Mathew Nicho

Success Factors for Integrated Itil Deployment: An it Governance Classification

Abstract ITIL (IT infrastructure library) is a specific, detailed, and widely used service management framework commonly implemented with relevant IS controls from ITG frameworks resulting in integrated ITIL deployment. Since cultural differences impact ITG implementations, it remains unknown whether the success factors of ITG implementation that are applicable in one context can be transposed into a distinctly different context and lead to integrated ITIL deployment. Hence the objective of this study is to come up with a set of success factors from the Asian context gleaned through (I) a high level ITG model and (2) an ITIL specific perspective resulting in a classified set of success factors from an ITG perspective for integrated ITIL deployment. This is done through an exploratory study of six successful LTG/ITIL implemented organizations in the United Arab Emirates through interviews with key IS audit and security personnel. Information is obtained from the respondents on the appropriate success factors to be used for ITIL deployment rather than their experiences in implementing ITIL. While valuable research have been done on ‘best practices’, ‘critical success factors’, ‘success factors’, and ‘adoption factors’ for ITIL implementation, the objective in this study is not only to test the existing list in a different context but also extend and classify the list from a broader ITG and ITIL specific perspective, and to provide contextual positioning of success factors for practitioners

Identifying Vulnerabilities of Advanced Persistent Threats: An Organizational Perspective

One of the most serious and persistent threat that has emerged in recent years combining technical as well as non-technical skills is the Advanced Persistent Threat, commonly known as APT where hackers circumvent the organizational defenses and instead target the naivety of the employees in making an unintentional mistake. While this threat has gained prominence in recent years, research on its cause and mitigation is still at the infancy stage. In this paper the authors explore APT vulnerabilities from an organizational perspective to create a taxonomy of non-technical and technical vulnerabilities. The objective is to enhance awareness and detection of APT vulnerabilities by managers and end users. To this end, the authors conducted interviews with senior IT managers in three large organizations in Dubai, United Arab Emirates. The analysis of the findings suggested that the APT threat environment is affected by multiple factors spanning primarily non-technical as well as technical vulnerabilities.

Human and Organizational Factors of Healthcare Data Breaches: The Swiss Cheese Model of Data Breach Causation And Prevention

Over the past few years, concerns related to healthcare data privacy have been mounting since healthcare information has become more digitized, distributed and mobile. However, very little is known about the root cause of data breach incidents; making it difficult for healthcare organizations to establish proper security controls and defenses. Through a systematic review and synthesis of data breaches literature, and using databases of earlier reported healthcare data breaches, the authors re-examine and analyze the causal factors behind healthcare data breaches. The authors then use the Swiss Cheese Model SCM to shed light on the technical, organizational and human factors of these breaches. The authors research suggests that incorporating the SCM concepts into the healthcare security policies and procedures can assist healthcare providers in assessing the vulnerabilities and risks associated with the maintenance and transmission of protected health information.