Search results

Despite significant amounts of environmental management tools that are available for companies to use, no model guides them toward environmental excellence. As a consequence, the purpose of this paper is to develop an environmental management maturity (EMM) model that helps companies that are on the path toward environmental excellence.

An iterative process was used to develop this model, starting with some semi-structured interviews with 19 companies within the Basque Country and two workshops with environmental experts. Following these steps, the initial version of the model was developed. Data from subsequent surveys carried out in Spanish and Italian companies, and a survey and semi-structured interviews in companies in the UK were incorporated into the model, yielding the final, more robust version of the EMM model.

The EMM model proposes six maturity stages: legal requirements, responsibility assignment and training, systematization, ECO², eco-innovative products and services, and leading green company. Each stage details a series of elements: description, agents involved, policies, tools, indicators, structure, and behavior over time graphs. This research confirms that a company’s environmental management evolves through several distinctive stages, regardless of the industrial sector.

The proposed model concludes that the defined maturity stages provide valuable guidance for industrial firms as it helps them identify their maturity stage as well as the steps they should follow to move to the next stage.

This research paper aims to examine how incident‐reporting systems function and particularly how the steady growth of high‐priority incidents and the semi‐exponential growth of low‐priority incidents affect reporting effectiveness. Social pressures that can affect low‐ and high‐priority incident‐reporting rates are also examined.

The authors reviewed the incident‐reporting system literature. As there are few studies of information security reporting systems, they also considered safety‐reporting systems. These have been in use for many years and much is known about them. Safety is used to “fill in the gaps”. The authors then constructed a system dynamics computer simulation model. The model is used to test how an incident‐reporting system reacts under different conditions.

Incident reporters face incentives and disincentives based on effects on through‐put but have limited knowledge of what is important to the organization's security. Even if a successful incident‐reporting policy is developed, the organization may become the victim of its own success, as a growing volume of reports put higher pressure on incident‐handling resources. Continuously hiring personnel is unsustainable. Continuously improving automated tools for incident response promises more leverage.

The challenges in safety may not be the same as those in information security. However, the model does provide a starting‐point for further enquiries into information security reporting systems.

An examination of basic factors that affect information security reporting systems is provided. Four different policies are presented and examined through simulation scenarios.

This study aims to present a resilience framework for critical infrastructures (CIs) taking into account internal and external stakeholders involved in a crisis situation and covering the four resilience dimensions defined in the literature, as well as providing practical policies to facilitate their implementation in practice.

The research methodology consists of an iterative process in which different research methods such as group model building, multiple case study and Delphi method are applied to gather knowledge from experts in the field.

This study presents a holistic and easily applicable framework for CIs where: first, a list of resilience policies is defined and second, the influence of each resilience policy in the three resilience life-cycle stages is assessed.

This study overcomes three of the main limitations that current resilience building frameworks have: some of them only focus on one resilience dimension without covering the four resilience dimensions of resilience, most of them only focus on internal stakeholders without taking into account external stakeholders, and finally, most frameworks limit to describe the framework theoretically without explaining how it can be implemented in practice.

Disasters are complex phenomena, by diverse nature and whose management is complicated. An efficient analysis of potential impacts that may result as consequence of a disaster has to be conducted to improve the preparation and response in face of future events.

A review of impact evaluation methodologies and real disasters’ impacts has been performed to develop an impact indicators’ framework. Then, a questionnaire has been administered to critical infrastructure (CI) operators to identify CI dependencies and their consequences.

A proper impact analysis improves learning about the consequences of a disaster and the way those impacts should be managed. Moreover, current impact evaluation methodologies do not make special focus on CIs even if their proper functioning is essential for society’s welfare. Crisis managers such as civil protection, emergency services and local authorities among others need to be aware of the importance of critical infrastructure s when managing a disaster. Also crisis managers and managers of CIs need to know how dependencies make impacts spread from one CI to others or to different sectors.

Through an efficient management, the development of preventive measures and response programs can help to mitigate impacts’ harshness for CIs and for the whole society and may even prevent future disasters. However, if crisis managers and managers of CIs are unaware of disasters consequences, their management will result inefficient.

A holistic and dynamic analysis of disaster impacts has been performed. The integration of impact indicators together with their behaviour over time analysis will help improving future crises management.

Identifying the criteria that effectively drive innovation in universities is critical to assessing their innovation maturity level, and hence, planning for the improvements required to reach a target level. This paper aims to propose a three-phase approach to develop a multidimensional maturity assessment framework used by university decision-makers to determine their level of innovation readiness.

First, a systematic collection of evaluation criteria from the literature is conducted. The results are mapped into different categories in a hierarchical and multidimensional way, and validated by experts. The second phase aims to identify the critical factors and their priorities, which are determined using analytic network process (ANP). To facilitate that, a panel of thirteen experts is formed and questionnaires are sent to rank the importance of the criteria and their elements. Finally, a maturity assessment tool is developed to complement the framework, allowing decision-makers to determine the level of innovation maturity with respect to each dimension and the overall position.

Results revealed three clusters, eight criteria and 26 subcriteria related to innovation in universities. The findings about the relative importance of the various attributes are reflected in the developed assessment tool and taken into consideration in the maturity indices computation approach.

To the best of the authors’ knowledge, this is the first attempt to develop a comprehensive list of innovation success drivers in universities and to use this list to design an innovation maturity assessment framework

Public–private partnership (PPP) has been adopted in many areas especially within the architecture, engineering and construction research domain. However, the PPP in critical infrastructure resilience (CIR) has not received the needed attention even though it has been acclaimed to be the panacea for building infrastructure resilience. This paper aims to adopt a systematic review to proactively identify the risks factors that pertains to using PPP as a mechanism to build the resilience of critical infrastructure.

Using a systematic methodology, a total record of 51 academic publications and 5 institutional reports from reputable organizations were identified and analyzed.

The selected literature was subjected to content analysis to retrieve 46 risk factors in PPP in CIR. The outcome of the systematic revealed the topmost risks as corruption, natural and unavoidable catastrophes, wars, terrorism, sabotage, cost overrun issues, a lack of centralized mechanism for coordinating integrated actions, inconsistent government policies, inadequate supervision, high operational cost due to robust and redundant measure, lack of supporting infrastructure, lack of open and integrated communication, unstable government, political interference, lack of PPP experience and legislation change. A conceptual framework was developed by grouping the identified risks under 13 categories.

The outcome of this study will be a guide for decision makers and stakeholders with the responsibility of building the resilience of critical infrastructure.

The study contributes to CIR research area by providing an in-depth knowledge on risks that are inherent in PPP in CIR.

This paper proposes a maturity model (MM) for assessing disaster operations and identifying strategies for organisations to evolve their maturity stages.

This study applies a systematic literature review to identify state-of-the-art work related to maturity models for disaster operations. In addition, the study develops a case study to validate the proposed maturity model in a generic scenario and two real-life scenarios.

The analysis of 158 papers in the literature resulted in identifying 8 maturity models for disaster operations. Based on their structure, the authors proposed a new model with five maturity stages suitable for any of the four phases of the disaster life cycle (i.e. mitigation, preparedness, response and recovery). In addition, the research identified and presents 24 strategies for improving disaster operations according to each maturity stage transition. Finally, the research presents a case study that evaluates the disaster response operations from a Civil Defense organisation considering a response scenario disaster in general, a flood scenario, and the COVID-19 pandemic scenario.

This study provides the following three main contributions useful for academics and practitioners in the disaster operations area: a new maturity model for assessing disaster operations, a strategy guide for improving disaster operations based on a maturity evolution and an empirical study exploring the approximation between academia and professionals involved in real-life disaster operations management.

The frequent and increasingly potent cyber-attacks because of lack of an optimal mix of technical as well as non-technical IT controls has led to increased adoption of security governance controls by organizations. The purpose of this paper, thus, is to construct and empirically validate an information security governance (ISG) process model through the plan–do–check–act (PDCA) cycle model of Deming.

This descriptive research using an interpretive paradigm follows a qualitative methodology using expert interviews of five respondents working in the ISG domain in United Arab Emirates (UAE) to validate the theoretical model.

The findings of this paper suggest the primacy of the PDCA Deming cycle for initiating ISG through a risk-based approach assisted by industry-wide best practices in ISG. Regarding selection of ISG frameworks, respondents preferred to have ISO 27K supported by NIST as the core framework with other relevant ISG frameworks/standards forming the peripheral layer. The implementation focus of the ISG model is on mapping ISO 27K/NIST IT controls relevant IT controls selected from ISG frameworks from a horizontal and vertical perspective. Respondents asserted the automation of measurement and control mechanism through automation to assist in the feedback loop of the PDCA cycle.

The validated model helps academics and practitioners gain insight into the methodology of the phased implementation of an information systems governance process through the PDCA model, as well as the positioning of ITG and ITG frameworks in ISG. Practitioners can glean valuable insights from the empirical section of the research where experts detail the success factors, the sequential steps and justification of these factors in the ISG implementation process.