Authors: Ja'far Alqatawna, Jawed Siddiqi, Babak Akhgar, Mohammad Hjouj Btoush

Abstract:

A great deal of research works in the field information systems security has been based on a positivist paradigm. Applying the reductionism concept of the positivist paradigm for information security means missing the bigger picture and thus, the lack of holism which could be one of the reasons why security is still overlooked, comes as an afterthought or perceived from a purely technical dimension. We need to reshape our thinking and attitudes towards security especially in a complex and dynamic environment such as e- Business to develop a holistic understanding of e-Business security in relation to its context as well as considering all the stakeholders in the problem area. In this paper we argue the suitability and need for more inductive interpretive approach and qualitative research method to investigate e-Business security. Our discussion is based on a holistic framework of enquiry, nature of the research problem, the underling theoretical lens and the complexity of e-Business environment. At the end we present a research strategy for developing a holistic framework for understanding of e-Business security problems in the context of developing countries based on an interdisciplinary inquiry which considers their needs and requirements.

Keywords: e-Business Security, Complexity, Methodological considerations, interpretive qualitative research and Case study method.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1073339

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1468

References:

[1] Marchany, R. and Tront, J. 2002: E-commerce Security Issues, hicss, p. 193, 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 7, IEEE.
[2] Siponen, T. and Oinas-Kukkonen, H. 2007: A review of information security issues and respective research contributions, The DATA BASE for Advances in Information Systems, Volume 38, Number 1, ACM.
[3] Clarke, R. 2001: If e-Business is Different Then So is Research in e- Business, IFIP TC8 Working Conference on E-Commerce/E-Business, Salzburg. URL: http://www.anu.edu.au/people/Roger.Clarke/EC/EBR0106.html
[4] ITU 2007 Cybersecurity guide for developing countries, URL: http://www.itu.int/ITU-D/cyb/publications/2007/cgdc-2007-e.pdf
[5] OECD 2002 Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, URL: http://www.oecd.org/dataoecd/16/22/15582260.pdf
[6] Yngström, L. and Björck, F. 1999: The Value and Assessment of Information Security Education and Training, in Yngström, L. and Fischer-Hubner, S. (eds): Proceedings of WISE1 - First World Conference on Information Security Education, 17-19 June 1999 Kista Sweden (IFIP TC11 WG11.8).
[7] James, H., 1996 "Managing information systems security: a soft approach," iscnz, p. 10, Information Systems Conference of New Zealand (ISCNZ '96), IEEE
[8] Oates, B. 2006: Researching information systems and computing. London: SAGE.
[9] Katsikas, S., Lopez, J. and Pernul, G. 2005: Trust, Privacy and Security in E-business: Requirements and Solutions, Proc. of the 10th Panhellenic Conference on Informatics(PCI-2005), Volos, Greece, pp. 548-558.
[10] Alqatawna, J., Siddiqi, J., Akhgar, B., and Btoush, M. 2008a: Towards Holistic Approaches to Secure e-Business: A Critical Review, proceedings of EEE'08, Las Vegas, USA, 2008.
[11] Alqatawna, J., Siddiqi, J., Akhgar, B. and Btoush, M. 2008b: A Holistic Framework for Secure e-Business, proceedings of EEE'08, Las Vegas, USA, 2008.
[12] Trauth, E. 2001: The choice of qualitative methods in IS research in Trauth, E. 2001: Qualitative research in IS: issues and trends, London: Idea Group.
[13] Myers, M. 1997: Qualitative Research in Information Systems. MISQ URL: http://www.misq.org/discovery/MISQD_isworld/
[14] Orlikowski, W. & Baroudi, J. 1991: Studying Information Technology in Organizations: Research Approaches and Assumptions", Information Systems Research (2).
[15] Chua, W.F. 1986: Radical Developments in Accounting Thought, The Accounting Review (61).
[16] Newman, I., Ridenour, C., Newman, C. and George, Jr. 2003: A Typology of Research Purposes and Its Relationship to Mixed Methods. In Handbook of mixed methods in social and behavioural research / editors, Tashakkori, A. and Teddlie, C. Thousand Oaks, Calif; London: SAGE.
[17] Wilson, B. 1990: Systems: Concepts, Methodologies and Applications, John Wiley & Sons Ltd. In Avison, D. and Fitzgerald, G. 1995: Information systems development: methodologies, techniques and tools. 2nd Ed. McGraw-Hill.
[18] Zakaria, O. 2004: Understanding Challenges of Information Security Culture: A Methodological Issue, Proceedings of the 2nd Australian Information Security Management Conference, Perth, Australia.
[19] Lee, T. 1999: Using qualitative methods in organizational research, Sage, London.
[20] Straub, D., Gefen, D., and Boudreau, M.-C. 2004: The ISWorld Quantitative, Positivist Research Methods Website, URL: http://dstraub.cis.gsu.edu:88/quant/
[21] Creswell, J.1994: Research Design: qualitative and quantitative approaches, Sage.
[22] Kvale, S. 1996: InterViews: an introduction to qualitative research interviewing, Sage.
[23] Bolan, C., and Mende, D. 2004: Computer Security Research: Approaches and Assumptions. Paper presented at the 2nd Australian Information Security Management Conference, Perth, WA.
[24] Meyers, D. and Avison, E. 2002: Qualitative research in information systems: s reader, London: SAGE.
[25] Cassell, C. and Symon, G, 2004: Essential guide to qualitative methods in organizational research, London: SAGE.
[26] Orlikowski, W. 1993: CASE Tools as Organizational Change: Investigating Incremental and Radical Changes in Systems Development, MIS Quarterly (17:3).
[27] Hartley, J. 2004: Case Study Research. In Essential guide to qualitative methods in organizational research, edited by Cassell, C. and Symon, G., London: SAGE.
[28] Yin, R. 2003: Case study research design and methods, 3ed Ed. London: SAGE.
[29] Benbasat, I., Goldstein D., and Mead, M. 1987: The Case Research Strategy in Studies of Information Systems, Society for Information Management and The Management Information Systems Research Center.
[30] Stake, R. 1995: The Art of case study research, London: SAGE.
[31] Aladwani, A. 2003: Key Internet characteristics and e-commerce issues in Arab countries, Information Technology & People Vol. 16 No. 1.
[32] Shalhoub, Z. 2006: Trust, privacy, and security in electronic business: the case of the GCC countries, Information Management & Computer Security.
[33] Eisenhardt, M. 1989: Building Theories from Case Study Research, Academy of Management Review (14:4).
[34] King, N. 2004: Using interviews in qualitative research, in Essential guide to qualitative methods in organizational research, edited by Cassell, C. and Symon, G., London: SAGE.
[35] Seaman, C. 1999: Qualitative methods in Empirical studies of Software Engineering, Transaction of software engineering, IEEE.
[36] Bryman, A. 2001: Social research methods, 3ed Ed. Oxford University Press.