Managing security risks for inter-organisational information systems: a multiagent collaborative model

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation’s information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation’s information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation’s analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.     

Incentives for knowledge sharing: impact of organisational culture and information technology

This research presents and examines an analytical model of knowledge management in which organisational culture dynamically improves with knowledge-sharing and learning activities within organisations. We investigate the effects of organisational incentives and the level of information technology on the motivation of knowledge sharing. We derive a linear incentive reward structure for knowledge sharing under both homogeneous and heterogeneous conditions. In addition, we show how the organisational culture and the optimum linear sharing reward change with several crucial factors, and summarise three sets of methods (strong IT support, congruent organisational culture, and effective employee assessment) to complement the best linear incentive. Our research provides valuable insights for practitioners in terms of implementing knowledge-management initiatives.     

基于网络信息共享的售后服务管理

随着公司业务的快速发展,在保产品数量大幅增加,在故障率一定前提下,售后服务次数大幅上升,服务人员工作量也随之上升。文章介绍了售后服务网络平台的设计、运用及其对提升公司售后服务的关键作用。     

Supply chain practice and information sharing

Effective supply chain practice and information sharing enhances the current supply chain management environment. The purpose of this study is to investigate the integration of information sharing and supply chain practice in supply chain management. Data from 125 North American manufacturing firms were collected. The results show that (1) effective information sharing significantly enhances effective supply chain practice; (2) supply chain dynamism has significant positive influence on effective information sharing as well as effective supply chain practice. Supply chain dynamism has more influence on information sharing than supply chain practice; (3) and effective supply chain practice becomes more important when the level of information sharing increases. The findings show that both effective information sharing and effective supply chain practice are critical in achieving good supply chain performance.     

浅析分局调度信息系统的安全管理

分局调度信息系统的安全管理是关系到运输安全的重大问题,文章认为要应尽快加强铁路调度信息系统的安全管理,加强人控与机控的密切配合,高科技与传统设备的配合,充分考虑应用维护和安全保障,并不断完善系统的安全网络,以确保铁路调度信息系统的安全。     

Reciprocity, asymmetry and information sharing in manufacturer-dealer networks

This paper reports on an exploratory study of factors affecting the degree of voluntary information sharing by dealers in a distribution network. The dealer network of a manufacturer of materials for the construction and manufacturing industries provided the setting for the study. Results suggest that information sharing behaviour is shaped by mixed motives. Resource flows and dealer perceptions of the manufacturer's role performance emerged as the most important predictors of information sharing by dealers. Intrachannel competition was also negatively related to the flow of information from dealers. Implications for interorganizational theory and channel management are discussed in a concluding section.     

构建安全可靠的电力管理信息系统

电力管理信息系统是现代企业发展的重要部分,对于国家电力网建设有着重要的意义。随着计算机网络技术的不断发展,网络自动化管理系统在电力行业中得到了广泛的运用,这对于新时期电力系统构建有着积极意义。因而,采取有效的措施维护电力管理信息系统的安全,营造良好的系统运行环境是很有必要的。文章重点分析了电力管理信息系统的安全策略。     

Controlled information destruction: the final frontier in preserving information security for every organisation

Information security represents the cornerstone of every data processing system that resides in an organisation’s trusted network, implementing all necessary protocols, mechanisms and policies to be one step ahead of possible threats. Starting from the need to strengthen the set of security services, in this article we introduce a new and innovative process named controlled information destruction (CID) that is meant to secure sensitive data that are no longer needed for the organisation’s future purposes but would be very damaging if revealed. The disposal of this type of data has to be controlled carefully in order to delete not only the information itself but also all its splinters spread throughout the network, thus denying any possibility of recovering the information after its alleged destruction. This process leads to a modified model of information assurance and also reconfigures the architecture of any information security management system. The scheme we envisioned relies on a reshaped information lifecycle, which reveals the impact of the CID procedure directly upon the information states.     

Managing Cultural Diversity in Collaborations: A focus on management tensions

Abstract

This article explores the management of cultural diversity in public and not-for-profit collaborations spanning organizational, professional and national boundaries. Through the framing of a culture paradox, it identifies three interrelated tensions pertaining to the management of cultural diversity towards collaborative advantage. These tensions address: interactions between organizations within a collaboration; interactions between individual actors and their orientation towards the collaboration and their host organization; and the quantity and extent of cultural diversity within a collaboration. The culture paradox and its inherent management tensions provide theoretical and practical conceptualizations that are relevant to management and governance of collaboration.     

High-involvement information sharing practices: an international perspective

The type of information shared within organizations is a key aspect of strategic human resources management. In this exploratory study, we expand our understanding of high-performance work systems (HPWSs) by examining the information sharing practices of firms operating in different countries to assess the extent that high-involvement-oriented information sharing in organizations is influenced by home-country economic structures and national cultural factors. We assess firm-level data from a 12-country sample to evaluate the use of formal information sharing practices for non-managerial employees. The results of our analysis support the contention that information sharing practices varies by country, and that cultural similarities based on geographical region exist within the three information content areas of business strategy, financial performance, and organization of work. Specifically, we found significant variance in information sharing practices of firms based in different countries but homogeneity of practices among geographical neighbors. There is a modest positive relationship between sharing business strategy information and perceived firm performance that is significantly stronger in North America compared to other regions. These results have important implications for the ongoing theoretical development of mechanisms underlying the use of HPWS practices in an international context.     

供应链中信息共享的障碍及对策分析

文中阐述了供应链中信息共享的作用,对供应链中实现信息共事存在的障碍进行了分析,基于委托--代理机制和现代信息技术,提出了实现供应链信息共享的方法与对策.     

Integrating hotel environmental strategies with management control: a structuration approach

This study addresses the development of environmental strategies and associated management control in the international hotel industry, a sector of major economic and environmental impact hitherto largely neglected in the environmental management and accountability literature. The low key level of commitment to environmental management currently exhibited by the industry is considered in the context of dominant systems of hotel management performance evaluation and control, as well as the industry's current strategic management and budgetary practices. Informed by Giddens' structuration theory, the study offers a new theoretical framework, environmentally efficient resourcing, as a structured approach to the development of hotel environmental strategy and its management. Copyright © 2006 John Wiley & Sons, Ltd and ERP Environment.     

A map traceability management scheme for security control

ABSTRACT

A map traceability management scheme for security control is proposed utilising visual cryptography and Quick Response Code. The map information is classified into two categories: the public information MPI and the traceable map information MTI, and they are both converted into QR codes. Map shares MS and control shares CS are generated according to extended multiple visual cryptographic scheme. MPI can be obtained by scanning the MS, while MTI can be got by overlaying the MS on CS which is only accessible to management units, so it can identify every map and provide the basis for the traceability management.     

Corporate risk management and asymmetric information

We discuss the effect of information on corporate risk management decisions when the information is asymmetric between the insider and the market. We suggest an explanation for previous contradiction between existing theories and empirical findings, which state that fewer small firms choose to hedge. We consider two different scenarios of information revelation to the market, and find hedging cost is not the main reason preventing firms from hedging. Rather asymmetric information plays the decisive role in a firm's risk management policy. One of the empirical implications we find is that cash flows with high variances may discourage firms from hedging even when they face high financial distress costs.     

Human resource management control system and firm performance: a contingency model of corporate control

This study explores how corporate controls used by the parent company of a conglomerate affect subsidiaries' human resource management (HRM) control–performance relationship. Empirical results from 93 firms reveal that the appropriate use of HRM control systems was a contributing factor to firm performance. When a subsidiary's approach to HRM was based on behavior control, performance was lower when the parent company emphasized financial control. When a subsidiary's approach to HRM was based on output control, performance was higher when the parent company emphasized either strategic or financial control. When a subsidiary's approach to HRM was based on input control, performance was higher when the parent company emphasized strategic control.     

Green supply chain integration and financial performance: A social contagion and information sharing perspective

Although green supply chain integration (GSCI) has received wide attention, how it diffuses among supply chain members to affect the manufacturer's performance is still unclear. This study examines the relationships among GSCI, information sharing, and financial performance from a social contagion lens. By conceptualizing GSCI into three forms, two types of contagion mechanisms (i.e., cohesion and structural equivalence) were identified to investigate the underlying contagion effects between different forms of GSCI and the effects of various GSCI on information sharing and financial performance. Survey data were collected from 206 Chinese manufacturers and analyzed using structural equation modeling to test hypotheses. The results indicate that green supplier integration directly promotes green internal integration, green customer integration, and information sharing with suppliers. Green internal integration positively influences green customer integration and financial performance. Green customer integration enhances information sharing with customers. Both information sharing with suppliers and customers improve financial performance. This study contributes to the GSCI literature and provides novel managerial implications for manufacturers.     

会计信息系统管理和控制标准制定的探讨

COBIT是国际上公认的进行IT治理的最先进和最权威的标准。由于我国信息化水平的限制,目前尚不具备完全应用COBIT的条件。但仍可以借鉴COBIT中的IT治理思想,把它应用到对我国会计信息系统的治理当中来,制定出适合我国信息化水平的会计信息系统管理和控制标准,以提高对我国会计信息系统的管理效率。     

网络信息安全与政府管制

随着互联网的迅猛发展和广泛应用,日趋严重的网络信息安全问题,对政府管制提出了更为复杂和系统的要求,在此情况下,如何管制"爆炸式"发展的互联网,既使宪法所赋予公民的言论自由可以在网络上充分且方便地享有,又能够抑制侵害他人、国家乃至社会自由和效率的不正当行为,这成为摆在中国政府面前的一项重要课题.本文分析了网络信息安全与政府管制的关系,提出了网络信息安全政府管制的政策选择.     

A security evaluation approach for information systems in telecommunication enterprises

In recent years, information systems in telecommunication enterprises have been characterised by boundary expansion and increase of departmental-level applications. These changes increase the complexity of security evaluation and pose new challenges to enterprises' information security. Taking into account the behaviour characters of system users, we put forward a system security evaluation approach based on access paths. This approach can help evaluators and users find out potential security risks without figuring out the boundary of systems explicitly. It has no special requirements for system scale and can be used in the evaluation of enterprise-level and departmental-level systems. This paper also presents the formal definition of access path and related evaluation rules.     

Six Sigma and information systems project management: A revised theoretical model

Previous information systems (IS) research has significantly improved the success rate of IS projects, but the result is still far from satisfying. The effort to advance IS project management theories continues. One notable effort is Ravichandran and Rai (2000). Based on quality management principles, they developed a model (the R&R model) describing a qualityoriented organizational system that leads to software development quality performance. This study analyzed Six Sigma to propose major revisions to the R&R model. Six Sigma is a recent approach to quality management with proven effectiveness. The analysis of Six Sigma suggested that several constructs in the R&R model need to be respecified, leading to the definition of a new quality‐oriented organizational system. More importantly, the revised model posits that the new organizational system leads to IS project success that can be measured by organizational performance improvement. This study contributes to the literature and provides practical guidance to IS project managers.