Thomas E. Marshall

Business Intelligence: An Analysis of the Literature

This publication contains reprint articles for which IEEE does not hold copyright. Full text is not available on IEEE Xplore for these articles.

Information security: management's effect on culture and policy

Purpose – This study proposes to put forward and test a theoretical model that demonstrates the influence of top management support on an organizations security culture and level of security policy enforcement.Design/methodology/approach – The project used a combination of qualitative and quantitative techniques. The grounded theory approach was used to analyze responses to open‐ended questions answered by 220 certified information system security professionals. Using these responses, a survey instrument was developed. Survey results were analyzed using structural equation modeling.Findings – Evidence suggests that top management support is a significant predictor of an organizations security culture and level of policy enforcement.Research limitations/implications – During instrument validation, a special effort removed survey items that appeared overly intrusive to the respondents. In this endeavor, an expert panel of security practitioners evaluated all candidate items on a willingness‐to‐answer scal...

Information security policy: An organizational-level process model

To protect information systems from increasing levels of cyber threats, organizations are compelled to institute security programs. Because information security policies are a necessary foundation of organizational security programs, there exists a need for scholarly contributions in this important area. Using a methodology involving qualitative techniques, we develop an information security policy process model based on responses from a sample of certified information security professionals. As the primary contribution of this research study, the proposed model illustrates a general yet comprehensive policy process in a distinctive form not found in existing professional standards or academic publications. This studys model goes beyond the models illustrated in the literature by depicting a larger organizational context that includes key external and internal influences that can materially impact organizational processes. The model that evolved from the data in this research reflects the recommended practices of our sample of certified professionals, thus providing a practical representation of an information security policy process for modern organizations. Before offering our concluding comments, we compare the results of the study with the literature in both theory and practice and also discuss limitations of the study. To the benefit of the practitioner and research communities alike, the model in this study offers a step forward, as well as an opportunity for making further advancements in the increasingly critical area of information security policy.

Information Security Effectiveness: Conceptualization and Validation of a Theory

Taking a sequential qualitative-quantitative methodological approach, we propose and test a theoretical model that includes four variables through which top management can positively influence security effectiveness: user training, security culture, policy relevance, and policy enforcement. During the qualitative phase of the study, we generated the model based on textual responses to a series of questions given to a sample of 220 information security practitioners. During the quantitative phase, we analyzed survey data collected from a sample of 740 information security practitioners. After data collection, we analyzed the survey responses using structural equation modeling and found evidence to support the hypothesized model. We also tested an alternative, higher-order factor version of the original model that demonstrated an improved overall fit and general applicability across the various demographics of the sampled data. We then linked the finding of this study to existing top management support literature, general deterrence theory research, and the theoretical notion of the dilemma of the supervisor.

The Top Information Security Issues Facing Organizations: What Can Government do to Help?

Abstract Considering that many organizations today are fully dependent on information technology for survival,1 information security is one of the most important concerns facing the modern organization. The increasing variety of threats and ferociousness of attacks has made protecting information a complex challenge.2 Improved knowledge of the critical issues underlying information security can help practitioners, researchers, and government employees alike to understand and solve the biggest problems. To this end, the International Information Systems Security Certification Consortium [(ISC)2]® teamed up with Auburn University researchers to identify and rank the top information security issues in two sequential, but related surveys. The first survey involved a worldwide sample of 874 certified information system security professionals (CISSPs)®, who ranked a list of 25 information security issues based on which ones were the most critical facing organizations today. In a follow-on survey, 623 U.S.-based...

Perceived task complexity as a criterion for information support

Here, the conceptual model of perceived task complexity, which incorporates the user, task, and system into a comprehensive unit of analysis, is used to investigate how, when, and why computer-assisted instruction (CAI) systems provide effective support. The work is based on data provided by 156 experimental subjects; information system (IS) use was found to vary by user groups depending on task performance. In addition, the effects of task presentation on task behavior and performance were found to vary between groups, based on their performance. The findings imply that user, task, and system dynamically interact in providing effective IS support. A comprehensive model of perceived task complexity that includes a users domain knowledge is developed. This should help in further investigating into how, when, and why IS are effective.

Corporate culture, related chief executive officer traits, and the development of executive information systems

Executive information systems (EIS) are becoming more and more important to executive decision makers in todays organizations. EIS have gained more popularity in the past few years in the scholarly and practitioner press. However, the researchers and writers have failed to recognize that an EIS is a highly personalized system. In view of this fact, the cognitive traits of the top manager, along with the related culture of the organization, should be taken into consideration in developing these systems. This paper suggests some guidelines for developing EIS in two opposing organizational cultures: a hierarchical culture and an adhocracy culture.

Perceived Control in Information Systems

The importance of perceptions of control in explaining human behavior and motivation has been identified, investigated and found to be significant in several disciplines. This study reports on an exploratory investigation assessing perceived control within the information systems domain. A survey instrument was developed based on the research literature to assess perceived control as a multi-dimensional construct. The survey was administered to 241 subjects. The results were analyzed to produce a set of five factors that represent a user’s perceptions of control when working with an interactive information system: 1) timeframe, 2) feedback signal, 3) feedback duration, 4) strategy, and 5) metaphor knowledge.

Cognitive computing and eScience in health and life science research: artificial intelligence and obesity intervention programs

ObjectiveTo present research models based on artificial intelligence and discuss the concept of cognitive computing and eScience as disruptive factors in health and life science research methodologies.MethodsThe paper identifies big data as a catalyst to innovation and the development of artificial intelligence, presents a framework for computer-supported human problem solving and describes a transformation of research support models. This framework includes traditional computer support; federated cognition using machine learning and cognitive agents to augment human intelligence; and a semi-autonomous/autonomous cognitive model, based on deep machine learning, which supports eScience.ResultsThe paper provides a forward view of the impact of artificial intelligence on our human–computer support and research methods in health and life science research.ConclusionsBy augmenting or amplifying human task performance with artificial intelligence, cognitive computing and eScience research models are discussed as novel and innovative systems for developing more effective adaptive obesity intervention programs.

Information Security and Task Interdependence: An Exploratory Investigation

This sequential qualitative-quantitative study investigates reported levels of task interdependence by certified information security professionals from organizations worldwide. The empirical tests show that information security ranked high in task interdependence compared to other information system related tasks. Additionally, comparing results from a different survey, information security work demonstrates higher levels of reported task interdependence than telecommunications software development work. We present the results of a demographic analysis of the survey taken by 936 certified information security professionals. Overall, the results suggest that information security work in organizations requires high levels of task interdependence. These findings have implications for researchers by identifying task interdependence-related topics for future study. For practitioners, these findings provide relevant insight into the nature of information security work in organizations