Information security governance in the public sector involves risk management, accountability frameworks, network security, e-government systems infrastructure, mitigation plans, and alignment with corporate strategy. It equips organizations with the ability to deal with the security of their vital information assets systematically. However, several recent hacking incidents reveal the fact that substandard governance processes are among the common causes of weak security measures in most organizations. This study has been conducted following the established protocol outlined in the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines. Systematic Mapping Review (SMR) initially identified 1496 papers, and this reviews and reports on 41 papers. The reviewed literature emphasizes the adherence to recognized governance standard frameworks such as ISO/IEC 27,001, EU General Data Protection Regulations (GDPR), and EU Network and Information Security Act (NIS) for providing effective information security guidance frameworks in the public sector. However, a general scarcity is found regarding the best practices followed in the area of information security compliance. There is a lack of employing key performance indicators, risk assessment measures, security maturity models in organizations, and compliance audits. Additionally, the study suggests that, to some extent, the adoption of appropriate information security governance procedures is linked with available budgeted resources for individual organizations. The study results can serve as a starting point for the research and practitioners’ community in the area of information security governance.

Improving and strengthening cybersecurity in the public sector should represent a top priority for government agencies, including municipalities and regions. To be resilient against cyberattack surges, organizations should consider establishing a cybersecurity program based on international standards and best practices. In this paper we explore the cybersecurity compliance in the Swedish public sector in relation to the best practices and guidelines highlighted in the ISO/IEC 27001A framework. Our findings indicate that the overall security status among the municipalities and regions contained many flaws, with substantial holes and critical issues. ISO/IEC 27001A creates a standardized base, but it is somewhat theoretical and starts with a policy, not providing insights on how to govern information security. Also, most of these “ISO/IEC”-related gaps were found to have been compiled into a single “Technology” domain. Though compliance with standards, best practices, and regulatory requirements can help reduce cyber risks, it does not guarantee that an organization will have strong cybersecurity. To address this issue and assess how well organizations can protect, discern, react, and recover from cyberattacks, an effective method for measuring security performance must be developed.

During the past two years, the entire world has been coping with the consequences of the COVID-19 pandemics. The need for physical distancing, forced an accelerated digital transformation of the education sector. The emergency remote education (ERE) has been manifested differently across diverse countries in the world. In this paper, we bring a case study about students’ and teachers’ impressions and experiences regarding the changes that have happened due to pandemic conditions in university courses in informatics at a Swedish university. This research is conducted through a mix of quantitative and qualitative empirical data. These data have been collected through the students surveys, course logs, as well as teachers and ICT pedagogue interviews. The collected data have been analyzed through the technology-mediated learning (TML) theoretical framework. Based on the thematic analysis on the collected data, we have identified three main themes: a) Preparedness, b) Challenges with ERE and c) Opportunities with ERE. As a result, through analyzing data in the light of the ERE experiences that encompasses the educational process, affordance, and beliefs, knowledge, and practices, we provide a set of lessons-learned experiences and indicate the possible lines of actions when it comes to the learning design in the constrained pandemic situations.

This paper discusses the coordinated use of the Soft Systems Methodology (SSM) learning cycle with additional bodies of knowledge. This approach furthers focused understanding and appreciation for taking action within social systems. Adapting the SSM learning cycle extends the richness of the real-world situation understood from an analytic soft systems perspective to encompass the appreciation of a problematical situation using additional bodies of knowledge to explain and explore. Examples illustrate using SSM to foster learning and improve teaching in a research education practice, in a national level research project and, further, in professional in-service at advanced level education.

This paper addresses the Covid-19 pandemic and the need to find innovative approaches to fight transmission when societies open up. Throughout the pandemic, a number of countries have released mobile applications for contact tracing which has sparked a debate about privacy and ethics. To complement existing solutions, this paper proposes a different approach. This paper presents a design concept for an application promoting health behavior change based on Bluetooth proximity estimation and nudging theory. The approach is underpinned by current understanding of the main transmission routes, the risk of asymptomatic spreaders, and evidence of physical distancing to reduce transmission risk. The aim of this mobile system is to promote physical distancing, in line with public health guidelines promoted all over the globe. The concept stems from design thinking and a shift in perspective: from solutions focused on tracking infections to solutions focused on primary prevention by supporting human behavior.

Strategic Information Systems research has faced a significant methodological shortcoming in the recent decades. That is, while scholars appreciate the systemic nature of implications of digital technologies on operational and competitive environments, and the two-way relationship between investments in digital technologies and strategic moves, mainstream analytical approaches fail to grasp such systemic and bidirectional relationships. Consequently, cumulative research does not provide comprehensive contextualising and theorising the implications of emerging digital technologies on digital transformation of organizations, markets and industries. Investigating the process of digital transformation in an insurance company through the lenses of the Appreciative Systems Models for over eight years, we believe that the model can serve as the philosophical underpinning to devise new analytical models for investigating strategic information systems in a holistic perspective.

The model starts with two stranded ropes that depict the constant flux of events and ideas in the day-to-day life. Actors perceptions of such events and ideas could lead to interventions, or actions, that are justified through judgments and standers. The key point here is that both appreciations and actions affect not only the future flux of events and ideas, but also standards and values that future appreciations would be judged against. In the contexts of digital transformation, the flux of events and ideas represents technological innovations, disruptions and other emerging factors that shape the operational and competitive environments. Appreciations represent strategic intents that are formed by the managements perceptions and judged by the firms experience in acquiring and levering digital technologies. Actions represent business model reconfigurations in order to execute strategic intents. Using this model to develop a timeline based on each time that the organization undergo a change process, could help scholars, and practitioners alike, better understand emerging strategic intentions against the organizational technological and strategic know-how.

Security problems we have to deal with today regarding Internet are created by ourselves. Internet, initially created to handle US Government data traffic, evolved to become communication between different research institutes. The protocols that were used had no security at all. Today we still use this network to almost everything and the complexity has grown tremendously. Compared to when the network initially was created, we now try to protect assets rather than just communicate, divide users according to permission and accessibility, and deal with privacy issues. Basically, everything is depending on the network that initially was created with no security.

Privacy has been a critical security aspect for the EU, but with the event of the GDPR privacy is both a legal aspect and an auditable ICT concept. GDPR includes topics like: owning your own data, independent of who collected it and where it is stored, and; the right to be forgotten. Each data collector also needs to have a complete data-flow map, describing any privacy data sets in a flow, to make these traceable and ready for audit inspection. Any organization handling EU residents’ data, needs to adhere to proactive Information Security processes. 

GDPR is based on the principles of Governance, Risk, and Compliance. It is not a purely legal construct; it is a management and strategy issue, not an IT issue. Further examples relate to cloud services with distributed resources, which illustrate the complex problem situation.

There is a need for a new perspective, moving from systems management to data flow management. We propose a systemic model which illustrate processes and flows within a fractal structure; we build on Beer’s Viable System Model. Such a model enables mapping of complexity and data flows and provide a tool for auditing and, thus, enable meeting the requirements of GDPR.

Despite ever accelerating workplace changes, including rapidly expanding technological access and fast improving information and communication systems, the education system in Kosovo is not fully developed enough to provide a high-quality research-based education in Information and Communication Technology. Coping simultaneously with varied national priorities, Kosovo – a small country with 2 million inhabitants and a national budget of only 2.3 billion – lacks the needed investments to fundamentally transform the quality of the education system. A funded ICT doctoral program would address today’s workforce priorities and requirements. The design and delivery of a national PhD program in ICT is crucial for Kosovo in order to ensure competitive readiness within the regional education systems and national economies of the West Balkans - and beyond. This paper argues the need for PhD programs and offers insights into a proposed project, the aim of which is to put Kosovo on the map by offering a PhD in the ICT field.

IT-enabled innovations continually disrupt logics of value, competition and organisation in a growing number of industries. Increasingly, value is created, delivered and captured in complex cross-industry value networks through which external resources and capabilities are accessed. Accordingly, strategic intentions for interorganisational collaborations have become an integral part of the overall strategic framework for firms operating in such environments.

Driving from the Appreciative Systems Model, Digital capability and Strategy as Practice perspectives, the proposed model illustrates how and why strategic decisions are made and sustained in complex digitalised environments. That is, events and ideas such as technological change, competition, business trends or internal shortcomings leads to formulation of strategic intentions that are validated by the organisational digital capability. The action phase that follows might involve business model reconfiguration and investments in new IS competencies. Lessons learnt during such cycle adding to the newly acquired IS competencies reinforces the organisational digital capability, which elevates the standards used for formulating future appreciations. 

In line with the emerging literature on the concept of digital capability, the proposed framework accounts for the two-way relationship between IS/IT and organisational strategies. That is, previous investments in IS/IT functions affect standards and perceptions of events and ideas, which lead to changed appreciations. The action phase that follows might include investments in new IS/IT functions which in turn affect the future cycles. The concepts of appreciation and action also comply with the notions of strategy as intended (appreciation) verses strategy as executed (action), and how both of them affect future cycles.

During the 2017 Spring semester, international educators from Sweden and the United States collaborated on delivery of an Information Systems, Analysis, Design and Modeling graduate course at the University for Business and Technology (UBT) in Kosovo. In the Spring of 2018, the team taught course was offered a second time, with both graduate and undergraduate students. In the first year, student work focused on the conceptual design of a UBT Knowledge Center ecosystem, using Soft Systems Methodology (SSM) co-design tools. The Spring 2018 course built upon and expanded this work through more granular exploration of possible local systems designs for making local knowledge discoverable, employing SSM and emphasizing Informed Learning to foster an enriched exploration of the topic. Differences between the pedagogical course design and student experience reflections will be explored in this paper to highlight the impact of ‘flipped classroom’ teaching and cross- disciplinary/cross-degree group work, within the larger context of systems thinking educational efficacy.