double jeopardy propositions. Tescos and Sainsburys dominance of both the online and offline markets, coupled with their retention indices of 92 per cent (Tesco) and 76 per cent (Sainsburys), support the brand equity view. Tesco also attracts a disproportionately higher percentage of its customers from competitors (67 per cent) compared with Sainsburys (14 per cent), suggesting that it is benefiting from its market leadership position, as predicted by the double jeopardy model., – The relatively small size and restricted nature of the sample means that the exploratory findings now need to be investigated more rigorously. A larger sample would permit a more detailed exploration of the relationships between the different aspects of online loyalty., – The research suggests that smaller retail brands have two main options, namely growing the size of the brand or building a niche brand. For a market leader the challenge is to become a “super‐loyalty brand”. That is, to achieve levels of loyalty higher than predicted by the double jeopardy effect, either through segmentation or through better service provision than that of competitors., – This is the first study to examine transferability of store loyalty to online loyalty and demonstrate the usefulness of the brand equity and double jeopardy models for understanding and predicting loyalty transfer behaviour.

The information security policy unpacked: A critical study of the content of university policies

Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.

Building customer loyalty in online retailing: The role of relationship quality

Abstract This paper examines the challenge of building customer loyalty in the e-tailing environment. It examines the role of relationship quality (RQ) in the formation of customer loyalty in Internet retailing. In a departure from existing research, RQ is treated as a disaggregated, multidimensional construct, rather than a global one, consisting of relationship satisfaction (RS), trust, and commitment. Based on an online survey of 491 Internet grocery shoppers, structural equation modelling is used to test the influence of the different dimensions of RQ on e-loyalty. Results show that RS, perceived relational investment, and affective commitment have a strong and positive impact on e-loyalty. Trust also has a strong effect but works via RS. The results suggest that the disaggregated model of RQ provides a better prediction of e-loyalty than the aggregated model of RQ.

Measuring Internet retail service quality using E-S-QUAL

Abstract Despite its acknowledged importance, there are few rigorous empirical studies examining Internet retail service quality. An exception is the development of the E-S-QUAL scale by Parasuraman, Zeithaml, and Malhotra (2005). Whilst E-S-QUAL demonstrated good psychometric properties in the original study, the scale lacks external validation. This paper presents a reassessment and validation of the E-S-QUAL in the context of the Internet grocery sector. Data were collected via a web-based cross-sectional survey using self-administered questionnaires distributed to online grocery shoppers. A total of 491 usable questionnaires were received. The results show that there are potential discriminant validity problems with the Efficiency and System Availability dimensions of E-S-QUAL. Further analysis shows that a second-order, three-factor model of E-S-QUAL, consisting of Efficiency, System Availability, and Fulfilment, provides the best fit to the data in this study. Privacy is shown to be the least important dimension for the data set in this study.

Familiarity, expertise and involvement: key consumer segmentation factors

Purpose – It is generally accepted that the launch of a new product is critical to its success. Key to this is that manufacturers understand the market segment which is targeted for the launch. However, recent research and criticism suggest that modern segmentation strategies, aligning products with lifecycle typologies do not work. It is no longer possible to align consumers and products into neat and stable lifecycle segments. It is suggested that more importance should be attached to products having a familiarity fit with consumers – what they know and expect from a particular product. These views are moderated by a consumers enthusiasm or involvement with the product as well as their level of expertise in understanding complex products. This paper aims to look at these issues.Design/methodology/approach – This research looks at consumer perceptions to the changes to two automotive models launched by one of the major manufacturers at the Frankfurt Motor Show, Germany, held in September 2005, to discov...

A CONCEPTUAL MODEL FOR THE STRATEGIC ORIENTATION OF SMALL FIRMS

The study of patterns of small firm strategic behavior, or strategic orientation, is gradually gaining prominence in the literature. Strategic behavior is a consequence of various antecedents, such as the prevalent management philosophy and environmental dynamism. It, in turn, determines the particular engineering stance adopted, structures and processes deployed, and ultimately, organizational performance.The purpose of this paper is to critique, enhance and extend a model proposed by Aloulou and Fayolle (2005) that is focused particularly on the entrepreneurial orientation of small firms. A model is proposed for small firm strategic orientation that is based on a configurational approach, and applies the concepts of the adaptive cycle and the firms lifecycle. The rationale for, and the various dimensions of the proposed model are described, and recommendations made for future research on small firm strategic behavior.

The World, the Web and SMEs: Stepping Stones across Language and Cultural Divides

Drawing on technology adoption theories and stage models used in electronic commerce adoption studies, an incremental approach is proposed to customizing Websites for international marketing purposes in small and medium-sized enterprises (SMEs). Emphasis is placed on a gradual transition from globalizing to localizing as SMEs seek to establish and consolidate their presence in specific overseas markets. The benefits of the approach are highlighted for resource-constrained SMEs. Illustrations are provided of a sample of UK SMEs that have been successfully trialling and evaluating the approach. Indications are given of wider applications beyond UK SMEs to other contexts and countries.