The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
For general enquiries email administrator@ejise.com
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop

Information about the European Conference on Information Management and Evaluation is available here

linkedin-120 

twitter2-125 

fb_logo-125 

 

Journal Article

Auditing the Data Confidentiality of Wireless Local Area Networks  pp45-56

Peter Clutterbuck, Terry Rowlands, Owen Seamons

© Jan 2007 Volume 10 Issue 1, ECITE 2006 Special, Editor: Dan Remenyi, pp1 - 122

Look inside Download PDF (free)

Abstract

Wireless Local Area Networks (WLANs) provide many significant advantages to the contemporary business enterprise. WLANs also provide considerable security challenges for network administrators and users. Data confidentiality (ie, unauthorised access to data) breaches are the major security vulnerability within WLANs. To date, the major IT security standards from the International Standards Organisation (the ISOIEC 17799) and the National Institute of Standards and Technology (the NIST Special Publication or 'SP' suite) have only a superficial coverage of WLAN security controls and compliance certification strategies. The clear responsibility for WLAN managers is to provide network users with best practice security strategies to mitigate the real risk of unauthorised data access. The clear responsibility for IT auditors is to ensure that best practice security practices are in place and that operational compliance is consistently achieved. This paper describes a newly researched software auditing artefact for the evaluation of the data confidentiality levels of WLAN transmissions — and therefore by extension for the evaluation of existing security controls to mitigate the risk of WLAN confidentiality breaches. The paper describes how the software auditing artefact has been evolved via a design science research methodology, and pivots upon the real time passive sampling of data packets as they are transmitted between mobile users and mobile transmission access points. The paper describes how the software auditing artefact uses these sampled data packets to produce a very detailed evaluation of the levels of data confidentiality in effect across the WLAN. This detailed evaluation includes specific identification (for network managers) of the types of software services operating across the WLAN that are not supported with the appropriate data confidentiality controls. The paper concludes by presenting an analysis of the results achieved during beta testing of the auditing artefact within a university production WLAN environment, together with a brief description of WLAN best practice security.

 

Keywords: Security, WLAN, confidentiality, auditing, 80211

 

Share |

Journal Article

Reconstructing the Past for Organizational Accountability  pp127-137

Geert-Jan van Bussel

© Jan 2012 Volume 15 Issue 1, ECIME 2011, Editor: Walter Castelnovo and Elena Ferrari, pp1 - 148

Look inside Download PDF (free)

Abstract

Many organizations have undergone substantial reorganization in the last decade. They re‑engineered their business processes and exchanged proprietary, not integrated applications for more standard solutions. Integration of structured data in relational d atabases has improved documentation of business transactions and increased data quality. But almost 90% of the information that organizations manage is unstructured, cannot easily be integrated into a traditional database. When used for organizational act ions and transactions, structured and unstructured information are records. They are meant and used as evidence. Governments, courts and other stakeholders are making increasing demands for the trustworthiness of records. An analysis of literature of the information, organization and archival sciences illustrates that accountability needs the reconstruction of the past. Hypothesis of this paper is that for the reconstruction of the past each organization needs a combination of three mechanisms: enterprise records management, organizational memory and records auditing. Enterprise records management ensures that records meet the quality requirements needed for accountability: integrity, authenticity, controllability and historicity. They ensure records that can be trusted and enhance the possibilities for the reconstruction of the past. The organizational memory ensures that trusted records are preserved for as long as is necessary to comply with accountability regulations. It provides an ICT infrastructure to (indefinitely) store those records and to keep them accessible. Records auditing researches the first two mentioned mechanisms to assess the possibility to reconstruct past organizational actions and transactions. These mechanisms ensure that organi zations have a documented understanding of [1] the processing of actions and transactions within business processes; [2] the dissemination of trusted records; [3] the way the organization accounts for the actions and transactions within its business proce sses; and [4] the reconstruction of actions and transactions from business processes over time. This understanding is crucial for the reconstruction of the past and for organizational accountability

 

Keywords: accountability, enterprise records management, organizational memory, records auditing

 

Share |

Journal Issue

Volume 10 Issue 1, ECITE 2006 Special / Jan 2007  pp1‑122

Editor: Dan Remenyi

View Contents Download PDF (free)

Editorial

Another edition of EJISE brings to the attention of the information systems community 10 more pieces of research into how information systems may be evaluated. The contributions in this issue are from 9 different countries and from a diverse range of universities and business schools.

When I first became actively interested in information systems’ evaluation in 1990 I had no idea of how wide and how deep an issue information systems evaluation was. I had thought that it was worth a few papers and maybe a book or two. Today my view is entirely different and I wonder if the community of information systems academics and practitioners will ever reach a point where by there will be a general agreement as to how to evaluate or assess information systems. My best guess would be that they probably will not.

However as it was put to me at the start of my university studies academics tend to have far more questions than answers and this may not necessarily be a ‘bad’ thing. If we continue to ask the right questions, even if we can’t find definitive answers we are effectively moving the frontier of knowledge forward. And that I suggest is, in the end, the most important objective of academe.

I hope that you will find a number of interesting topics among these 10 papers.

 

Keywords: IS integration, auditing, balanced score card, business process facilitation, case study, confidentiality, domain specific languages, e-Government project evaluation, enterprise information system, CEO framework, ex post evaluation, functional-operational match, ICT benefits, ICT evaluation, ICT project, information economics, Information System Architecture , IS outsourcing , IT evaluation, IT value assessment, knowledge management, meta-modelling tools, motivational factors, user satisfaction surveys, web content management, WLAN

 

Share |

Journal Issue

Volume 15 Issue 1, ECIME 2011 / Jan 2012  pp1‑148

Editor: Walter Castelnovo, Elena Ferrari

View Contents Download PDF (free)

Editorial

The papers in this issue of EJISE have been selected from those presented at the 5th European Conference on Information Management and Evaluation (ECIME 2011) at the Dipartimento di Informatica e Comunicazione, Università dell'Insubria, Como, Italy on 8‑9 September 2011.

 

The issue has been guest edited bythe Conference Chair, Professor Walter Castelnovo, and the Programme Chair, Professor Elena Ferrari, both from University of Insubria, Como, Italy.

 

walter_castelnovo    elena_ferrari 

 

Keywords: crime analysis, GIS, geostatistics, intelligence-led policing, predictive dissemination, data mining, boundary spanning, IS outsourcing, relationships management, accountability, enterprise records management, organizational memory, records auditing, knowledge economy, measuring effectiveness, performance indicator, assess of knowledge, enterprise information systems, enterprise recourse planning systems, customer relations management systems, supply chain management systems, community informatics, requirements engineering, microenterprise, technology adoption, indigenous business, socio-technical system, SMEs, IT/IS, lemon market theory, ISV, ambient assisted living, field trials, ageing technology users, enterprise architecture, architectural alignment, Zachman framework, TOGAF, GERAM, E2AF, payments, framework, mobile, value, data governance, data management, data quality, framework, business model, business case, strategy, operations, management, implementation

 

Share |