The Electronic Journal of Information Systems Evaluation provides critical perspectives on topics relevant to Information Systems Evaluation, with an emphasis on the organisational and management implications
For general enquiries email
Click here to see other Scholarly Electronic Journals published by API
For a range of research text books on this and complimentary topics visit the Academic Bookshop

Information about the European Conference on Information Management and Evaluation is available here





Journal Article

Internet Banking in Brazil: Evaluation of Functionality, Reliability and Usability  pp41-50

Eduardo Diniz, Roseli Morena Porto, Tomi Adachi

© Jan 2005 Volume 8 Issue 1, Editor: Dan Remenyi, pp1 - 80

Look inside Download PDF (free)


Evaluating the performance of business Web sites has been a constant concern of researchers in different fields. This article presents an approach that contributes to the development of a methodology to assist researchers, developers and managers to establish criteria to evaluate and build digital business environments. Based on a multiple case study in three large banks in Brazil, this article proposes and tests a model of three dimensions to evaluate virtual business environments from the user's point of view: functionality, evaluates the offered services profile; reliability, investigates the security of a transactional site; and usability evaluates the quality of user interaction with the site.


Keywords: internet banking, banking technology, usability, security, Internet


Share |

Journal Article

The Value Congruence of Social Networking Services‑a New Zealand Assessement of Ethical Information Handling  pp121-132

Tony Hooper, Tyrone Evans

© Oct 2010 Volume 13 Issue 2, ICIME 2010, Editor: Shaun Pather and Corrie Uys, pp97 - 196

Look inside Download PDF (free)


Social networking sites on the Internet have enjoyed considerable media publicity recently. Whereas conventional social interactions leave behind no record, similar social interactions performed on social networking websites, can leave behind detailed and possibly permanent records. A literature review of social networking sites and personal privacy indicates that users may be unwary when interacting with specific social networking sites and unaware of the potential consequences of interaction, or they may deliberately ignore the risks in preference for publicity and personal relationships. A content analysis was carried out to compare the terms of use and privacy statements of six social networking sites with one another. The twelve principles of the New Zealand Privacy Act of 1993 were used in the coding template because they represent the agreed national values on information handling in New Zealand. The study demonstrated significant shortcomings in the contractual relationships between the users and social networking services that could be exploited in order to misuse personally identifiable data. It highlighted the need for users and organisations to be aware of the terms of use and privacy statements to which they become contractually bound, as well as to understand what the network may do with user’s information. Particular concern related to the accuracy of the information collected and the deletion of historic data. Social networking services terms of use and privacy statements appear to be more concerned with exculpatory clauses than demonstrating a concern for user security. Because many users, especially adolescents, are more driven by peer group pressure and the behavioural conventions of their age cohort than concern for the dangers they face when posting personal information, current theory on the role of trust in online transactions is failing to explain the contemporary behavioural phenomenon of SNS use. The social responsibility implications arising from this phenomenon and the accountability of SNSs for any misuse of personally identifiable information through their websites are discussed. Some areas for further research are suggested.


Keywords: social networking services, value congruence, New Zealand Privact Act 1993, privacy policies, personal security, personally identifiable information


Share |

Journal Article

Assessing Future Value of Investments in Security‑Related IT Governance Control Objectives … Surveying IT Professionals  pp216-227

Waldo Rocha Flores, Teodor Sommestad, Hannes Holm, Mathias Ekstedt

© Sep 2011 Volume 14 Issue 2, ICIME 2011, Editor: Ken Grant, pp167 - 281

Look inside Download PDF (free)


Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security‑related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.


Keywords: IT governance, control objectives, information security, net present value


Share |

Journal Article

Auditing the Data Confidentiality of Wireless Local Area Networks  pp45-56

Peter Clutterbuck, Terry Rowlands, Owen Seamons

© Jan 2007 Volume 10 Issue 1, ECITE 2006 Special, Editor: Dan Remenyi, pp1 - 122

Look inside Download PDF (free)


Wireless Local Area Networks (WLANs) provide many significant advantages to the contemporary business enterprise. WLANs also provide considerable security challenges for network administrators and users. Data confidentiality (ie, unauthorised access to data) breaches are the major security vulnerability within WLANs. To date, the major IT security standards from the International Standards Organisation (the ISOIEC 17799) and the National Institute of Standards and Technology (the NIST Special Publication or 'SP' suite) have only a superficial coverage of WLAN security controls and compliance certification strategies. The clear responsibility for WLAN managers is to provide network users with best practice security strategies to mitigate the real risk of unauthorised data access. The clear responsibility for IT auditors is to ensure that best practice security practices are in place and that operational compliance is consistently achieved. This paper describes a newly researched software auditing artefact for the evaluation of the data confidentiality levels of WLAN transmissions — and therefore by extension for the evaluation of existing security controls to mitigate the risk of WLAN confidentiality breaches. The paper describes how the software auditing artefact has been evolved via a design science research methodology, and pivots upon the real time passive sampling of data packets as they are transmitted between mobile users and mobile transmission access points. The paper describes how the software auditing artefact uses these sampled data packets to produce a very detailed evaluation of the levels of data confidentiality in effect across the WLAN. This detailed evaluation includes specific identification (for network managers) of the types of software services operating across the WLAN that are not supported with the appropriate data confidentiality controls. The paper concludes by presenting an analysis of the results achieved during beta testing of the auditing artefact within a university production WLAN environment, together with a brief description of WLAN best practice security.


Keywords: Security, WLAN, confidentiality, auditing, 80211


Share |

Journal Issue

Volume 13 Issue 2, ICIME 2010 / Oct 2010  pp97‑196

Editor: Shaun Pather, Corrie Uys

View Contents Download PDF (free)


We have pleasure in presenting this special issue of EJISE.  As Information and Communications Technologies and the related Information Systems become ever more pervasive across all spheres of business, government and community based organizations, the scope of this journal has flexed to accommodate these varied settings in which pertinent research problems are located.   Consequently, in this special issue wide‑ranging problems related to the broad ambit of IS evaluation is reported on: 

As many countries continue to develop policies to enhance and sustain the growth of the SME sector, so too does the expenditure and consumption of IT amongst this category of business grow at an ever increasing rate thus warranting the attention of evaluation research. Avraam Papastathopoulos and Christina Beneki investigate an important concern with regards to the factors which are associated with the benefits from the adoption of ICTs amongst SMEs. In a study of the Greek SME sector the paper provides evidence that strategy plays a major role in the adoption and the appropriate use of ICTs.  Importantly their research also finds that prior entrepreneurial experience‑knowledge of ICT is significantly associated with the ICT performance. 

RFID technologies are increasingly used in a number of organisational settings for inventory control and management. Paul Golding and Vanesa Tennant contribute to our understanding of evaluation by proposing a methodology to evaluate the RFID inventory reader in a library.  Whilst the findings of this paper hone in on the application of RFID in a specific environment, the findings provide a basis for which evaluation of RFID in other similar contexts can take place, and thus adds to the conceptual base on RFID performance testing.

Notwithstanding many years of case studies and an increasing body of literature on ERP implementation and evaluation thereof questions continue to arise in respect of successful outcomes.  Brian O’Donovan and his co‑authors argue that during the ERP usage stage the intended efficiencies from ERP systems are not always realised. Having studied organisational memory mismatches and the resultant coping strategies their research posits that mismatches and short‑term coping strategies were found to contribute to ERP underperformance. 

In their paper Peter Weimann and co authors investigate the role of communications culture in a distributed team environment.  In assessing the role of ICTs in such an environment the paper argues that team member satisfaction and team success can only be accomplished if the communication culture in the company takes into account the technologies used and the distributed work setting. 

From amongst the various IS evaluation approaches, those apporaches which focus on the role of human stakeholders  are  worthy of a deeper understanding. Jeffrey Bagraim examines the multiple commitments of information technology knowledge workers and the related outcomes of such commitment. The results of his study challenges managers to review their assumptions about the organizational commitments of information technology knowledge workers.

Web 2.0 applications also receive attention in this issue.  Hooper and Evans investigate the value congruence of social networking services in New Zealand, and make an assessment of ethical information handling.  Their findings demonstrate significant shortcomings in the contractual relationships between the users and social networking services and they argue that this could be exploited in order to misuse personally identifiable data.

The paper by Racheal Lindsay and co‑authors discusses measures which are used to monitor data quality in the context of mobile devices in the UK police force.  Their findings show that whilst there are processes in place to verify data standards, these processes only take into consideration the structural completeness of data, and not other measurements of data quality, such as accuracy, timeliness, relevance, understandability and consistency.

Robbert in't Hout and coauthors studied how a wiki could be used to improve knowledge sharing.  The paper reports on a case study in which a consulting company was able to improve knowledge sharing amongst consultants during the devleopment of a Municipal Traffic and Transport Plan.  The findings  suggest that wikis need to be tuned to the learning styles that are available within the community that will use the tool.  In the context of knowledge sharing impolrtant lessons for wiki design are offered.

Finally, in a study of e‑government adoption, Rangarirai Matavire and co‑authors report on factors which inhibit the successful implementation of e‑government in South Africa. The findings of their research demonstrate that leadership, project fragmentation, perceived value of Information Technology, citizen inclusion and task co‑ordination are among the key inhibitors of e‑government success.

Shaun Pather and Corrie Uys

South Africa, October 2010


Keywords: affective commitment, boosting behaviour, communication culture, communication pattern, communication technology, data quality, e-Government, enterprise systems, entrepreneurial experience, ERP customising, ERP systems, ERP training, ERP usage, evaluation, grounded theory, helping behaviour, ICT-adoption, ICT-performance, ICT-strategy, interface design , knowledge management , law enforcement, library, mobile working, Municipal Traffic and Transport Planning, New Zealand Privacy Act 1993, ordinal regression, organisational memory, performance , personal security, personally identifiable information, privacy policies, RFID, social networking services , social software, South Africa, turnover intentions, value congruence, virtual teams, Wiki


Share |