A great deal of research works in the field information
systems security has been based on a positivist paradigm. Applying
the reductionism concept of the positivist paradigm for information
security means missing the bigger picture and thus, the lack of holism
which could be one of the reasons why security is still overlooked,
comes as an afterthought or perceived from a purely technical
dimension. We need to reshape our thinking and attitudes towards
security especially in a complex and dynamic environment such as e-
Business to develop a holistic understanding of e-Business security in
relation to its context as well as considering all the stakeholders in
the problem area. In this paper we argue the suitability and need for
more inductive interpretive approach and qualitative research method
to investigate e-Business security. Our discussion is based on a
holistic framework of enquiry, nature of the research problem, the
underling theoretical lens and the complexity of e-Business
environment. At the end we present a research strategy for
developing a holistic framework for understanding of e-Business
security problems in the context of developing countries based on an
interdisciplinary inquiry which considers their needs and
requirements.
[1] Marchany, R. and Tront, J. 2002: E-commerce Security Issues, hicss, p.
193, 35th Annual Hawaii International Conference on System Sciences
(HICSS'02)-Volume 7, IEEE.
[2] Siponen, T. and Oinas-Kukkonen, H. 2007: A review of information
security issues and respective research contributions, The DATA BASE
for Advances in Information Systems, Volume 38, Number 1, ACM.
[3] Clarke, R. 2001: If e-Business is Different Then So is Research in e-
Business, IFIP TC8 Working Conference on E-Commerce/E-Business,
Salzburg. URL:
http://www.anu.edu.au/people/Roger.Clarke/EC/EBR0106.html
[4] ITU 2007 Cybersecurity guide for developing countries, URL:
http://www.itu.int/ITU-D/cyb/publications/2007/cgdc-2007-e.pdf
[5] OECD 2002 Guidelines for the Security of Information Systems and
Networks: Towards a Culture of Security, URL:
http://www.oecd.org/dataoecd/16/22/15582260.pdf
[6] Yngström, L. and Björck, F. 1999: The Value and Assessment of
Information Security Education and Training, in Yngström, L. and
Fischer-Hubner, S. (eds): Proceedings of WISE1 - First World
Conference on Information Security Education, 17-19 June 1999 Kista
Sweden (IFIP TC11 WG11.8).
[7] James, H., 1996 "Managing information systems security: a soft
approach," iscnz, p. 10, Information Systems Conference of New
Zealand (ISCNZ '96), IEEE
[8] Oates, B. 2006: Researching information systems and computing.
London: SAGE.
[9] Katsikas, S., Lopez, J. and Pernul, G. 2005: Trust, Privacy and Security
in E-business: Requirements and Solutions, Proc. of the 10th
Panhellenic Conference on Informatics(PCI-2005), Volos, Greece, pp.
548-558.
[10] Alqatawna, J., Siddiqi, J., Akhgar, B., and Btoush, M. 2008a:
Towards Holistic Approaches to Secure e-Business: A Critical
Review, proceedings of EEE'08, Las Vegas, USA, 2008.
[11] Alqatawna, J., Siddiqi, J., Akhgar, B. and Btoush, M. 2008b: A
Holistic Framework for Secure e-Business, proceedings of EEE'08, Las
Vegas, USA, 2008.
[12] Trauth, E. 2001: The choice of qualitative methods in IS research in
Trauth, E. 2001: Qualitative research in IS: issues and trends, London:
Idea Group.
[13] Myers, M. 1997: Qualitative Research in Information Systems. MISQ
URL: http://www.misq.org/discovery/MISQD_isworld/
[14] Orlikowski, W. & Baroudi, J. 1991: Studying Information Technology
in Organizations: Research Approaches and Assumptions", Information
Systems Research (2).
[15] Chua, W.F. 1986: Radical Developments in Accounting Thought, The
Accounting Review (61).
[16] Newman, I., Ridenour, C., Newman, C. and George, Jr. 2003: A
Typology of Research Purposes and Its Relationship to Mixed Methods.
In Handbook of mixed methods in social and behavioural research /
editors, Tashakkori, A. and Teddlie, C. Thousand Oaks, Calif; London:
SAGE.
[17] Wilson, B. 1990: Systems: Concepts, Methodologies and Applications,
John Wiley & Sons Ltd. In Avison, D. and Fitzgerald, G. 1995:
Information systems development: methodologies, techniques and tools.
2nd Ed. McGraw-Hill.
[18] Zakaria, O. 2004: Understanding Challenges of Information Security
Culture: A Methodological Issue, Proceedings of the 2nd Australian
Information Security Management Conference, Perth, Australia.
[19] Lee, T. 1999: Using qualitative methods in organizational research,
Sage, London.
[20] Straub, D., Gefen, D., and Boudreau, M.-C. 2004: The ISWorld
Quantitative, Positivist Research Methods Website, URL:
http://dstraub.cis.gsu.edu:88/quant/
[21] Creswell, J.1994: Research Design: qualitative and quantitative
approaches, Sage.
[22] Kvale, S. 1996: InterViews: an introduction to qualitative research
interviewing, Sage.
[23] Bolan, C., and Mende, D. 2004: Computer Security Research:
Approaches and Assumptions. Paper presented at the 2nd Australian
Information Security Management Conference, Perth, WA.
[24] Meyers, D. and Avison, E. 2002: Qualitative research in information
systems: s reader, London: SAGE.
[25] Cassell, C. and Symon, G, 2004: Essential guide to qualitative methods
in organizational research, London: SAGE.
[26] Orlikowski, W. 1993: CASE Tools as Organizational Change:
Investigating Incremental and Radical Changes in Systems
Development, MIS Quarterly (17:3).
[27] Hartley, J. 2004: Case Study Research. In Essential guide to qualitative
methods in organizational research, edited by Cassell, C. and Symon,
G., London: SAGE.
[28] Yin, R. 2003: Case study research design and methods, 3ed Ed. London:
SAGE.
[29] Benbasat, I., Goldstein D., and Mead, M. 1987: The Case Research
Strategy in Studies of Information Systems, Society for Information
Management and The Management Information Systems Research
Center.
[30] Stake, R. 1995: The Art of case study research, London: SAGE.
[31] Aladwani, A. 2003: Key Internet characteristics and e-commerce issues
in Arab countries, Information Technology & People Vol. 16 No. 1.
[32] Shalhoub, Z. 2006: Trust, privacy, and security in electronic business:
the case of the GCC countries, Information Management & Computer
Security.
[33] Eisenhardt, M. 1989: Building Theories from Case Study Research,
Academy of Management Review (14:4).
[34] King, N. 2004: Using interviews in qualitative research, in Essential
guide to qualitative methods in organizational research, edited by
Cassell, C. and Symon, G., London: SAGE.
[35] Seaman, C. 1999: Qualitative methods in Empirical studies of Software
Engineering, Transaction of software engineering, IEEE.
[36] Bryman, A. 2001: Social research methods, 3ed Ed. Oxford
University Press.
[1] Marchany, R. and Tront, J. 2002: E-commerce Security Issues, hicss, p.
193, 35th Annual Hawaii International Conference on System Sciences
(HICSS'02)-Volume 7, IEEE.
[2] Siponen, T. and Oinas-Kukkonen, H. 2007: A review of information
security issues and respective research contributions, The DATA BASE
for Advances in Information Systems, Volume 38, Number 1, ACM.
[3] Clarke, R. 2001: If e-Business is Different Then So is Research in e-
Business, IFIP TC8 Working Conference on E-Commerce/E-Business,
Salzburg. URL:
http://www.anu.edu.au/people/Roger.Clarke/EC/EBR0106.html
[4] ITU 2007 Cybersecurity guide for developing countries, URL:
http://www.itu.int/ITU-D/cyb/publications/2007/cgdc-2007-e.pdf
[5] OECD 2002 Guidelines for the Security of Information Systems and
Networks: Towards a Culture of Security, URL:
http://www.oecd.org/dataoecd/16/22/15582260.pdf
[6] Yngström, L. and Björck, F. 1999: The Value and Assessment of
Information Security Education and Training, in Yngström, L. and
Fischer-Hubner, S. (eds): Proceedings of WISE1 - First World
Conference on Information Security Education, 17-19 June 1999 Kista
Sweden (IFIP TC11 WG11.8).
[7] James, H., 1996 "Managing information systems security: a soft
approach," iscnz, p. 10, Information Systems Conference of New
Zealand (ISCNZ '96), IEEE
[8] Oates, B. 2006: Researching information systems and computing.
London: SAGE.
[9] Katsikas, S., Lopez, J. and Pernul, G. 2005: Trust, Privacy and Security
in E-business: Requirements and Solutions, Proc. of the 10th
Panhellenic Conference on Informatics(PCI-2005), Volos, Greece, pp.
548-558.
[10] Alqatawna, J., Siddiqi, J., Akhgar, B., and Btoush, M. 2008a:
Towards Holistic Approaches to Secure e-Business: A Critical
Review, proceedings of EEE'08, Las Vegas, USA, 2008.
[11] Alqatawna, J., Siddiqi, J., Akhgar, B. and Btoush, M. 2008b: A
Holistic Framework for Secure e-Business, proceedings of EEE'08, Las
Vegas, USA, 2008.
[12] Trauth, E. 2001: The choice of qualitative methods in IS research in
Trauth, E. 2001: Qualitative research in IS: issues and trends, London:
Idea Group.
[13] Myers, M. 1997: Qualitative Research in Information Systems. MISQ
URL: http://www.misq.org/discovery/MISQD_isworld/
[14] Orlikowski, W. & Baroudi, J. 1991: Studying Information Technology
in Organizations: Research Approaches and Assumptions", Information
Systems Research (2).
[15] Chua, W.F. 1986: Radical Developments in Accounting Thought, The
Accounting Review (61).
[16] Newman, I., Ridenour, C., Newman, C. and George, Jr. 2003: A
Typology of Research Purposes and Its Relationship to Mixed Methods.
In Handbook of mixed methods in social and behavioural research /
editors, Tashakkori, A. and Teddlie, C. Thousand Oaks, Calif; London:
SAGE.
[17] Wilson, B. 1990: Systems: Concepts, Methodologies and Applications,
John Wiley & Sons Ltd. In Avison, D. and Fitzgerald, G. 1995:
Information systems development: methodologies, techniques and tools.
2nd Ed. McGraw-Hill.
[18] Zakaria, O. 2004: Understanding Challenges of Information Security
Culture: A Methodological Issue, Proceedings of the 2nd Australian
Information Security Management Conference, Perth, Australia.
[19] Lee, T. 1999: Using qualitative methods in organizational research,
Sage, London.
[20] Straub, D., Gefen, D., and Boudreau, M.-C. 2004: The ISWorld
Quantitative, Positivist Research Methods Website, URL:
http://dstraub.cis.gsu.edu:88/quant/
[21] Creswell, J.1994: Research Design: qualitative and quantitative
approaches, Sage.
[22] Kvale, S. 1996: InterViews: an introduction to qualitative research
interviewing, Sage.
[23] Bolan, C., and Mende, D. 2004: Computer Security Research:
Approaches and Assumptions. Paper presented at the 2nd Australian
Information Security Management Conference, Perth, WA.
[24] Meyers, D. and Avison, E. 2002: Qualitative research in information
systems: s reader, London: SAGE.
[25] Cassell, C. and Symon, G, 2004: Essential guide to qualitative methods
in organizational research, London: SAGE.
[26] Orlikowski, W. 1993: CASE Tools as Organizational Change:
Investigating Incremental and Radical Changes in Systems
Development, MIS Quarterly (17:3).
[27] Hartley, J. 2004: Case Study Research. In Essential guide to qualitative
methods in organizational research, edited by Cassell, C. and Symon,
G., London: SAGE.
[28] Yin, R. 2003: Case study research design and methods, 3ed Ed. London:
SAGE.
[29] Benbasat, I., Goldstein D., and Mead, M. 1987: The Case Research
Strategy in Studies of Information Systems, Society for Information
Management and The Management Information Systems Research
Center.
[30] Stake, R. 1995: The Art of case study research, London: SAGE.
[31] Aladwani, A. 2003: Key Internet characteristics and e-commerce issues
in Arab countries, Information Technology & People Vol. 16 No. 1.
[32] Shalhoub, Z. 2006: Trust, privacy, and security in electronic business:
the case of the GCC countries, Information Management & Computer
Security.
[33] Eisenhardt, M. 1989: Building Theories from Case Study Research,
Academy of Management Review (14:4).
[34] King, N. 2004: Using interviews in qualitative research, in Essential
guide to qualitative methods in organizational research, edited by
Cassell, C. and Symon, G., London: SAGE.
[35] Seaman, C. 1999: Qualitative methods in Empirical studies of Software
Engineering, Transaction of software engineering, IEEE.
[36] Bryman, A. 2001: Social research methods, 3ed Ed. Oxford
University Press.
@article{"International Journal of Business, Human and Social Sciences:58804", author = "Ja'far Alqatawna and Jawed Siddiqi and Babak Akhgar and Mohammad Hjouj Btoush", title = "E-Business Security: Methodological Considerations", abstract = "A great deal of research works in the field information
systems security has been based on a positivist paradigm. Applying
the reductionism concept of the positivist paradigm for information
security means missing the bigger picture and thus, the lack of holism
which could be one of the reasons why security is still overlooked,
comes as an afterthought or perceived from a purely technical
dimension. We need to reshape our thinking and attitudes towards
security especially in a complex and dynamic environment such as e-
Business to develop a holistic understanding of e-Business security in
relation to its context as well as considering all the stakeholders in
the problem area. In this paper we argue the suitability and need for
more inductive interpretive approach and qualitative research method
to investigate e-Business security. Our discussion is based on a
holistic framework of enquiry, nature of the research problem, the
underling theoretical lens and the complexity of e-Business
environment. At the end we present a research strategy for
developing a holistic framework for understanding of e-Business
security problems in the context of developing countries based on an
interdisciplinary inquiry which considers their needs and
requirements.", keywords = "e-Business Security, Complexity, Methodological
considerations, interpretive qualitative research and Case study
method.", volume = "3", number = "1", pages = "60-8", }
