The paper’s research purpose is to discuss the key firm-specific IT capability and its impact on the business value of IT. In the context of IT application in China, the paper builds research model based on Resource-Based View, this model describes how the partnership between business and IT management partially mediates the effects of IT infrastructure capability and managerial IT skills on th...

Previous empirical studies examining the relationship between IT capability and accountingbased measures of firm performance report mixed results. We argue that extant research (1) has relied on aggregate overall measures of the firm’s IT capability, ignoring the specific type and nature of IT capability; and (2) has not fully considered important contextual (environmental) conditions that infl...

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....

A risk inventory provides an integrated view on risk management artifacts, e.g., risks, risk controls, and performance indicators. In this paper, we show how adapting the enterprise architecture management processes (EAM) may provide a foundation for an integrated IT risk inventory. Based on a design research approach, we develop a systematic approach for integrating the disciplines of risk man...

in many applications the quality of a process or product is best characterized and summarized by a functional relationship between a response variable and one or more explanatory variables. profile monitoring is used to understand and to check the stability of this relationship over time. therefore checking the capability of a profile seems essential. process capability indices have become very...

In this paper we propose a novel approach for the systematic assessment and analysis of IT related risks in organisations and projects. The approach is model-driven using an enterprise architecture as the basis for the security management process. Using an enterprise architecture it is possible to provide an integrated description of an organisation’s structure, processes and its underlying IT ...

IT risk management is an important challenge for businesses and software vulnerabilities are a major source of IT risks, as the 2006 CSI/FBI Computer Crime and Security Survey [GLLR06] demonstrates. According to the survey, many companies consider it important to quantify the losses attacks against their IT systems cause but are unable to do so. In service-oriented architectures, we see a promi...

It has been proved that process capability indices provide very efficient measures of the capability of processes from many different perspectives. These indices have been widely used in the manufacturing industry for measuring process reproduction capability according to manufacturing specifications. In the past few years, univariate capability indices have been introduced and used to characte...