You limited your search to:
- Defining the Information Security Posture: An Empirical Examination of Structure, Integration, and Managerial Effectiveness
- The discipline of information security management is still in its infancy as evidenced by the lack of empirical scholarly work in this area. Most research within the information security domain focuses on specific technologies and algorithms and how it impacts the principles of confidentiality, integrity, and availability. But, an important area receiving little attention is the antecedents of effective information security management at the organizational level (Stanton, Guzman, Stam & Caldera, 2003). The little empirical research that has been conducted in this area has shown that information security management in many organizations is poor (Baskerville, 1993; Shimeall & McDermott, 1999). Several researchers have identified the need for methods to measure the organization-wide information security posture of organizations (Eloff & Von Solms, 2000; James, 1996). This dissertation attempts to measure the organization-wide information security posture by examining benchmark variables that assess role, planning orientation, and performance structure within the organization. Through this conceptualization of an organization's information security posture, a means is presented to measure overall information security and how it impacts the effective utilization of information security strategies. The presence of the dependent variable, effectiveness, gives academics and practitioners a success measure which can guide more effective decision making in the information security domain. An additional aim of this dissertation is to empirically examine the influence of management practices and decisions on effective use of information security strategies within the organization. The issues of centralization versus decentralization of information security activities will be evaluated along with its impact on information security posture of organizations and the effectiveness of the organization's information security strategies. Data was collected from 119 IT and information security executives. Results show that how the organization structures information security activities is not correlated with more effective utilization of information security strategies. Meanwhile, the organization's information security posture is significantly correlated with more effective utilization of information security strategies. The implications of this research is discussed.
- Developing Criteria for Extracting Principal Components and Assessing Multiple Significance Tests in Knowledge Discovery Applications
- With advances in computer technology, organizations are able to store large amounts of data in data warehouses. There are two fundamental issues researchers must address: the dimensionality of data and the interpretation of multiple statistical tests. The first issue addressed by this research is the determination of the number of components to retain in principal components analysis. This research establishes regression, asymptotic theory, and neural network approaches for estimating mean and 95th percentile eigenvalues for implementing Horn's parallel analysis procedure for retaining components. Certain methods perform better for specific combinations of sample size and numbers of variables. The adjusted normal order statistic estimator (ANOSE), an asymptotic procedure, performs the best overall. Future research is warranted on combining methods to increase accuracy. The second issue involves interpreting multiple statistical tests. This study uses simulation to show that Parker and Rothenberg's technique using a density function with a mixture of betas to model p-values is viable for p-values from central and non-central t distributions. The simulation study shows that final estimates obtained in the proposed mixture approach reliably estimate the true proportion of the distributions associated with the null and nonnull hypotheses. Modeling the density of p-values allows for better control of the true experimentwise error rate and is used to provide insight into grouping hypothesis tests for clustering purposes. Future research will expand the simulation to include p-values generated from additional distributions. The techniques presented are applied to data from Lake Texoma where the size of the database and the number of hypotheses of interest call for nontraditional data mining techniques. The issue is to determine if information technology can be used to monitor the chlorophyll levels in the lake as chloride is removed upstream. A relationship established between chlorophyll and the energy reflectance, which can be measured by satellites, enables more comprehensive and frequent monitoring. The results have both economic and political ramifications.
- General Deterrence Theory: Assessing Information Systems Security Effectiveness in Large versus Small Businesses
- This research sought to shed light on information systems security (ISS) by conceptualizing an organization's use of countermeasures using general deterrence theory, positing a non-recursive relationship between threats and countermeasures, and by extending the ISS construct developed in prior research. Industry affiliation and organizational size are considered in terms of differences in threats that firms face, the different countermeasures in use by various firms, and ultimately, how a firm's ISS effectiveness is affected. Six information systems professionals were interviewed in order to develop the appropriate instruments necessary to assess the research model put forth; the final instrument was further refined by pilot testing with the intent of further clarifying the wording and layout of the instrument. Finally, the Association of Information Technology Professionals was surveyed using an online survey. The model was assessed using SmartPLS and a two-stage least squares analysis. Results indicate that a non-recursive relationship does indeed exist between threats and countermeasures and that countermeasures can be used to effectively frame an organization's use of countermeasures. Implications for practitioners include the ability to target the use of certain countermeasures to have desired effects on both ISS effectiveness and future threats. Additionally, the model put forth in this research can be used by practitioners to both assess their current ISS effectiveness as well as to prescriptively target desired levels of ISS effectiveness.
- Information systems success and technology acceptance within a government organization.
- Numerous models of IS success and technology acceptance their extensions have been proposed and applied in empirical. This study continues this tradition and extends the body of knowledge on the topic of IS success by developing a more comprehensive model for measuring IS success and technology acceptance within a government organization. The proposed model builds upon three established IS success and technology acceptance frameworks namely the DeLone and McLean (2003), Venkatesh et al.'s (2003) unified theory of acceptance and use of technology (UTAUT), and Wixom and Todd (2005). The findings from this study provide not only a comprehensive IS success assessment model but also insights into whether and how IS success models are influenced by application variables as applied within a government organization. Exploratory factor analysis and confirmatory factor analysis were performed for instrument refinement and validity test of the existing and proposed models. Using data from employees of a local government municipal, the comprehensive model explained 32 percent variance. Four of the hypothesis were fully supported five were not supported, and four were partially supported. In addition, the results suggest that behavioral intention may not be the best predictor of technology acceptance in a mandatory environment.
- IT Offshoring Success: A Social Exchange Perspective
- Spending by U.S. companies in offshore IT services continues at unprecedented levels despite a high failure rate. This study fills a gap in the existing literature by examining the client-vendor offshoring relationship through the theoretical lens of social exchange theory at the organizational level of analysis from the client's perspective. Social exchange theory focuses on the exchange of activities between two parties, whether they are individuals or companies and was used as a basis for examining the client and vendor relationship. Variables were identified by a review of the literature primarily from IT outsourcing and offshoring but also from general IT, marketing, sociology and organizational science literature. Data was collected using a field survey of Fortune 500 CIOs representing a population of organizations at the forefront of the offshoring phenomenon. The survey instrument was developed based on the adaptation of previously validated scales. Hypotheses regarding the correlations between social variables such as trust, communication, dependence, power, shared values and offshoring success were tested using Spearman's rho correlation. Seven of the hypotheses were supported, four hypotheses were not supported and one hypothesis was deemed not testable due to lack of information.
- Propensity for knowledge sharing: An organizational justice perspective.
Access: Use of this item is restricted to the UNT Community.
Converting individual knowledge into organizational knowledge can be difficult because individuals refuse to share knowledge for a number of different reasons. Creating an atmosphere of fairness plays an important role in the creation of a knowledge-sharing climate. This dissertation proposes that perceptions of organizational justice are crucial building blocks of that environment, leading to knowledge sharing. Data was collected using a field survey of IT managers representing a broad spectrum of the population in terms of organizational size and industry classification. The survey instrument was developed based on the adaptation of previously validated scales in addition to new items where no existing measures were found. Hypotheses regarding the influence of distributional, procedural, and interactional justice on knowledge sharing processes were tested using structural equation modeling techniques. Based on the theory of reasoned action, which states that attitudes and subjective norms are the major determinants of a person's intention, the hypotheses examining the relationship between attitude toward knowledge sharing, subjective norm and the intention to share knowledge were supported. However, results did not support the hypothesis exploring the relationship between the organizational climate and the intention to share knowledge. The results show that all three types of justice constructs are statistically significant antecedents of organizational climate and interactional justice is an antecedent of an attitude toward knowledge sharing. The study attempts to merge streams of research from sociology and organizational behavior by investigating organizational justice and knowledge management. It contributes to theory by the development of the survey instrument, comprised of seven constructs that were developed by incorporating multiple theories to address various aspects of knowledge sharing and provide application to practice and research. It is relevant to IT managers who need to know how to design information systems that are most effective in distributing knowledge throughout organizations.
- Reliable Prediction Intervals and Bayesian Estimation for Demand Rates of Slow-Moving Inventory
- Application of multisource feedback (MSF) increased dramatically and became widespread globally in the past two decades, but there was little conceptual work regarding self-other agreement and few empirical studies investigated self-other agreement in other cultural settings. This study developed a new conceptual framework of self-other agreement and used three samples to illustrate how national culture affected self-other agreement. These three samples included 428 participants from China, 818 participants from the US, and 871 participants from globally dispersed teams (GDTs). An EQS procedure and a polynomial regression procedure were used to examine whether the covariance matrices were equal across samples and whether the relationships between self-other agreement and performance would be different across cultures, respectively. The results indicated MSF could be applied to China and GDTs, but the pattern of relationships between self-other agreement and performance was different across samples, suggesting that the results found in the U.S. sample were the exception rather than rule. Demographics also affected self-other agreement disparately across perspectives and cultures, indicating self-concept was susceptible to cultural influences. The proposed framework only received partial support but showed great promise to guide future studies. This study contributed to the literature by: (a) developing a new framework of self-other agreement that could be used to study various contextual factors; (b) examining the relationship between self-other agreement and performance in three vastly different samples; (c) providing some important insights about consensus between raters and self-other agreement; (d) offering some practical guidelines regarding how to apply MSF to other cultures more effectively.
- A social capital perspective on IT professionals' work behavior and attitude.
Access: Use of this item is restricted to the UNT Community.
Abstract Attracting and developing information technology (IT) professionals is one of the top concerns for companies. Although much research has been conducted about the job behavior and attitudes of IT professionals over the last three decades, findings are inconclusive and contradictory. This suggests that something may be missing in how we examine this phenomenon. Most of this research is drawn from theories of motivation, very little examines the effect of social relationships on IT professionals' behavior and attitude. Yet, social capital theory suggests that job behavior and attitude may be greatly influenced by these relationships. This suggests that IT professionals' social capital warrants empirical examination. The primary research question that this dissertation addresses is how social capital affects IT professionals' work attitude and behavior including job satisfaction, organizational citizenship behavior, job performance and turnover intention. The research model in this dissertation examines the influence of three aspects of social capital on IT professionals' job attitude and work behavior: tie strength, the number of ties and the structural holes. Data were collected from 129 IT professionals from a range of jobs, organizations and industries. Results indicate that tie strength in the organization of an IT professional is positively related to job satisfaction. The number of ties outside an organization an IT professional has is also positively related to job performance. However, hypotheses about organizational citizenship behavior and turnover intention are not supported. Several implications for organizational executives and managers are offered based on findings.
- A Study of the Intent to Fully Utilize Electronic Personal Health Records in the Context of Privacy and Trust
- Government initiatives called for electronic health records for each individual healthcare consumer by 2014. the purpose of the initiatives is to provide for the common exchange of clinical information between healthcare consumers, healthcare providers, third-party payers and public healthcare officials.This exchange of healthcare information will impact the healthcare industry and enable more effective and efficient application of healthcare so that there may be a decrease in medical errors, increase in access to quality of care tools, and enhancement of decision making abilities by healthcare consumers, healthcare providers and government health agencies. an electronic personal health record (ePHR) created, managed and accessed by healthcare consumers may be the answer to fulfilling the national initiative. However, since healthcare consumers potentially are in control of their own ePHR, the healthcare consumer’s concern for privacy may be a barrier for the effective implementation of a nationwide network of ePHR. a technology acceptance model, an information boundary theory model and a trust model were integrated to analyze usage intentions of healthcare consumers of ePHR. Results indicate that healthcare consumers feel there is a perceived usefulness of ePHR; however they may not see ePHR as easy to use. Results also indicate that the perceived usefulness of utilizing ePHR does not overcome the low perceived ease of use to the extent that healthcare consumers intend to utilize ePHR. in addition, healthcare consumers may not understand the different components of usage: access, management, sharing and facilitating third-party ePHR. Also, demographics, computer self-efficacy, personal innovativeness, healthcare need and healthcare literacy impact a healthcare consumer’s privacy concerns and trusting intentions in the context of ePHR and intent to utilize ePHR. Finally, this research indicates that healthcare consumers may need a better understanding of the Health Insurance and Portability and Accountability Act of 1996 (HIPAA) regulations of ePHR as well as a better understanding of the impact HIPAA has on websites that may facilitate ePHR.