James Backhouse

Technical opinion: Information system security management in the new millennium

R apid advances in electronic networks and computerbased information systems have given us enormous capabilities to process, store, and transmit digital data in most business sectors. This has transformed the way we conduct trade, deliver government services, and provide health care. Changes in communication and information technologies and particularly their confluence has raised a number of concerns connected with the protection of organizational information assets. Achieving consensus regarding safeguards for an information system, among different stakeholders in an organization, has become more difficult than solving many technical problems that might arise. This “Technical Opinion” focuses on understanding the nature of information security in the next millennium. Based on this understanding it suggests a set of principles that would help in managing information security in the future.

Circuits of power in creating de jure standards: shaping an international information systems security standard

This paper addresses the role of power and politics in setting standards. It examines the interaction of external contingencies, powerful agents, resources, meaning, and membership of relevant social and institutional groupings in generating successful political outcomes. To study these interactions, the paper adopts the circuits of power, a theoretical framework taken from the social sciences, and applies it to understanding the creation and development of the first standard in information security management. An informal group of UK security chiefs sparked off a process which led first to BS7799, the British standard, and later to ISO 17799, the international standard. The case study portrays how the institutionalization of this ad hoc development process results from the interactions of power among the stakeholders involved. The case study also shows how the different interests and objectives of the stakeholders were influenced by exogenous contingencies and institutional forces. The paper discusses theoretical and practical implications for the future development of such standards.

Risks in the use of information technology within organizations

Information systems researchers and practitioners alike have always felt the need to minimize systemic risks arising out of the use of information technology. Research has identified the confidentiality, integrity and availability of information as vital concepts. However, in developing counter-measures to threats in these three areas the focus has been on questions such as computer viruses, hacking, system failures and access control. Thus the primary concern has been for the technical installations and their functionality. In contrast this research sees information technology usage in terms of the integrity and the wholeness of systems, social as well as technical. It argues that by maintaining the integrity of information systems, the risks associated with information technology usage can be minimized.

Becoming part of the furniture: the institutionalization of information systems

The institutionalization of information systems allows managers in organi-zations to concentrate on and devote creative energy to their prime tasks. This paper argues that the process of deciding whether an information system is institutionalized or not can be understood better by examining its political dimension. We focus on the failure to institutionalize the London Ambulance Service information system. Our analysis unravels the political factors that influenced the system breakdown and its abandon-ment. In doing so, we propose a framework grounded on the interpretive tradition of research into information systems. The framework we are introducing will contribute to the understanding of power and institutionalization, in research into organizational information systems.

On the discipline of information systems

Abstract. Although information systems is growing rapidly, it has little theoretical clarity. An article in the Times Higher Education Supplement of March 1989 by Liebenau and Backhouse sparked a debate on the character of information systems as a discipline. This paper reviews that debate, bringing out the main points of many of the discussants, and presents an analysis which is intended to carry the discussion further in order to help clarify and to galvanize opinion.

Refereed paper: Managing computer crime: a research outlook

This paper analyzes the problems posed by the emergence of computer crime and the possible avenues for its control and management. It analyzes the various approaches to the study of crime. Based on these it proposes a research perspective to manage corporate computer crime.

A question of trust

An economic perspective on quality standards in the certification services market.

Approaching Interoperability for Identity Management Systems

Establishing interoperable systems is a complex operation that goes far beyond the technical interconnectedness of databases and systems. Interoperability emerges from the need to communicate data across different domains for a specific purpose. Transferring the data may represent a technical challenge because of different protocols, standards, formats and so forth. However, the most difficult challenge lies in reconciling and aligning the purpose, use and other changes consequent on transferring that data. Changes in data ownership and custodianship have an effect on power structures, roles and responsibilities and on risk. In the first part of this chapter our aim is to develop an understanding of the term ‘interoperability’ as it currently applies to the area of identity management. We propose a three-fold conception of interoperability in IdMS, involving technical, but also formal-policy, legal and regulatory components, as well as informal-behavioural and cultural aspects. Having noted the official EU/government agenda as regards interoperable IdMS, the second part of the chapter is concerned with the perspective of other important stakeholders on the same topic. First, the views of experts from private and public sectors across Europe are presented. Following this, the perceptions and attitudes of EU citizens towards interoperable IdMS are discussed. Together, the findings presented point to the crucial challenges and implications associated with the sharing of personal data in the provision of eGovernment, eHealth and related services.

Introduction to semiotics

Communication consists of elements which we can analyze in terms of a continuum from context through meaning, grammar and code. An act of communication has been successful when the intentions of the sender are understood by the receiver.

Interoperability of Identity and Identity Management Systems

Interoperability in Identity and Identity Management Systems is a mounting concern for European policymakers, governments and administrators. Plans are being discussed, for example, with respect to European eIDs. However, interoperability seems to be too focused on technical aspects at a time when privacy concerns are emerging as a major stumbling block. How can Europe achieve a more balanced approach? This article discusses the results of the current FIDIS research in the area of interoperability.