Paula Kotzé

Knowledge Asset Management Pertinent to Information Systems Outsourcing

Organisations have over time realised that leveraging their already-accumulated knowledge assets are the most cost effective way to increase their competitive standing and to harness innovation. In choosing to outsource their information systems (IS), they may unintentionally fragment their knowledge assets by missing critical learning opportunities, with a resulting loss of ensuing business gains. Organisations should manage knowledge exploitation effectively, especially in the context of IS outsourcing arrangements, where the planning, management and operation of all or a part of the IS function, are handed over to an independent third party. There is, however, currently a lack of applied research to explain how knowledge asset dynamics happen in organisational value creation mechanisms, especially in the context of IS outsourcing. This paper analyses and describes knowledge asset management relevant in such an IS outsourcing arrangement. By understanding the requirements to manage knowledge assets, an organisation may optimise the relationships among critical knowledge assets as well as the knowledge sharing mechanisms required to meet knowledge demands in the context of IS outsourcing.

Secure cloud computing: Benefits, risks and controls

Cloud computing presents a new model for IT service delivery and it typically involves over-a-network, on-demand, self-service access, which is dynamically scalable and elastic, utilising pools of often virtualized resources. Through these features, cloud computing has the potential to improve the way businesses and IT operate by offering fast start-up, flexibility, scalability and cost efficiency. Even though cloud computing provides compelling benefits and cost-effective options for IT hosting and expansion, new risks and opportunities for security exploits are introduced. Standards, policies and controls are therefore of the essence to assist management in protecting and safeguarding systems and data. Management should understand and analyse cloud computing risks in order to protect systems and data from security exploits. The focus of this paper is on mitigation for cloud computing security risks as a fundamental step towards ensuring secure cloud computing environments.

A lightweight methodology to improve web accessibility

This paper introduces a methodology to improve the accessibility of websites with the use of free so-called automatic tools. The methodology has three iterative phases, namely assessing a website against accessibility guidelines, user testing and creating in-house guidelines to prevent similar mistakes in future versions of the system. Aspects of accessibility addressed include the use of colour, accessibility guidelines and priorities, readability or comprehensibility, and screen reader simulators. We recommend free tools for each of these accessibility aspects and discuss the process that should be followed when evaluating a website.

Securing Virtual and Cloud Environments

Organisations have to adapt quickly to changes, continuously investigate innovations and be flexible in order to remain competitive. The information technology (IT) landscape has evolved to enable organisations competitive advantage and to meet targets such as reduced costs, scalability, flexibility, capacity utilisation, higher efficiencies and mobility. Many of these benefits are achieved through the utilisation of technologies such as cloud computing and virtualisation. In many instances cloud computing builds on the capabilities of a virtualised computing infrastructure enabling multi-tenancy, scalability and a highly abstracted cloud model. Even though cloud computing and virtualisation provide significant benefits and cost-effective options for IT hosting and expansion, cloud and virtual IT systems are not risk-free. Risks must be understood to ensure adequate security not only for cloud computing, but also for the underlying technologies enabling cloud computing. The focus of this paper is on mitigation for virtualisation and cloud computing security risks as a fundamental step towards ensuring secure cloud computing environments.

Enterprise Architecture for Small and Medium Enterprise Growth

A key constraint for growing small and medium enterprises (SMEs) is the business skills required to grow the enterprises through the stages of transformation. Criticism against growth stage models for SMEs is of concern, since these models contain the typical knowledge that appeals to managers of small enterprises as guidance in how to manage growth. In this article we propose the SMEAG model to explore the relevance of enterprise architecture (EA) for enhancing existing growth stage models in order to counteract some of this criticism. EA is well-known as a field that claims to manage change and complexity. The rationale to combine the concepts of growth stage models and EA is based on the level of change and complexity associated with the growth of small enterprises into medium enterprises. SMEAG combines the existing growth stage model of Scott and Bruce, the Enterprise Architecture Framework by Hoogervorst, and the EA as Foundation for Business Execution Model by Ross, Weill and Robertson.

Threats and Opportunities for Information Systems Outsourcing

The outsourcing of information systems has grown as an accepted business trend, with several reasons being cited for considering IS outsourcing. However, there is evidence that IS outsourcing threats may impact negatively on the initial intent to outsource, as well as the success of an IS outsourcing arrangement. Managing successful IS outsourcing relationships is concerned with exploiting outsourcing opportunities and avoiding outsourcing threats. The aim of this paper is to share the findings of a systematic literature review on opportunities and threats pertinent to IS outsourcing. By considering and addressing IS outsourcing threats and opportunities, organisations may realise benefit across the whole IS outsourcing lifecycle in achieving their strategic intent to outsource.

Propositions that Describe the Intended Meaning of Enterprise Architecture

In scientific inquiry definitions serves the purpose of describing what something is in terms that are concise, precise and allows for clear communication. Since the start of the enterprise architecture (EA) research field the issue of the definition of terms and fundamental concepts has been continually debated. The ongoing debate is indicative of a lack of universal agreement on EA fundamentals amongst EA researchers and practitioners which, in turn, manifests as a gap in the literature with regard to the underlying fundamental concepts of EA. This paper reports on the results of an investigation into the description of EAs fundamental concepts. During the investigation a structured interpretation method was applied to two prominent enterprise architecture frameworks in order to produce a set of EA propositions that captured the fundamental meaning of EA as a concept. The investigation resulted in the EA claim that EA is similar, in intent, to the enterprise as a worldview is to the world. The EA claim and its supportive six EA propositions provide and explicit description of the foundational understanding of what EA is.

A method for identifying process reuse opportunities to enhance the operating model

Staying competitive in the 21st century requires enterprise unity and integration, allowing for agility to accommodate swift changes in strategy as markets evolve and new opportunities emerge. The foundation for execution approach acknowledges the volatility of strategy and suggests the use of an operating model (OM), which is a commitment to a way of doing business. The OM creates a company-wide vision for process standardization and data centralization and guides decisions about how a company implements processes and IT infrastructure. Although the OM provides senior management with a powerful decision-making tool in evolving the current IT landscape, the selection of an appropriate OM requires additional guidance. This article elaborates on current OM deficiencies, requirements for enhancement and a new method, mechanisms and practices to enable an enterprise architecture practitioner to identify the required process reuse opportunities for a specific OM.

A Framework for Creating Pattern Languages for Enterprise Architecture

The use of patterns and pattern languages in enterprise architecture (EA) is a relatively novel concept. Although both the concepts of patterns and EA are over 30 years old, the notion of design patterns is hardly applied to EA. There is a lack of pattern collections specifically devoted to EA: only a small number of patterns and pattern collections specifically aimed at enterprise architecture can be found in the public domain. Furthermore no framework or method exist that would assist enterprise architects in creating patterns and pattern languages for EA. This paper aims to bridge this gap by proposing a pattern framework for enterprise architecture (PF4EA), which can guide the development of well-grounded patterns and pattern languages for the EA domain. The components of the frameworks are described as well as a method for its use.

Are organisations in South Africa ready to comply with personal data protection or privacy legislation and regulations

This paper reports on a survey conducted to determine the readiness of organisations in South Africa to comply with personal data protection or privacy legislation and regulations. Issues addressed include employee knowledge of personal data classification, policies, the POPI Act, standards, and training or awareness campaigns within organisations. The study also looked at the significance of viewing personal data protection beyond the South African context, including the use of cloud services. To present a balanced view, the study involved both management and technical employees of organisations. It was found that most of the organisations involved in the study are not data privacy compliance ready. The study aims to contribute by assisting organisations to gauge their readiness for data privacy compliance and sensitise them of the need for readiness.