Journal of Information Systems Education (JISE)

Current Issue

Volume 28 Number 1, November 2017

1 Teaching Case: A Systems Analysis Role-Play Exercise and Assignment
Michel Mitri, James Madison University
Carey Cole, James Madison University
Laura Atkins, James Madison University
11 Faculty Workshops for Teaching Information Assurance through Hands-On Exercises and Case Studies
Xiaohong Yuan, North Carolina A&T State University
Kenneth Williams, North Carolina A&T State University
Huiming Yu, North Carolina A&T State University
Audrey Rorrer, University of North Carolina - Charlotte
Bei-Tseng Chu, University of North Carolina - Charlotte
Li Yang, University of Tennessee - Chattanooga
Kathy Winters, University of Tennessee - Chattanooga
Joseph Kizza, University of Tennessee - Chattanooga
21 Learning Outcomes for Cyber Defense Competitions
Amy B. Woszczynski, Kennesaw State University
Andrew Green, Kennesaw State University
43 Approaches to Incorporating IT Entrepreneurship into the Information Systems Curriculum
Christopher G. Jones, California State University - Northridge
David Liu, California State University - Northridge
59 An Integrated Learning Approach to Teaching an Undergraduate Information Systems Course
Robert J. Riordan, Carleton University
Michael J. Hine, Carleton University
Tim C. Smith, University of Tampa

Forthcoming Papers

(hover over paper title to see the abstract)

Teaching Case: ComprehensiveCare and the Failed Implementation of an Electronic Health Records System Abstract
Administrator Jennifer Stanton attempts to adopt an Electronic Health Records system at ComprehensiveCare, a multispecialty healthcare practice. Consultants from the vendor provide guidance to the organization, but do not provide that guidance in a way that the non-technical administrator understands. The project experiences escalation of commitment as the administrator attempts to budget for a project that requires unforeseen infrastructure investments. Customizations undertaken at the behest of the managing partner, Dr. Francine Harris, make using the system slow. This interruption in workflow incites user resistance, derailing the benefits that ComprehensiveCare expects to gain from the adoption. The owner-physicians on the board of directors must decide whether to require Jennifer to pull the plug on the system.

This is the first case in a series of three cases concerning ComprehensiveCare’s adoption of Electronic Health Records. This case challenges readers to examine escalation of commitment in a real-life context and appreciate that while each decision could make sense on its own, in totality, the project is clearly out of control. Readers must then decide whether to abandon the system by “pulling the plug” or to undergo a rebranding plan to save the investments. This case provides a context that would be relevant in a graduate-level IS management course, an undergraduate fundamentals course, or a project management course.

David L. Gomillion
Teaching Case: ComprehensiveCare and the Re-Adoption of an Electronic Health Records System: Preparing for a Successful Adoption after a Failed Attempt Abstract
After a prior failed adoption, ComprehensiveCare plans for a second attempt in adopting Electronic Health Records. The owner-physicians on the board of directors have replaced the administrator due in part to the missteps of the prior adoption. William Shoemaker, the new administrator, must grapple with several important decisions to provide the highest likelihood of success for adopting the large-scale system. He must decide how the organization should choose the new system, the extent to which the system should be customized to their organization’s idiosyncrasies, who should be responsible for tactical decisions in the customizations that are planned, what role consultants should play for their small to medium enterprise, how training should be accomplished, and finally how the implementation should be scheduled.

This is the second case in a series of three cases concerning ComprehensiveCare’s adoption of Electronic Health Records. This case challenges readers to make decisions based on the organizational context. Part two, provided in the teaching notes, updates readers on decisions made by the board and provides readers the opportunity to think critically about the potential ramifications of those decisions. This case provides a context that would be most relevant in a graduate level IS management course, an undergraduate fundamentals course, or a project management course.

David L. Gomillion
Teaching Case: ComprehensiveCare and the Stalled Adoption of an Electronic Health Records System: IT Governance and Employee Succession Abstract
ComprehensiveCare, a multi-specialty healthcare organization, struggles to implement Electronic Health Records. The first adoption failed outright because the customizations made the system unusable. The second attempted adoption has not officially failed yet, but the system fails to live up to the expectations. It lingers on the edge of usefulness: staff members cannot use it real-time for most things, but the interfaces to the equipment prove helpful. Temporary staff members enter information from the day’s work after-hours, which wastes productivity.

In this adoption, IT decides what customizations can be made. In addition, the IT department provides all training for staff members. IT gains the unfortunate moniker of the “no-help desk” because IT chooses to keep the system as close to the default vendor configurations as possible. This creates a system that does not work well with ComprehensiveCare’s processes. William, the administrator, and the board of directors must now decide how to manage and leverage IT assets to complete the implementation.

This is the final case in a series of three cases following ComprehensiveCare’s adoption of Electronic Health Records. It covers the decision-making necessary for ComprehensiveCare to correct the adoption that is lingering in disuse. This is the final set of decisions required before the adoption ultimately succeeds. This case provides a context that would be most relevant in a graduate level IS management course, an undergraduate fundamentals course, or a project management course.

David L. Gomillion
Maintaining a Cybersecurity Curriculum: Professional Certifications as Valuable Guidance Abstract
Much has been published about developing a cybersecurity curriculum for institutes of higher learning (IHL). Now that a growing number of IHLs globally offer such programs, a need exists on how to guide, maintain, and improve the relevancy of existing curricula. Just as cybersecurity professionals must hone their skills continually to keep up with a constantly shifting threat landscape, cybersecurity programs need to evolve to ensure they continue to produce knowledgeable graduates. In this regard, professional certifications in the cybersecurity industry offer an opportunity for IHLs to maintain a current curriculum. Governing bodies that manage professional certifications are highly motivated to ensure their certifications maintain their currency in the competitive marketplace. Moreover, employers who hire security professionals look for certifications in assessing a candidate’s overall credentials. This paper attempts to fill a void in the literature by exploring the use of professional certifications as helpful input to shaping and maintaining a cybersecurity curriculum. To this end, we offer a literature analysis that shows how changes made to professional certifications are applicable and relevant to maintaining cybersecurity curriculum. We then provide a case study involving an undergraduate cybersecurity program in a mid-sized university in the United States. Before concluding, we discuss topics such as experiential learning, cybersecurity capstone courses and the limitations to our approach.

Kenneth J. Knapp, Christopher Maurer, and Miloslava Plachkinova
Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets Abstract
Information Security issues are one of the top concerns of CEOs (Plant, 2014). Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users’ compliance to information security policies. We contribute to this literature by arguing that proper implementation of security policies requires effective training. Specifically, we argue that adherence to security policies could be improved by using training strategies where written policies are ‘shown’. To test our assertion, we use a scenario that users often face when browsing – installation of java applets. Based on previous literature, we identified key antecedents of compliance and tested their effectiveness in experimental setting. One group of users got guidance from written policy, whereas the other group was ‘shown’ the meaning of the written policy in the form of a video. Our contribution is simple yet powerful – effective information security training can be accomplished when users are shown the reasons behind the written policies. In other words, in addition to written policies, it is beneficial to actually ‘show’ what the policies accomplish.

Rama Ayyagari and Norilyz Figeuroa

About JISE

ISSN#: 1055-3096 (print)
ISSN#: 2574-3872 (online)

The Journal of Information Systems Education (JISE) is a peer reviewed journal published quarterly that focuses on IS education, pedagogy, and curriculum including (but not limited to) model curriculum, course projects/cases, course materials, curriculum design & implementation, outcomes assessment, distance education challenges, capstone & service learning projects, technology selection & impact, and information security.

The mission of JISE is to be the premier journal on information systems (IS) education. To support that mission, JISE emphasizes quality and relevance in the papers that it publishes. In addition, JISE recognizes the international influences on IS education and seeks international input in all aspects of the journal, including content, authorship of papers, readership, paper reviews, and Editorial Board membership.

JISE operates as a Diamond Open Access journal. This means that there are no subscription fees, no submission/processing fees, and no publication fees. All papers published in JISE have undergone rigorous peer review. This includes an initial editor screening and double-blind refereeing by three or more expert reviewers. Additional details are available regarding the submission process and the types of articles.

Copyright Info

Copyright © Information Systems and Computing Academic Professionals (ISCAP). Permission to make digital or hard copies of all or part of this journal for personal or classroom use is granted without fee provided that the copies are not made or distributed for profit or commercial use. All copies must bear this notice and full citation. Permission from the Editor is required to post to servers, redistribute to lists, or utilize in a for-profit or commercial use. Permission requests should be sent to the Editor at

Organizational Sponsors

Education Special Interest Group
Association of Information Technology Professionals (AITP)
Information Systems & Computing
Academic Professionals