Considers TQM from a cultural perspective using the influence of Confucian work dynamism and Chinese cultural beliefs on Hong Kong companies. Asks if these cultural beliefs…
Abstract
Considers TQM from a cultural perspective using the influence of Confucian work dynamism and Chinese cultural beliefs on Hong Kong companies. Asks if these cultural beliefs conflict with modern quality management philosophy and presents the findings of research covering Chinese literature, experts in Chinese philosophy and Hong Kong TQM experts. Outlines research methods and concludes that there are relevant principles which can be used when implementing TQM.
Details
Keywords
Kwo‐Shing Hong, Yen‐Ping Chi, Louis R. Chao and Jih‐Hsing Tang
With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been…
Abstract
Purpose
With the popularity of e‐commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been assumed to be an effective managerial measure to elevate an organization's security level. This paper attempts to investigate the dominant factors for an organization to build an ISP, and whether an ISP may elevate an organization's security level?
Design/methodology/approach
A survey was designed and the data were collected from 165 chief information officers in Taiwan.
Findings
The empirical results show that some organizational characteristics (business type and MIS/IS department size) might be good predictors for the ISP adoption and that the functions, contents, implementation and procedures of an ISP may significantly contribute to managers' perceived elevation of information security.
Practical implications
Building or adopting an ISP is examined empirically to be an effective managerial measure to elevate its security level in Taiwan, and that the building of an information security should focus on the comprehensiveness of its contents, procedures and implementation items, rather than on the documents only.
Originality/value
Few empirical studies have been conducted so far to examine the effectiveness of an ISP, thus the value of this paper is high.
Details
Keywords
Adedeji O. Esan, Mohammed K. Khan, Hong S. Qi and Craig Naylor
Cost reduction through the use of technology has become the competitive strength of companies. The benefits of technology integration are quite credible and have been effective in…
Abstract
Purpose
Cost reduction through the use of technology has become the competitive strength of companies. The benefits of technology integration are quite credible and have been effective in business competition. The purpose of this paper is to describe an integrated manufacturing strategy for the deployment of a CAD/CAM system in a small, medium manufacturing enterprise (SMME).
Design/methodology/approach
A case study of a SMME is utilised in deploying an integrated CAD/CAM system for practical application of manufacturing technology for achieving sustainable growth through lean systems design (LSD). The paper presents a techno‐economic and technology change management framework, with an application of a holistic set of lean deployment tools that include establishing a strategic and operational plan for implementing CAD/CAM systems as a means to achieving world‐class performance.
Findings
The paper shows that the CAD/CAM integration within the case company increased knowledge of CAD/CAM technology, productivity, and flexibility whilst reducing throughput times. Based on the literature review and the current case study, a framework for ideal CAD/CAM implementation has been proposed. The paper also shows that management and organisational structures are key inhibitors for successful implementation of technology integration.
Research limitations/implications
The paper uses a single case study to validate deployment of the integrated manufacturing strategy in SMMEs. Hence there is a limitation to its generality.
Practical implications
The paper provides an opportunity to further understand CAD/CAM system implementation protocols within a well structured framework and its configuration within SMMEs.
Social implications
The CAD/CAM implementation framework will allow the SMMEs to achieve Lean manufacturing (thereby minimising wastes) leading to improved growth and employment rates.
Originality/value
The presentation of conceptualisation, development and implementation of an integrated CAD/CAM system in support of organisational wide Lean manufacturing initiative in SMMEs is an originality of this paper.
Details
Keywords
Malik Muneer Abu Afifa, Tho Hoang Nguyen, Lien Thuy Le Nguyen, Thuy Hong Thi Tran and Nhan Thanh Dao
This study aims to examine the relationship between blockchain technology (BCT) adoption and firm performance (FIP) mediated by cyber-security risk management (CSRM) in the…
Abstract
Purpose
This study aims to examine the relationship between blockchain technology (BCT) adoption and firm performance (FIP) mediated by cyber-security risk management (CSRM) in the context of Vietnam, a developing country. Besides, the mediating effect of risk-taking tendency (RTT) has been considered in the BCT–CSRM nexus.
Design/methodology/approach
Data is collected using a survey questionnaire of Vietnamese financial firms through strict screening steps to ensure the representativeness of the population. The ending pattern of 449 responses has been used for analysis.
Findings
The findings of partial least squares structural equation modeling demonstrated that CSRM has a positive effect on FIP and acts as a mediator in the BCT–FIP nexus. Furthermore, RTT moderates the relationship between BCT and CSRM significantly.
Practical implications
This study introduces the attractive attributes of applying BCT to CSRM. Accordingly, managers should rely on BCT and take advantage of it to improve investment resources, business activities and functional areas to enhance their firm's CSRM. Especially, managers should pay attention to enhancing their RTT, which improves FIP.
Originality/value
This study supplements the previous literature in the context of CSRM by indicating favorable effects of BCT and RTT. Additionally, this study identifies the effectiveness of RTT as well as its moderating role. Ultimately, this paper has been managed as a pioneering empirical study that integrates BCT, RTT and CSRM in the same model in a developing country, specifically Vietnam.
Details
Keywords
Information security is an essential element in all business activities. The damage to businesses from information security breaches has become pervasive. The scope of information…
Abstract
Purpose
Information security is an essential element in all business activities. The damage to businesses from information security breaches has become pervasive. The scope of information security has widened as information has become a critical supply chain asset, making it more important to protect the organization’s data. Today’s global supply chains rely upon the speedy and robust dissemination of information among supply chain partners. Hence, processing of accurate supply chain information is quintessential to ensure the robustness and performance of supply chains. An effective information security management (ISM) is deemed to ensure the robustness of supply chains. The purpose of the paper is to examine the impact of information security initiatives on supply chain robustness and performance.
Design/methodology/approach
Based on extant literature, a research model was developed and validated using a questionnaire survey instrument administered among information systems/information technology managers. Data collected were analyzed using exploratory and confirmatory factor analysis. Further, to test the hypotheses and to fit the theoretical model, Structural equation modeling techniques were used.
Findings
Results of this study indicated that information security initiatives are positively associated with supply chain robustness and performance. These initiatives are likely to enhance the robustness and performance of the supply chains.
Originality/value
With the advancements in internet technologies and capabilities as well as considering the dynamic environment of supply chains, this study is relevant in terms of the capability that an organization needs to acquire with regards to ISM. Benefiting from the resource dependency theory, information security initiatives could be considered as a critical resource having an influence on the internal and external environment of supply chains.
Details
Keywords
Effective information security management (ISM) contributes to building a healthy organizational digital ecology. However, few studies have built an analysis framework for…
Abstract
Purpose
Effective information security management (ISM) contributes to building a healthy organizational digital ecology. However, few studies have built an analysis framework for critical influencing factors to discuss the combined influence mechanism of multiple factors on ISM performance (ISMP). This study aims to explore the critical success factors and understand how these factors contribute to ISMP.
Design/methodology/approach
This study used a mixed-method approach to achieve this study’s research goals. In Study 1, the authors conducted a qualitative analysis to take a series of International Organization for Standardization/International Electrotechnical Commission standard documents as the basis to refine the critical factors that may influence organizations’ ISMP. In Study 2, the authors built a research model based on the organizational control perspective and used the survey-based partial least squares-based structural equation modeling (PLS-SEM) approach to understand the relationships between these factors in promoting ISMP. In Study 3, the authors used the fuzzy set qualitative comparative analysis (fsQCA) method to empirically analyze the complex mechanisms of how the combinations of the factors affect ISMP.
Findings
The following three research findings are obtained. First, based on the text-based qualitative analysis, the authors refined the critical success factors that may increase ISMP, including information security policies (ISP), top management support (TMS), alignment (ALI), information security risk assessment (IRA), information security awareness (ISA) and information security culture (ISC). Second, the PLS-SEM testing results confirmed TMS is the antecedent variable motivating organization’s formation (ISP) and information control (ISC) approaches; these two types of organization control approaches increase IRA, ISA and ALI and then promote ISMP directly and indirectly. Third, the fsQCA testing results found two configurations that can achieve high ISMP and one driving path that leads to non-high ISMP.
Originality/value
This study extends knowledge by exploring configuration factors to improve or impede the performances of organizations’ ISM. To the best of the authors’ knowledge, this study is one of the first to explore the use of the fsQCA approach in information security studies, and the results not only revealed causal associations between single factors but also highlighted the critical role of configuration factors in developing organizational ISMP. This study calls attention to information security managers of an organization should highlight the combined effect between the factors and reasonably allocate organizational resources to achieve high ISMP.
Details
Keywords
This paper seeks to empirically examine the existence and implementation of information security governance (ISG) in Saudi organizations.
Abstract
Purpose
This paper seeks to empirically examine the existence and implementation of information security governance (ISG) in Saudi organizations.
Design/methodology/approach
An empirical survey, using a self‐administered questionnaire, is conducted to explore and evaluate the current status and the main features of ISG in the Saudi environment. The questionnaire is developed based on ISG guidelines for boards of directors and executive management issued by the Information Technology (IT) Governance Institute and other related materials available in the literature. A total of 167 valid questionnaires are collected and processed using the Statistical Package for Social Sciences, version 16.
Findings
The results of the study reveal that although the majority of Saudi organizations recognize the importance of ISG as an integrant factor for the success of IT and corporate governance, most of them have no clear information security strategies or written information security policy statements. The majority of Saudi organizations have no disaster recovery plans to deal with information security incidents and emergencies; information security roles and responsibilities are not clearly defined and communicated. The results also show that alignment between ISG and the organization's overall business strategy is relatively poor and not adequately implemented. The results also show that risk assessment procedures are not adequately and effectively implemented, ISG is not a regular item in the board's agenda, and there are no properly functioning ISG processes or performance‐measuring systems in the majority of Saudi organizations. Accordingly, appropriate actions should be taken to improve implementing and measuring the ISG performance in Saudi organizations.
Originality/value
From a practical standpoint, managers and practitioners alike stand to gain from the findings of this study. The results of the paper enable them to better understand and evaluate ISG and to champion IT development for business success in Saudi organizations.
Details
Keywords
Suhazimah Dzazali and Ali Hussein Zolait
The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations. Therefore, it…
Abstract
Purpose
The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations. Therefore, it proposes an empirical analysis which was conducted to identify the antecedents of the information security maturity (ISM) of an organization; and to clarify the relationship between ISM and the social and technical factors identified.
Design/methodology/approach
This study uses quantitative approach, convenience sampling and the required data collected from 970 key players' managers in information security, in a total of 722 government agencies, through a self‐administrated survey. Research adopted the Wallace et al. process to develop and validate the study's instrument.
Findings
The paper provides empirical insights and reveals a number of underlying dimensions of social factors and one technical factor. The risk management was found to be the formal coping mechanism adopted in the MPS organizations and is the leading factor towards ISM. The social factors have the most influence on MPS organizations' ISM. Findings demonstrate that two independent variables, risk management and individual perception, discriminate between those organizations that have high and low ISM.
Research limitations/implications
The research results may lack generalization; therefore, researchers are encouraged to test the proposed propositions further in a different context.
Practical implications
The paper includes implications for the development of a powerful instrument in explaining the ISM. Moreover, it helps internal stakeholders of an organization to formulate a more appropriate policy or give a more effective focus on issues that are really relevant to MPS information security management.
Originality/value
This paper fulfils the identified need to explore determinants of information security maturity.
Details
Keywords
The purpose of this empirical research is to attempt to explore the effect of information security initiatives (ISI) on supply chain performance, considering various intra- and…
Abstract
Purpose
The purpose of this empirical research is to attempt to explore the effect of information security initiatives (ISI) on supply chain performance, considering various intra- and inter-organization information security aspects that are deemed to have an influence on supply chain operations and performance.
Design/methodology/approach
Based on extant information security management and supply chain security management literature, a conceptual model was developed and validated. A questionnaire survey instrument was developed and administered among supply chain managers to collect data. Data were collected from 197 organizations belonging to various sectors. The study used exploratory and confirmatory factor analysis for data analysis. Further, to test the hypotheses and to fit the theoretical model, structural equation modeling techniques were used.
Findings
Results of this study indicate that ISI, comprising technical, formal and informal security aspects in an intra- and inter-organizational environment, are positively associated with supply chain operations, which, in turn, positively affects supply chain performance.
Research limitations/implications
This study provides the foundation for future research in the management of information security in supply chains. Findings are expected to provide the communities of practice with better information security decision-making in a supply chain context, by clearly formulating technical, formal and informal information security policies for improving supply chain performance.
Originality/value
In today’s global supply chain environment where competition prevails among supply chains, this research is relevant in terms of capability that an organization has to acquire for managing internal and external information security. In that sense, this study contributes to the body of knowledge with an empirical analysis of organizations’ information security management initiatives as a blend of technical, formal and informal security aspects.
Details
Keywords
Abhishek Narain Singh, M.P. Gupta and Amitabh Ojha
Despite many technically sophisticated solutions, managing information security has remained a persistent challenge for organizations. Emerging IT/ICT media have posed new…
Abstract
Purpose
Despite many technically sophisticated solutions, managing information security has remained a persistent challenge for organizations. Emerging IT/ICT media have posed new security challenges to business information and information assets. It is felt that technical solutions alone are not sufficient to address the information security challenge. It has been argued that organizations also need to consider the management aspects of information security. Consequently, literature, especially in the last decade, has witnessed various scholarly works in this direction. Therefore, a synthesis exercise is required to bring clarity on categorizing the issues of organizational information security management (ISM) to take the research forward. The purpose of this paper is to identify management factors that address organizational information security challenges.
Design/methodology/approach
Using a mix method approach, the paper adopts the qualitative (keyword analysis and experts’ opinion) and quantitative (questionnaire survey) research routes. Exploratory factor analysis is conducted to find out the key factors of organizational ISM.
Findings
The paper categorizes various organizational ISM functions into ten factors. Spanning across three levels (strategic, tactical and operational), these factors cover various management issues of organizational ISM.
Originality/value
The paper takes the ISM literature forward by statistically validating the key management factors of organizational ISM. The study outcome should help to draw the attention of organizations toward the managerial challenges of organizational ISM.