An Examination of CIO Leadership Style and Business Strategy for Business-IS Strategic Alignment| A Correlational Study

Berepiki, Clifford Olobo

10 January 2018

<p> Business leaders rely on information technology (IT) and information systems (IS) to stay competitive, and experts agree that the Chief Information Officer (CIO), as the individual responsible for technology optimization, is essential to business success. Based on this understanding, for over 40 years, researchers have invested valuable resources in examining strategic alignment and its antecedents. Although past scholars hint at the likelihood that leadership style influences strategic alignment, no researcher has verified influence in such a relationship. The purpose of this nonexperimental cross-sectional correlational study was to examine the relationship between a CIO&rsquo;s leadership style and strategic alignment when moderating for business strategy. In this research, 145 IT managers who work in the United States completed surveys to share their perceptions of their CIOs&rsquo; leadership style and the realized business and IS strategies. Correlational statistical analyses supported examination of the relationship between three leadership styles (transactional, transformational, and mixed) and strategic alignment for three business strategy types (defender, prospector, and analyzer). Initial findings showed that the leadership style of a CIO had a statistically significant influence on strategic alignment. Following moderation of the relationship by business strategy type, a statistically significant correlation existed between transactional leadership and strategic alignment for analyzer business strategy. However, no statistically significant evidence supported the CIO&rsquo;s leadership style suited for defender and prospector business strategies. In practice, organizations could use the insights from this study to select or develop CIOs with a particular leadership style to match their business strategy in order to increase the chance of success in achieving strategic alignment. Recommendations for further studies included the use of adequate samples for all statistical analysis and the use of a validated model for leadership style assessment.</p><p>

Information technology

The application of natural language processing to open source intelligence for ontology development in the advanced persistent threat domain

Holzer, Corey T.

09 March 2017

<p> Over the past decade, the Advanced Persistent Threat (APT) has risen to forefront of cybersecurity threats. APTs are a major contributor to the billions of dollars lost by corporations around the world annually. The threat is significant enough that the <i>Navy Cyber Power 2020</i> plan identified them as a &ldquo;must mitigate&rdquo; threat in order to ensure the security of its warfighting network. </p><p> Reports, white papers, and various other open source materials offer a plethora of information to cybersecurity professionals regarding these APT attacks and the organizations behind them but mining and correlating information out of these various sources needs the support of standardized language and a common understand of terms that comes from an accepted APT ontology. </p><p> This paper and its related research applies the science of Natural Language Processing Open Source Intelligence in order to build an open source Ontology in the APT domain with the goal of building a dictionary and taxonomy for this complex domain.</p>

Information technology

Predicting the Adoption of Big Data Security Analytics for Detecting Insider Threats

Lombardo, Gary

27 April 2018

<p> Increasingly, organizations are at risk of data breaches due to corporate insider threats. Insiders, in fact, are the biggest threat to corporate data assets and are evading traditional cybersecurity countermeasures. The volume of big data makes insider threat detection more difficult. Conversely big data security analytics (BDSA) enables the detection of anomalous behavior patterns within large datasets in real time, offering organizations potentially a more effective cybersecurity countermeasure for detecting insider threats. However, there was a gap in the literature about what was known about information technology (IT) professionals&rsquo; behavioral intentions (BIs) to adopt BDSA. The overarching management question of this study was whether IT professionals&rsquo; BIs to adopt BDSA were influenced by perceived usefulness (PU) and perceived ease of use (PEOU). This management question led to the investigation of three research questions: The first was if there was a statistically significant relationship between PU and an IT professional&rsquo;s BI to adopt BDSA. The second was if there was a statistically significant relationship between PEOU and an IT professional&rsquo;s BI to adopt BDSA. And, the third was does an IT professional&rsquo;s PEOU of BDSA influence the PU of BDSA. The study used a quantitative, nonexperimental, research design with the technology acceptance model (TAM) as the theoretical framework. Participants included 110 IT professionals with five or more years of experience in the IT field. A Fast Form Approach to Measuring Technology Acceptance and Other Constructs was used to collect data. The instrument had 12 items that used (a) semantic differential scales that ranged in value from -4 to +4 and (b) bipolar labels to measure the two independent variables, PU and PEOU. Multiple linear regression was used to measure the significance of the relationship between PU and BI, and PEOU and BI. Also measured was the moderating effect of the independent variable, PEOU, on the dependent variable, PU. Finally, multivariate adaptive regression splines (MARS) measured the predictive power of the TAM. The findings of this study indicate a statistically significant relationship between PU and an IT professional&rsquo;s BI to adopt BDSA and a statistically significant relationship between PEOU and PU. However, there was no statistically significant relationship between PEOU and an IT professional&rsquo;s BI to adopt BDSA. The MARS analysis indicated the TAM had strong predictive power. The practical implications of this study inform IT practitioners on the importance of technology usefulness. In the case of BDSA, the computational outcome must be reliable and provide value. Also, given the challenges of developing and effectively using BDSA, addressing the issue of ease of use may be important for IT practitioners to adopt and use BDSA. Moreover, as an IT practitioner gains experience with BDSA, the ability to extract value from big data influences PEOU and strengthens its relationship with PU.</p><p>

Information technology

An Empirical Investigation of Factors Affecting Resistance to Using Multi-Method Authentication Systems in Public-Access Environments

Marnell, Joseph W.

17 August 2016

<p> Over the course of history, different means of object and person identification as well as verification have evolved for user authentication. In recent years, a new concern has emerged regarding the accuracy of verifiable authentication and protection of personal identifying information (PII), because previous misuses have resulted in significant financial loss. Such losses have escalated more noticeably because of human identity-theft incidents due to breaches of PII within multiple public-access environments. Although the use of various biometric and radio frequency identification (RFID) technologies is expanding, resistance to using these technologies for user authentication remains an issue. This study addressed the effect of individuals&rsquo; perceptions on their resistance to using multi-method authentication systems (RMS) in public-access environments and uncovered key constructs that may significantly contribute to such resistance.</p><p> This study was a predictive study to assess the contributions of individuals&rsquo; perceptions of the importance of organizational protection of their PII, noted as Perceived Value of Organizational Protection of PII (PVOP), authentication complexity (AC), and invasion of privacy (IOP) on their resistance to using multi-method authentication systems (RMS) in public-access environments. Moreover, this study also investigated if there were any significant differences on the aforementioned constructs based on age, gender, prior experience with identity theft, and acquaintance experience with identity theft. As part of this study, a rollout project was implemented of multi-factor biometric and RFID technologies for system authentication prior to electronic-commerce (e-commerce) use in public-access environments. The experimental group experienced the multi-factor authentication and also was trained on its use. Computer users (faculty &amp; students) from a small, private university participated in the study to determine their level of PVOP, IOP, and AC on their resistance to using the technology in public-access environments. Multiple Linear Regression (MLR) was used to formulate a model and test predictive power along with the significance of the contribution of the aforementioned constructs on RMS. The results show that all construct measures demonstrated very high reliability. The results also indicate that the experimental group of the multi-factor authentication had lower resistance than the control group that didn&rsquo;t use the technology. The mean increases indicate an overall statistically significant difference between the experimental and control groups overall. The results also demonstrate that students and participants&rsquo; increased levels of education indicate an overall statistically significant decrease in resistance. The findings demonstrate that overall computer authentication training do provide added value in the context of measuring resistance to using newer multi-method authentication technology.</p>

Information technology

Can the analytical hierarchy process model be effectively applied in the prioritization of information assurance defense in-depth measures? - a quantitative study

Alexander, Rodney T.

17 March 2017

<p> Organizational computing devices are increasingly becoming targets of cyber-attacks, and organizations have become dependent on the safety and security of their computer networks and their organizational computing devices. Business and government often use defense in-depth information assurance measures such as firewalls, intrusion detection systems, and password procedures across their enterprises to plan strategically and manage IT security risks. This quantitative study explores whether the analytical hierarchy process (AHP) model can be effectively applied to the prioritization of information assurance defense in-depth measures. In response to these threats, the President, legislators, experts, and others have characterized cybersecurity as a pressing national security issue. The methods used in this study consisted of emailing study participants a survey requesting that they prioritize five defense in-depth information assurance measures, anti-virus, intrusion detection, password, smart-cards, and encryption, with a range of responses from 1-5 using a Likert scale to consider standard cost, effectiveness, and perceived ease of use in terms of protection of organizational computing devices. The measures were then weighted, based on ranking. A pair-wise comparison of each of the five measures were then made using AHP to determine whether the Likert scale and the AHP model could be effectively applied to the prioritization of information assurance measures to protect organizational computing devices. The findings of the research reject the H0 null hypothesis that AHP does not affect the relationship between the information technology analysts&rsquo; prioritization of five defense in-depth dependent variables and the independent variables of cost, ease of use, and effectiveness in protecting organizational devices against cyber-attacks.</p>

Information technology

Performance evaluation of a wired and a wireless iSCSI network using simulation model

Kawatra, Kshitij

06 May 2016

<p> This paper compares the performance of a wired and a partial wireless network sending storage data from client&rsquo;s end to the server&rsquo;s end. The purpose of this project is to observe if a wireless network can be an efficient alternative to a wired network to send storage specific protocols and data. The comparison has been made on the basis of throughput i.e., number of bits being transferred per second, and delay i.e., time taken by one bit to transfer from one end to another. For a wired network, delay can be added to the transmission at each node depending on their processing speed as well as the distance between two nodes. For a wireless network other factors like channel bandwidth and buffer size play an important role. In this paper, we have also observed the effect of buffer size on a wireless network and how it can be manipulated to minimize delay and packet loss in the network. We have implemented and simulated our network scenario in Opnet Modeler by Riverbed. </p>

Information technology

Misinterpretation of Digital Evidence| Recommendations to Improve Data Integrity

Bednar-Schadle, Teresa

05 January 2019

<p> The criminal justice system struggles to remain current with modern technology, and the result is the conviction of innocent victims due to the misinterpretation of digital forensic data. It is common for criminal trials to rely on digital evidence and not uncommon the guilty acquitted based on digital evidence. The research contained in this report covered some of the factors contributing to the misinterpretation of digital forensic data. Among the contributing factors are lack of professional and ethical standards governing digital forensic investigators, inadequate training, outdated equipment, and lack of standardized protocols for analyzing digital evidence. All are problems leading to evidentiary issues, and improper jury decisions based on shaky digital evidence (Sloan, 2015). </p><p> Research conducted for this report also provides recommendations to minimize the risk of digital forensic data misinterpretation. Recommendations included new technology training and establishment of formal ethics training and requirements for all investigators. Other recommendations included adopting the use of behavior analysis and knowledge management during investigations. Results from a 2015 survey to identify the biggest challenges facing digital forensic investigators also included investigator training, new technology and the need to provide digital technology training for prosecutors.</p><p>

Information technology

Three essays on how social context shapes engagement online

Baek, Jiye

30 June 2018

Understanding online user engagement is a key challenge for social platforms that support the communal creation or transfer of knowledge and information. Engagement is not only a function of individual attributes but also the result of the social context that derives from platform choices. This dissertation presents several empirical examples of how social context shapes online engagement in social platforms such as social media or online communities. In the first chapter, I investigate how the social network structure influences Twitter users’ information sharing behavior. I reconcile contradictory theories of the diversity of information sharing on social media using data representative of the whole population of Twitter users. In the second chapter, I investigate how online community size impacts users’ platform engagement. By conducting a randomized field experiment on edX, I show a causal influence of community size on individual user’s knowledge-sharing behavior, retention and performance. In the third chapter, I examine how social learning impacts out-group users’ engagement in an online learning community in terms of language and culture. I broaden the scope of my research in this last chapter by studying a context that has received little attention in the platform engagement literature. I use an interdisciplinary multi-method approach in my research that includes social network analysis, randomized field experiment, and econometrics. This dissertation involves a combination of these methods to understand user-behavior in the social platform and introduce interventions to maximize the benefit for digital platform and users alike.

Information technology

The Impact of Social Digital Behavior on Digital Natives' Computer Security Behavior at Home - A Regression Study

Zarenejad, Afshin

02 October 2018

<p> Computer system end-users, whether at home or work, have been described as the weakest link in a computer security network. End-users frequently encounter warnings intended to prevent them from engaging in potentially dangerous activities and navigating to potentially malicious sites. However, end-users exhibit behaviors that violate safe computing and Internet use. End-users are either digital natives (born in or after 1982) or digital immigrants (born before 1982). This regression research study addresses the extent to which social behavior (measured by response efficacy, self-efficacy, and social influences) impacts the home computer user&rsquo;s security behavior, controlling for digital natives. A survey was conducted from a random sample of individuals 21 years of age or older who own a personal computer and are responsible for its maintenance and repairs. The survey intended to determine to what extent do response efficacy, self-efficacy, and social influence impact security behavior of the home computer user, controlling for whether the user is a digital native or digital immigrant. The data was analyzed by using hierarchical linear regression. It was determined that when controlling for the effect of being a digital native, response efficacy and social influence were significantly predictive of behavioral intentions, while self-efficacy was not significantly predictive of behavioral intentions. This study shows that home computer users believe that (a) the security process is essential (response efficacy) and (b) they do not want to be seen in a negative light by their peers (social influence) but (c) that they may not actually change their personal behavior (self-efficacy) when making decisions vis-&agrave;-vis the security of their personal computers (security behavioral intentions). It was found that use of persuasive communications can affect the user&rsquo;s security behavioral intention. Despite the implementation of fear appeals, some users have not changed their decision-making process to ensure the security of their systems. </p><p>

Information technology

Identifying Key Determinants of Service Provider Effectiveness and the Impact it has on Outsourced Security Success

Lewis, James B.

19 December 2015

<p> The purpose of this research was to identify key determinants of service provider effectiveness and how it impacts outsourced security success. As environments have become more robust and dynamic, many organizations have made the decision to leverage external security expertise and have outsourced many of their information technology security functions to Managed Security Service Providers (MSSPs). </p><p> Information Systems Outsourcing, at its core, is when a customer chooses to outsource certain information technology functions or services to a service provider and engages in a legally binding agreement. While legal contracts govern many aspects of an outsourcing arrangement, it cannot serve as the sole source of determining the outcome of a project. Organizations are viewing outsourcing success as an attainment of net benefits achieved through the use of a service provider. The effectiveness of the service provider has an impact on a company&rsquo;s ability to meet business objectives and adhere to service level agreements. Many empirical studies have focused on outsourcing success, but few have focused on service provider effectiveness, which can serve as a catalyst to outsourcing success. </p><p> For this research, Agency Theory (AT) was proposed as a foundation for developing the research model which included key areas of focus in information asymmetry, the outsourcing contract, moral hazard, trust, service provider effectiveness, and security outsourcing success. Agency Theory helped uncover several hypotheses deemed germane to service provider effectiveness and provided insight into helping understand the principal-agent paradigm that exists with security outsourcing. Confirmatory Factor Analysis (CFA) and Partial Least Squares-Structured Equation Modeling (PLS-SEM) were used with SmartPLS to analyze the data and provided clarity and validation for the research model and helped uncover key determinants of service provider effectiveness. </p><p> The statistical results showed support for information asymmetry, contract, and trust, all of which were mediated through service provider effectiveness. The results also showed that service provider effectiveness is directly correlated to increasing security outsourcing success. This concluded that the research model showed significant results to support 4 of the 5 hypotheses proposed and helped uncover key findings on how security outsourcing success can be impacted. This research served as an original contribution to information security while viewing outsourcing success from the perspective of the client, security services, and customer expectations.</p>

Information technology