Information Security in the Extended Enterprise: A Research Agenda

Today most companies are closely knit together with and thus dependent on suppliers, allies, customers, and public authorities. Member companies in such an extended enterprise or “business network” are either forced or volunteer to meet certain security objectives as a whole. As a consequence, the business network needs to agree on a common strategy, joint processes and technical interfaces to meet regulatory or voluntary requirements from industry standards. Reality shows that – even if standards exist – they are not harmonized and access and reconciliation between partners is sometimes legally, if not technically impossible, or simply too expensive. The serious and economic assessment of risks, already tough on the internal scale, becomes almost an insurmountable obstacle when considering the entire business network. This paper’s objective is to emphasize the importance of security in business networks for research and practice. Since there is little research available, it raises major questions to be answered by a future research agenda. A basic research framework is derived based on related research, an observation of the interdependencies of firms and a series of cases from different industry sectors. Finally, the paper discusses which factors and incentives might be catalysts for the adoption of such a framework by a single firm, business network, or even public welfare.

[1]  Fred A. Cummins,et al.  Enterprise Information Management , 2009 .

[2]  Liisa von Hellens,et al.  Qualitative Research in Information Systems , 2007, Australas. J. Inf. Syst..

[3]  Lutz Kolbe,et al.  CRM collaboration in financial services networks: a multi-case analysis , 2006, J. Enterp. Inf. Manag..

[4]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[5]  Rahul Telang,et al.  Enterprise Information Security: Who Should Manage it and How? , 2006, WEIS.

[6]  Martin Naedele,et al.  IT Security for Automation Systems , 2018, The Industrial Information Technology Handbook.

[7]  Mikko T. Siponen,et al.  Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods , 2005, Inf. Organ..

[8]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[9]  Rainer Alt,et al.  Towards an Integrated Architecture and Assessment Model for Financial Sourcing , 2005 .

[10]  Ulrike Baumöl,et al.  Business Engineering in der Praxis , 2005 .

[11]  M. Eric Johnson,et al.  Information Security in the Extended Enterprise: Some Initial Results From a Field Study of an Industrial Firm , 2005, WEIS.

[12]  Douglas M. Lambert,et al.  Supply Chain Management: Processes, Partnerships, Performance , 2004 .

[13]  James D. Gilsinn,et al.  IT Security for Industrial Control Systems: Requirements Specification and Performance Testing Presented at the 2004 NDIA Homeland Security Symposium & Exhibition Hyatt Regency, Crystal City, Virginia, May 25-27, 2004 , 2004 .

[14]  Ulfert Gartz Enterprise Information Management , 2004 .

[15]  Edward W. Davis,et al.  Extended enterprise, the: gaining competitive advantage through collaborative supply chains , 2003 .

[16]  Bernd Heinrich,et al.  Nutzung und Entwicklung von Geschäftsmodellen — Ergebnisse des Kompetenzzentrums Bankenarchitekturem im Informationszeitalter , 2003 .

[17]  Keely L. Croxton The Order Fulfillment Process , 2003 .

[18]  H. Kunreuther,et al.  Interdependent Security , 2003 .

[19]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[20]  Dana A. Shea Critical Infrastructure: Control Systems and the Terrorist Threat [Updated October 1, 2002] , 2002 .

[21]  Howard Kunreuther,et al.  Risk Analysis and Risk Management in an Uncertain World 1 , 2002, Risk analysis : an official publication of the Society for Risk Analysis.

[22]  M. Amin,et al.  Security challenges for the electricity infrastructure , 2002 .

[23]  Joseph A. Falco,et al.  IT Security for Industrial Control Systems , 2002 .

[24]  E. Fleisch,et al.  Business Networking: Managing the Transformation Towards Networked Enterprises , 2000 .

[25]  Julia M. Fromholz The European Union Data Privacy Directive , 2000 .

[26]  Izak Benbasat,et al.  Empirical Research in Information Systems: The Practice of Relevance , 1999, MIS Q..

[27]  Elgar Fleisch,et al.  Business Networking and Software Quality Management. Software Quality - The Way to Excellence. , 1999 .