Despite the growth in electronic commerce (hereafter, “e-commerce”) usage, consumers are still reluctant to purchase online due to security and privacy concerns. To alleviate this issue, e-commerce ...vendors may sign up with an independent third-party web assurance service to obtain a seal that is displayed on the vendor's website. The presence of such seal aims at sending a signal of trustworthiness and security to online shoppers. While prior research mainly focused on the impact of these web seals on consumers' perceptions and purchasing behaviors, little research has been conducted on the managerial decision-making process about the adoption, implementation, and the abandonment of such seals. Of particular interest here is the WebTrust seal, jointly developed by the AICPA and the CICA. We take a qualitative case study approach with the objective of understanding the motivations and rationale of a large North American telecommunications firm's management behind the decisions about the adoption, implementation, and abandonment of its WebTrust seal. Our case company was one of the first to obtain the seal on its online shopping website. Semi-structured interviews were conducted with key executive officers involved in the decision-making process related to the seal. Results suggest that the implementation and the subsequent abandonment of WebTrust may be explained by several theoretical frameworks: managerial accounting perspective, organizational slack theory, innovation theory, but primarily and best through institutional theory. First, the case firm's needs of legitimacy, coupled with the endorsement of a recognized professional accountants association and the presence of a Big 4 accounting firm, led to the implementation of WebTrust. Second, when the benefits of WebTrust versus its costs were questioned, and that other companies increasingly abandoned the seal, the case firm decided to follow this trend to conform to prevailing values of appropriate business behavior.
Provider: - Institution: - Data provided by Europeana Collections- Göttingen, Georg-August Universität, Diss., 2015- All metadata published by Europeana are available free of restriction under the ...Creative Commons CC0 1.0 Universal Public Domain Dedication. However, Europeana requests that you actively acknowledge and give attribution to all metadata sources including Europeana
As dependence upon interorganizational and international health care informatics becomes absolute, and with increased vulnerability of information networks and applications and the cunning ...sophistication of computer criminals, it becomes imperative to implement tight information systems security to ward off any possible threat to these vital life-dependent information systems. In a rapidly decentralizing environment, the author proposes centralized security control, implemented in a Security Audit Center under the direct supervision of an Information Systems Security Manager who is a high-ranking organization staff member. Of the various components of the Security Audit Center, the most significant is the security audit expert systems which analyze audit data files according to security rules and present a precise status of systems security and realtime suspicion alert of the various breaches and intrusions.
Full text
Available for:
IJS, IMTLJ, KILJ, KISLJ, NUK, SBCE, SBJE, UL, UM, UPCLJ, UPUK
The establishment of an efficient access control system in healthcare intranets is a critical security issue directly related to the protection of patients' privacy. Our C-TMAC (Context and ...Team-based Access Control) model is an active security access control model that layers dynamic access control concepts on top of RBAC (Role-based) and TMAC (Team-based) access control models. It also extends them in the sense that contextual information concerning collaborative activities is associated with teams of users and user permissions are dynamically filtered during runtime. These features of C-TMAC meet the specific security requirements of healthcare applications. In this paper, an experimental implementation of the C-TMAC model is described. More specifically, we present the operational architecture of the system that is used to implement C-TMAC security components in a healthcare intranet. Based on the technological platform of an Oracle Data Base Management System and Application Server, the application logic is coded with stored PL/SQL procedures that include Dynamic SQL routines for runtime value binding purposes. The resulting active security system adapts to current need-to-know requirements of users during runtime and provides fine-grained permission granularity. Apart from identity certificates for authentication, it uses attribute certificates for communicating critical security metadata, such as role membership and team participation of users.
Full text
Available for:
DOBA, IJS, IZUM, KILJ, NUK, PILJ, PNG, SAZU, UILJ, UKNU, UL, UM, UPUK
339.
Enforceable security policies Schneider, F.B.
Foundations of Intrusion Tolerant Systems, 2003 Organically Assured and Survivable Information Systems,
2003
Conference Proceeding
Provider: - Institution: - Data provided by Europeana Collections- Zemanek, Krzysztof red.- Lodz University of Technology Library. Digital Content Creation and Access Management Department.- ...Electronic version : digitisation- Biblioteka Politechniki Łódzkiej. Oddział Tworzenia Zasobów Cyfrowych.- Wersja elektroniczna : wtórna- All metadata published by Europeana are available free of restriction under the Creative Commons CC0 1.0 Universal Public Domain Dedication. However, Europeana requests that you actively acknowledge and give attribution to all metadata sources including Europeana