Information Technology Certification Training Implementation| Exploratory Case Study of Air Force and Civilian Leaders Experiences

Munn, Jamie E.

28 February 2018

<p> Military leaders, both active duty and General Schedule (GS), must understand cyber warfare with its environmental connections and rapid evolution while finding ways to develop strategies that may lessen threats and attacks to government infrastructure. The Department of Defense (DoD) sought training and certification programs from the civilian sector to help create and enforce safeguards to ensure critical infrastructure was less susceptible to increasingly hostile cyber-attacks. The purpose of this qualitative exploratory single case study was to gain insight on Air Force leaders&rsquo; perspectives of integrating civilian Information Technology (IT) certification training into the military IT certification process, the perception of benefits of such implementations, and how processes and benefits aligned with the DoD 8570 directive. The research method consisted of an exploratory case study focused on experiences of both military and civilian leaders at an AFB in the Southeastern United States. Data collection was conducted through audio-recorded interviews of 10 military leaders. Six themes emerged from data provided by participants when answering the two research questions. The DoD 8570 Mandate should address, revise and emphasize the guidance and polices surrounding the training program, and provide more information on how to manage the program. The DoD should improve the training and education specifically as it pertains to individuals&rsquo; workloads. Finally, revisions in the program would vastly improve the success and potentially save money with consideration to a DoD created certification program.</p><p>

Management|Information technology

Graph-based Event Correlation for Network Security Defense

Neise, Patrick

27 April 2018

<p> Organizations of all types and their computer networks are constantly under threat of attack. While the overall detection time of these attacks is getting shorter, the average detection time of weeks to months allows the attacker ample time to potentially cause damage to the organization. Current detection methods are primarily signature based and typically rely on analyzing the available data sources in isolation. Any analysis of how the individual data sources relate to each other is usually a manual process, and will most likely occur as a forensic endeavor after the attack identification occurs via other means. The use of graph theory and the graph databases built to support its application can provide a repeatable and automated analysis of the data sources and their relationships. By aggregating the individual data sources into a graph database based on a model that supports the data types and relationships, database queries can extract information relevant to the detection of attack behavior within the network. The work in this Praxis shows how the graph model and database queries will reduce the overall time to detection of a successful attack by enabling defenders to understand better how the data elements and what they represent are related.</p><p>

Management|Information technology

Examining the End-user Perspective of Personal Computer Security| A Qualitative Q Methodology Study

Varnadore, Michael Ray

12 May 2018

<p> The Personal Computer is one of the most versatile inventions of the modern world. From its introduction in the 1980s, businesses have used these devices to perform everything from routine administrative tasks to complex engineering activities. Without proper attention to the security, companies put their ongoing operations and data at risk of theft, alteration, or destruction. Employees using personal computing systems are the primary gatekeepers of intellectual property and at the same time are the source of most data breaches. The purpose of this study was to analyze attitudes and behavioral patterns of end-users who repeatedly fall victim to simulated phishing attacks. Using a Q-Methodology approach, participants rated their level of agreement or disagreement of statements collected from research about end-user attitude and training towards computer security. Analysis of participant responses yielded three factors that demonstrated a pattern of behavior and opinion and categorized participants into three groups; <i>gatekeepers, oblivions</i>, and <i> conformists</i>. Analysis of the three group&rsquo;s alignment with the studies research questions reveals that although all groups are well trained in computer security procedure and policy, two of the groups demonstrate deficiency in recognizing cyber risk and understanding how to protect against the threat. For companies to be secure, the end-user must view themselves as the <i> primary gatekeeper</i> to protect intellectual property. Technology can be circumvented, passwords can be compromised, and systems can be penetrated. The most effective method therefore to combat cyber threat is to create a culture of vigilance that every end-user understands, accepts, and embraces as their primary responsibility.</p><p>

Management|Information technology

Strategies to Minimize the Effects of Information Security Threats on Business Performance

Okoye, Stella Ifeyinwa

29 September 2017

<p> Business leaders in Nigeria are concerned about the high rates of business failure and economic loss from security incidents and may not understand strategies for reducing the effects of information security threats on business performance. Guided by general systems theory and transformational leadership theory, the focus of this exploratory multiple case study was to explore the strategies small and medium-sized enterprise (SME) leaders use to minimize the effects of information security threats on business performance. Semistructured interviews were conducted with 5 SME leaders who worked in SME firms that support oil and gas industry sector in Port Harcourt, Nigeria, had a minimum of 2 years experience in a leadership role, and had demonstrable strategies for minimizing the effects of information security threats in a SME. The thematic analysis of the interview transcripts revealed 10 strategies for reducing the effects of information security threats: network security, physical security, strong password policy, antivirus protection and software update, information security policy, security education training and awareness, network security monitoring and audit, intrusion detection, data backup, and people management. The findings may contribute to social change by providing SME leaders with more insight about strategies to minimize the effects of information security threats on business performance. The improved business performance can increase the flow of funds into the local economy and allow community leaders to provide social services to residents.</p><p>

Management|Information technology

The feasibility of single source strategic partnerships in relation to plant control networks

Willcock, Peter Richard

04 October 2010

M.Comm. / The potential information available to managers through the management information system is considerably greater than a decade ago. Managers can through web portals view exactly where a product is in the manufacturing process anywhere in the world. The significant difference lies in how the information is passed from the control engineering layer to the business information layer. Substantial leaps forward have been achieved in the transparency of the various networks. In a manufacturing plant, information, right down to a pulse from the simplest sensor, can now immediately be shown to a user on the internet a thousand kilometres away. Making information from the factory floor available in real-time into the management system in the correct format, is not as simple as might appear. Over the past decade plant automation systems and business information systems have become more integrated than ever before. The organization’s management must make the correct, informed choice of networks for each application. Management must be aware of the various automation networks and their limitations. Management must also take cognisance of the possible compatibility issues associated with choices of networks and the associated automation equipment. Management needs to consider from whom and how to source the plant control networks. Supply chain management techniques have lead the trend in many industries to move to fewer, more strategic suppliers. The possibility of a single source strategic supplier relationship is investigated. The first part of research aims to determine whether a single supplier is a technically-sound solution. A number of automation networks are researched, their usability, industry support and future potential evaluated. iii These included various fieldbus networks and the newer reputedly more universal industrial Ethernets. The literature suggested that the solutions proposed by some of the major suppliers should be comprehensive. The research concurred that the offerings of two major worldwide automation suppliers were sufficiently all-inclusive. The second part of the research investigated whether strategic partnering is sound business practice. The customer to supplier relationship is examined. The advantage to both parties of pursuing a closer relationship is explored. The literature reported benefit and an increase in closer supplier partnering in other industries. The research confirmed that there was indeed benefit in a closer customer supplier relationship in the automation industry. The results of the literature study and the research conducted conclude that a single-vendor plant control network is feasible. Moreover entering a strategic partnership with a single automation supplier is best business practice.

Management information systems

Automation

Creating strategic value through a standard business information system : an exploratory study

Papageorgiou, Elmarie

25 October 2010

D.Comm. / This research was initially motivated for the concern with the fact that there are so many Executive Information Systems (EISs) and other information systems available in listed Johannesburg Stock Exchange (JSE) companies as the content varies dramatically from company to company or sometimes from division to division in the same Group. This could lead to confusion for the user and interferes with decisionmaking. To maximise use, but minimise confusion it is therefore important to make sure that all information is in a standard format between the different divisions of the company within the industry. In order to do so, it was considered necessary to conduct an exploratory study to investigate the existence of an EIS in companies. Top management, executives, directors, senior managers and potential other users of EISs are firstly not always informed of the existence of an EIS, and/or secondly, unaware of the fact that they can use an EIS as a tool to report and analyse their companies on a day-to-day basis.Over the past few years, an increasing number of companies have implemented an EIS. EISs are used to effectively analyse, evaluate and compare companies’ financial statements and performances. Although users, at all levels of the business, have used an EIS, its success and shortcomings have yet to be documented conclusively at the level of the companies in a South African (SA) context. This research investigates whether listed JSE companies need a ‘standard’ ‘BIS to use as a tool to analyse and measure their performances.The input of all users of an EIS Synopsis iii with regard to unmet needs will have a significance impact on the content of an EIS; this in turn could result in ensuring them a key role in shaping the future of companies.

Management information systems

An executive information system of Eureka DIY solution

Marais, Arlette Irene

17 February 2014

M.Com. (Business Management) / Please refer to full text to view abstract

Management information systems

Personnel management information systems

Morrison, Keith Ian

January 1968

In May of 1967, Dr. L. F. Moore of the Faculty of Commerce and Business Administration at UBC received a grant from the Institute of Industrial Relations, in order to undertake a research study into the "Development of an Integrated Data Bank for Manpower Management and Research." In part, he stated that "It would appear that much of the data obtained on employee record forms may be made suitable for computer storage, retrieval and analysis. In addition, much of this data is usable in multiple areas of analysis and research." This thesis, "Personnel Management Information Systems" closely parallels the work of Dr. Moore, as the writer worked for him during the summer of 1967 in the capacity of a research assistant. The content of the thesis to a very large extent represents the work done for Dr. Moore, and is an attempt to lay much of the groundwork in what is eventually to become a more detailed and comprehensive study. The main problems dealt with in this thesis are fourfold. The initial problem was to ascertain the basic functions of the personnel department in terms of procedures, records and forms employed, information flows etc. and to determine if these functions could be centrally integrated through the use of a manpower data bank. A further area examined was the feasibility or practicability, in terms of advantages and limitations, inherent in the concept of computerizing personnel records. The third problem involved definition of some of the procedures and methods which are prerequisite to the installation of a manpower data bank. The fourth problem was met in ascertaining the extent to which such installations are presently employed by corporations. As the concept of personnel management information systems is relatively new, little information was available from the literature. The investigation therefore was carried out through the following procedures: personal interviews with firms in Vancouver; correspondence with large Canadian and U.S. Corporations and the United States government; a review of recent periodicals covering the Personnel function; and from occasional papers covering this aspect of computer applications. Several conclusions were reached as a result of this study. In view of the many forms, procedures and voluminous amounts of data, it was concluded that the personnel department functions can and should be adapted to computerization through the creation of a manpower data bank. The unlimited potential of such a system is obvious in light of the many functions it can perform. There may be disadvantages for certain firms to implement a system of this nature, but on the whole the advantages outweigh the disadvantages. The systems analysis approach to the problem of determining procedures to take in implementing the system was judged the best technique to follow. At the present time, computerized personnel records are being employed by many large corporations, with varying degrees of success. Many systems were initially designed with a limited purpose in mind and do not resemble the integrated manpower data bank as presented in this thesis. / Business, Sauder School of / Graduate

An analysis of key MIS issues

Graham, John Albert

January 1988

The purpose of this research was to examine the topical Management Information System (MIS) issues of the day to determine which are most important along with the factors contributing to their importance. Two professional societies from the greater Vancouver area were surveyed to obtain the MIS practitioners' opinions as to the most important issues. The respondents predominantly held managerial positions while the organizations comprised a wide cross section of sizes and industries. Data management, planning and integrating technologies were the top rated issues as seen by the aggregation of respondents. A factor analysis identified five higher level issues. An analysis was also performed to determine if importance was related to the demographic variables of company size, industry, respondent position and innovator category. Comparisons were made with previous research with the main trend being the increased importance placed on technical or application system issues versus management issues. / Business, Sauder School of / Graduate

Management information systems

A goal oriented and decentrally controlled workflow model for facilitating exception handling

Guo, Huijin

11 1900

More and more organizations are starting to use workflow management systems (WfMS) to monitor, control and manage business processes. However, currently available commercial workflow systems are rather rigid and cannot meet the requirements of a dynamic and fast-changing business. Exception handling capabilities of the systems are very limited. Some research work has been done to address the issue by extending database technologies in workflow domain. In this thesis, we begin with a brief review of some main workflow concepts and do a survey of current research work on exception handling. We propose a leveled workflow model based on Micro-Organization Activity Processor (MOAP) and Object-Oriented Workflow Model (OOWM), which is an extension of Object-Oriented Enterprise Modeling (OOEM). The MOAP construct is extended with a goal concept and the OOEM service concept. We then propose a mechanism for exception handling which utilizes artificial intelligence technologies such as means-end analysis. We further demonstrate the functionalities and exception handling processes with a web-based simulator by applying some workflow exception cases. / Business, Sauder School of / Graduate

Management information systems

Workflow