The discipline of information security management is still in its infancy as evidenced by the lack of empirical scholarly work in this area. Most research within the information security domain focuses on specific technologies and algorithms and how it impacts the principles of confidentiality, integrity, and availability. But, an important area receiving little attention is the antecedents of effective information security management at the organizational level (Stanton, Guzman, Stam & Caldera, 2003). The little empirical research that has been conducted in this area has shown that information security management in many organizations is poor (Baskerville, 1993; Shimeall & McDermott, 1999). Several researchers have identified the need for methods to measure the organization-wide information security posture of organizations (Eloff & Von Solms, 2000; James, 1996). This dissertation attempts to measure the organization-wide information security posture by examining benchmark variables that assess role, planning orientation, and performance structure within the organization. Through this conceptualization of an organization's information security posture, a means is presented to measure overall information security and how it impacts the effective utilization of information security strategies. The presence of the dependent variable, effectiveness, gives academics and practitioners a success measure which can guide more effective decision making in …

Organizations expend a great deal of time, effort and money on the implementation of enterprise resource planning (ERP) systems. They are considered the price of entry for large organizations to do business. Yet the success rate of ERP systems is poor. IS literature suggests that one possible reason for this is the underutilization of these systems. Existing ERP literature is replete with research to improve ERP project implementation success; however, notably absent from these streams is the research that identifies how ERP systems are utilized by individuals or organizations. This dissertation posits that increased ERP utilization can result from increased software and business process understanding gained from both formal training and experiential interventions. New dimensions of system utilization (required vs. optional) are proposed. The purpose of this dissertation is to examine how these interventions impact ERP utilization. The results of this dissertation show that while software-training interventions are important to understanding, it is the business process training interventions that seem to provide the greater effect on understanding. This increased understanding positively affects utilization scenarios where a mixture (required vs. optional) of software features and business process tasks can be leveraged by end-users. The improved understanding of post-adoptive ERP utilization gained …

This study empirically examines the impact of IT capability on firms' performance and evaluates whether firms' IT capabilities play a role in improving employee capability, customer value, customer satisfaction, and ultimately business performance. The results were based on comparing the business performance of the IT leader companies with that of control companies of similar size and industry. The IT leader companies were selected from the Information Week 500 list published annually from 2001 to 2004. For a company to be selected as IT leaders, it needed to be listed at least twice during the period. Furthermore, it had to be listed in the American Customer Satisfaction Index (ACSI) so that its customer satisfaction level could be assessed. Standard & Poor's Compustat and the ACSI scores were used to test for changes in business performance. The study found that the IT leaders had a raw material cost measured by cost-of-goods-sold to sales ratio (COGS/S) than the control companies. However, it found no evidence that firms' IT capability affects employee capability, customer value, customer satisfaction, and profit. An important implication from this study is that IT becomes a commodity and an attempt to gain a competitive advantage by overinvesting in IT may …

This research seeks to derive and examine a multidimensional definition of information security awareness, investigate its antecedents, and analyze its effects on compliance with organizational information security policies. The above research goals are tested through the theoretical lens of technology threat avoidance theory and protection motivation theory. Information security awareness is defined as a second-order construct composed of the elements of threat and coping appraisals supplemented by the responsibilities construct to account for organizational environment. The study is executed in two stages. First, the participants (employees of a municipality) are exposed to a series of phishing and spear-phishing messages to assess if there are any common characteristics shared by the phishing victims. The differences between the phished and the not phished group are assessed through multiple discriminant analysis. Second, the same individuals are asked to participate in a survey designed to examine their security awareness. The research model is tested using PLS-SEM approach. The results indicate that security awareness is in fact a second-order formative construct composed of six components. There are significant differences in security awareness levels between the victims of the phishing experiment and the employees who maintain compliance with security policies. The study extends the theory by …

The increasing awareness of data mining technology, along with the attendant increase in the capturing, warehousing, and utilization of historical data to support evidence-based decision making, is leading many organizations to recognize that the effective use of data is the key element in the next generation of client-server enterprise information technology. The concept of data mining is gaining acceptance in business as a means of seeking higher profits and lower costs. To deploy data mining projects successfully, organizations need to know the key factors for successful data mining. Implementing emerging information systems (IS) can be risky if the critical success factors (CSFs) have been researched insufficiently or documented inadequately. While numerous studies have listed the advantages and described the data mining process, there is little research on the success factors of data mining. This dissertation identifies CSFs in data mining projects. Chapter 1 introduces the history of the data mining process and states the problems, purposes, and significances of this dissertation. Chapter 2 reviews the literature, discusses general concepts of data mining and data mining project contexts, and reviews general concepts of CSF methodologies. It also describes the identification process for the various CSFs used to develop the research framework. …

In information systems design there are two schools of thought about what factors are necessary to create a successful information system. The first, conventional view holds that system performance is a key, so that efficiency characteristics such as system usability and task completion time are primary concerns of system designers. The second, emerging view holds that the visual design is also the key, so that visual interface characteristics such as visual appeal, in addition to efficiency characteristics, are critical concerns of designers. This view contends that visual design enhances system use. Thus, this work examines the effects of visual design on computer systems. Visual design exerts its influence on systems through two mechanisms: it evokes affective responses from IT users, such as arousal and pleasure and it influences individuals’ cognitive assessments of systems. Given that both affective and cognitive reactions are significant antecedents of user behaviors in the IT realm, it is no surprise that visual design plays a critical role in information system success. Human-computer-interaction literature indicates that visual aesthetics positively influences such information success factors as usability, online trust, user satisfaction, flow experience, and so on. Although academic research has introduced visual design into the Information Systems (IS) …