Jean-Noël Ezingeard

Perception of risk and the strategic impact of existing IT on information security strategy at board level

Purpose – Information security is becoming increasingly more important as organisations are endangered by a variety of threats from both its internal and external environments. Many theorists now advocate that effective security policies should be created at senior management level. This is because executives are able to evaluate the organisation using a holistic approach as well as having the power to ensure that new systems and procedures are implemented in a timely manner. There is, however, a continuing lack of understanding regarding the strategic importance of managing information security. In addition, there is a gap in the literature on the relationship between directors and information security strategy. This paper attempts to close this gap by exploring how directors perceive their organisations security and what factors influence their decisions on the development and implementation of information security strategy.Design/methodology/approach – The research is based on constructivist grounded ...

Revisiting adoption factors of inter‐organisational information systems in SMEs

For over a decade large companies have turned to supply‐chain management and inter‐organisational system‐development techniques to increase their efficiency and effectiveness. Smaller companies, however, have struggled to adopt and benefit from such systems, traditionally citing reasons such as a lack of financial resources and technical capability. This paper seeks to identify a framework of key variables which influence the adoption of inter‐organisational and supply‐chain systems with particular reference to smaller companies. This framework is then applied to a supply‐chain case study in the chemicals sector to consider the reality of system adoption for a small‐ to medium‐sized enterprise (SME) in the chain. The paper concludes that significant benefits are indeed attainable for the SME; however, a culturally‐rooted lack of vision and awareness are restricting adoption and the realisation of benefits associated with such systems.

A Model of Information Assurance Benefits

Abstract Effective information assurance (IA) is the key to reliable management decision-making, customer trust, business continuity, and good governance in all sectors of industry and public service. Yet making a business case for IA investments can be difficult because the scope of the potential benefits can be very broad. Based on interview data collected from company executives, senior IA managers, and a variety of external stakeholders, we develop and discuss a four-layer model that can be used to help structure the case for IA investments.

Mastering the art of corroboration: a conceptual analysis of information assurance and corporate strategy alignment

Purpose – The paper seeks to investigate how the information assurance (IA) efforts of organisations should be aligned with their business strategy. From this analysis, a conceptual model of alignment is presented. This framework shows several organisational factors that can influence alignment.Design/methodology/approach – A number of published works on alignment are discussed in order to develop a conceptual model of IA fit. In addition, Venkatramans six perspectives of alignment are used as a framework to suggest future research in this area.Findings – The paper presents a definition of information assurance and proposes various reasons why IA is a strategic issue and should be aligned with both IT and corporate strategy. From the literature, a conceptual model illustrating the variables that can influence alignment is presented.Research limitations/implications – A clear conceptualisation of alignment is needed. Six potential research models and associated research questions are proposed.Practical im...

Developing a Relevant Research Agenda in Knowledge Management - Bridging the Gap Between Knowing and Doing

The diversity and sometimes‐sporadic nature of research in the area of knowledge management (KM) points towards the need for a better understanding of the underlying framework of issues and potential research topics. This paper describes the search for a research agenda in this fast developing area. Important issues were identified through a general review of the KM literature followed by a survey of business practitioners, consultants and academics at a one‐day conference dedicated to the subject. The investigation was carried out in the context of a feasibility study for a proposed KM Centre at Henley Management College in the UK. The survey followed an interpretivist approach employing open‐ended questions that sought to establish important issues in KM and to examine the benefits that participants would seek from a such a forum of practitioners and academics. A conceptual framework of disciplines and key topics was developed from the literature review and applied to the issues identified in the survey. The results point towards three areas of significant interest, namely: (i) implementation issues, (ii) best practice, and (iii) measurement. Additionally, the nature of the fast evolving field of knowledge management points to the need for more interactive research that brings together the different players in the field into a tighter and faster learning cycle.

Information security standards: Adoption drivers (invited paper)

ISO/IEC 17799 is a standard governing Information Security Management. Formalised in the 1990s, it has not seen the take up of accreditations that could be expected from looking at accreditation figures for other standards such as the ISO 9000 series. This paper examines why this may be the case by investigating what has driven the accreditation under the standard in 18 UK companies, representing a fifth of companies accredited at the time of the research. An initial literature review suggests that adoption could be driven by external pressures, or simply an objective of improving operational performance and competitive performance. It points to the need to investigate the influence of Regulators and Legislators, Competitors, Trading Partners and Internal Stakeholders on the decision to seek accreditation.