The enemy has passed through the gate: insider threats, the dark triad, and the challenges around security

Purpose – The purpose of this paper is to highlight the potential role that the so-called “toxic triangle” (Padilla et al., 2007) can play in undermining the processes around effectiveness. It is the interaction between leaders, organisational members, and the environmental context in which those interactions occur that has the potential to generate dysfunctional behaviours and processes. The paper seeks to set out a set of issues that would seem to be worthy of further consideration within the Journal and which deal with the relationships between organisational effectiveness and the threats from insiders.<p></p> Design/methodology/approach – The paper adopts a systems approach to the threats from insiders and the manner in which it impacts on organisation effectiveness. The ultimate goal of the paper is to stimulate further debate and discussion around the issues.<p></p> Findings – The paper adds to the discussions around effectiveness by highlighting how senior managers can create the conditions in which failure can occur through the erosion of controls, poor decision making, and the creation of a culture that has the potential to generate failure. Within this setting, insiders can serve to trigger a series of failures by their actions and for which the controls in place are either ineffective or have been by-passed as a result of insider knowledge.<p></p> Research limitations/implications – The issues raised in this paper need to be tested empirically as a means of providing a clear evidence base in support of their relationships with the generation of organisational ineffectiveness.<p></p> Practical implications – The paper aims to raise awareness and stimulate thinking by practising managers around the role that the “toxic triangle” of issues can play in creating the conditions by which organisations can incubate the potential for crisis.<p></p> Originality/value – The paper seeks to bring together a disparate body of published work within the context of “organisational effectiveness” and sets out a series of dark characteristics that organisations need to consider if they are to avoid failure. The paper argues the case that effectiveness can be a fragile construct and that the mechanisms that generate failure also need to be actively considered when discussing what effectiveness means in practice.<p></p&gt

Systems Assurance, Complexity and Emergence: The Need for a Systems Based Approach

The complexity of modern products, systems and processes makes the task to identify, characterise and provide sufficient assurance about the desirable properties a major challenge. Stakeholders also, demand a degree of enhanced confidence about the absence of undesirable properties with a potential to cause harm or loss. The paper develops a framework of seven fundamental facets of performance as an ontology for emergent behavioural properties and a separate framework for the emergent structural properties of complex systems. The emergent behavioural aspects are explored and we develop a systems framework for assurance based on an Assessment and Management paradigm each comprising a number of principles and processes. The key argument advanced is that in the face of complexity and incessant change, enhanced confidence in the achievement of desirable and avoidance of undesirable properties requires a systems approach empowered by suitable modelling and relevant diagnostic tools explaining the nature of emergent properties. The principal focus of this paper is on safety, security and sustainability emergent behavioural (performance) aspects of complex products, systems and processes

Complexity, Emergence and the Challenges of Assurance: The Need for a Systems Paradigm

The complexity of modern products, systems, and processes makes the task to identify, characterise, and provide sufficient assurance about the desirable properties a major challenge. Stakeholders also demand a degree of enhanced confidence about the absence of undesirable properties with a potential to cause harm or loss. This develops a framework of seven fundamental facets of performance as an ontology for emergent behavioural properties and a separate framework for the emergent structural properties of complex systems. The emergent behavioural aspects are explored and we develop a systems framework for assurance based on an Assessment and Management paradigm each comprising a number of principles and processes. The key argument advanced is that in the face of complexity and incessant change, enhanced confidence in the achievement of desirable and avoidance of undesirable properties requires a systems approach empowered by suitable modelling and relevant diagnostic tools explaining the nature of emergent properties. Our principal focus is on safety, security, and sustainability emergent behavioural (performance) aspects of complex products, systems, and processes

Formal-Guided Fuzz Testing: Targeting Security Assurance from Specification to Implementation for 5G and Beyond

Softwarization and virtualization in 5G and beyond necessitate thorough testing to ensure the security of critical infrastructure and networks, requiring the identification of vulnerabilities and unintended emergent behaviors from protocol designs to their software stack implementation. To provide an efficient and comprehensive solution, we propose a novel and first-of-its-kind approach that connects the strengths and coverage of formal and fuzzing methods to efficiently detect vulnerabilities across protocol logic and implementation stacks in a hierarchical manner. We design and implement formal verification to detect attack traces in critical protocols, which are used to guide subsequent fuzz testing and incorporate feedback from fuzz testing to broaden the scope of formal verification. This innovative approach significantly improves efficiency and enables the auto-discovery of vulnerabilities and unintended emergent behaviors from the 3GPP protocols to software stacks. Following this approach, we discover one identifier leakage model, one DoS attack model, and two eavesdrop attack models due to the absence of rudimentary MITM protection within the protocol, despite the existence of a Transport Layer Security (TLS) solution to this issue for over a decade. More remarkably, guided by the identified formal analysis and attack models, we exploit 61 vulnerabilities using fuzz testing demonstrated on srsRAN platforms. These identified vulnerabilities contribute to fortifying protocol-level assumptions and refining the search space. Compared to state-of-the-art fuzz testing, our united formal and fuzzing methodology enables auto-assurance by systematically discovering vulnerabilities. It significantly reduces computational complexity, transforming the non-practical exponential growth in computational cost into linear growth

On the emergent Semantic Web and overlooked issues

The emergent Semantic Web, despite being in its infancy, has already received a lotof attention from academia and industry. This resulted in an abundance of prototype systems and discussion most of which are centred around the underlying infrastructure. However, when we critically review the work done to date we realise that there is little discussion with respect to the vision of the Semantic Web. In particular, there is an observed dearth of discussion on how to deliver knowledge sharing in an environment such as the Semantic Web in effective and efficient manners. There are a lot of overlooked issues, associated with agents and trust to hidden assumptions made with respect to knowledge representation and robust reasoning in a distributed environment. These issues could potentially hinder further development if not considered at the early stages of designing Semantic Web systems. In this perspectives paper, we aim to help engineers and practitioners of the Semantic Web by raising awareness of these issues

ANALYSIS OF DOMAIN-SPECIFIC NUCLEAR ONTOLOGY USING MONTEREY PHOENIX BEHAVIOR MODELING

Current nuclear energy ontologies are known to lack a common vocabulary to formally verify nuclear energy data relationships for modeling system behaviors. Idaho National Laboratory (INL) developed the Data Integration Aggregated Model and Ontology for Nuclear Deployment (DIAMOND) ontology to provide a standard vocabulary and taxonomy for identifying data relationships in nuclear energy system models. This thesis conducted an analysis of DIAMOND using a Spent Fuel Pool (SFP) Monterey Phoenix (MP) behavior model. The SFP MP behavior modeling application demonstrated components of and interactions among a spent fuel cooling pool and its environment. The MP behavior model demonstrated a viable approach for analyzing nuclear reactor system behavior consistent with DIAMOND and the ability to generate the exhaustive set of nuclear reactor cooling pool behavior scenarios. The results supported the ability of DIAMOND definitions to be used to organize and structure knowledge about SFP’s normal and off-normal behaviors. The SPF example showed the application of assets, actions, and triggers from DIAMOND to events and relationships in MP. Assets and actions were represented as MP events, and triggers were represented as precedence relations between MP events. This thesis research verified the DIAMOND ontology was implemented correctly in the model from data representative of operationally realistic behavior and the modeling results validated the MP behavior model was well constrained.Idaho National LabCivilian, Department of the Air ForceApproved for public release. Distribution is unlimited

Recent Advances and Opportunities for Improving Critical Realism-Based Case Study Research in IS

Critical realism (CR) has been proposed as an alternative to positivist and interpretivist research in information systems. In recent years, there have been several articles that describe methodological guidelines for conducting CR-based empirical studies. These guidelines have been used by numerous researchers as the methodological underpinnings for empirical research articles in IS, particularly for case studies. As a result, CR-based research has evolved as these researchers address many of the challenges and issues associated with this approach. In this article, we present a review and synthesis of methodological and recent empirical CR literature. We identify the methodological advances and important gaps in the empirical research and present a set of state-of-the-art recommendations for conducting and evaluating critical realist research studies in IS

Quantify resilience enhancement of UTS through exploiting connect community and internet of everything emerging technologies

This work aims at investigating and quantifying the Urban Transport System (UTS) resilience enhancement enabled by the adoption of emerging technology such as Internet of Everything (IoE) and the new trend of the Connected Community (CC). A conceptual extension of Functional Resonance Analysis Method (FRAM) and its formalization have been proposed and used to model UTS complexity. The scope is to identify the system functions and their interdependencies with a particular focus on those that have a relation and impact on people and communities. Network analysis techniques have been applied to the FRAM model to identify and estimate the most critical community-related functions. The notion of Variability Rate (VR) has been defined as the amount of output variability generated by an upstream function that can be tolerated/absorbed by a downstream function, without significantly increasing of its subsequent output variability. A fuzzy based quantification of the VR on expert judgment has been developed when quantitative data are not available. Our approach has been applied to a critical scenario (water bomb/flash flooding) considering two cases: when UTS has CC and IoE implemented or not. The results show a remarkable VR enhancement if CC and IoE are deploye

Creating confidence amongst complexity: the ‘lived experience’ of client-side project managers in the Australian construction sector

The client-side project manager is a professional who manages projects within complex and dynamic environments while ensuring their client’s interests are protected and maintained. This thesis explores the ‘lived experience’ of client-side project managers who deliver projects in the Australian Construction sector. In this sector, client-side project managers are regularly confronted with challenges such as poorly defined project scope, disparate and conflicting stakeholder expectations, and countless opportunities for carefully planned and rigorously monitored projects to encounter unforeseen events that can ultimately result in the project being regarded as a failure. Little is known about the ‘lived-experience’ of a client-side project manager, and even less about how they deal with these challenges to effectively manage their project work. Client-side project management has traditionally been considered a form of production management. However, in many ways, this perception appears at odds with the ‘lived-experience’ of client-side project management practitioners. Through this thesis, I argue that this perception is hindering the development of the body of theory for the profession by limiting discussions within unjustified constraints and restricting the development of tools that could help client-side project managers perform crucial elements of their role. This thesis comprises a collection of publications that investigates the ‘lived experience’ of client-side project managers. How they think; how they manage ambiguity, conflicting expectations, and poorly defined problems; and ultimately how they create value in the project delivery process. During the course of my candidature; I have published thirteen papers. Seven of these papers (one theoretical and six empirical) have been included in this thesis. All of the empirical papers adopted qualitative research methodologies, the most predominant of these is Grounded Theory. This particular methodology aligned well with the emerging nature of the research included in this thesis. The themes of the thesis move from a broad recognition and understanding of a divide that exists between the theory and practice of client-side project management, through to a detailed analysis of how a cohort of practitioners adopt the role of System Specialists to deliver their projects, and thereby create value through managing a complex network of actors. Through this thesis I will argue that the ‘lived experience’ of client-side project management is not supported by the traditionally accepted theoretical foundations of Transformational Production Management, and I call for a broader theoretical basis for the profession. I argue that client-side project managers operate beyond the role of project Implementers and instead play a critical role in managing a complex value network. This network is created to deliver the strategic, technical, financial and human goals which clients are expecting from their projects. As I will demonstrate through this thesis, achieving these outcomes requires client-side project managers to think more strategically, holistically and creatively about their projects than the current theoretical foundations of their profession supports. This thesis will demonstrate that client-side project managers must balance both the success and satisfaction paradigms of their projects, manage Drift-Changes and attempt to create Project Management Yinyang. To achieve this they utilize Design Thinking Mentalities, Thinking Styles, Practices and Tools, and act as System Specialist who create network Constructs and Controls to create value. This thesis outlines multiple opportunities for project management researchers to pursue. These include, but are not limited to, new project management practices such as Funnelling and Optioneering, the role of Design Thinking in the practice of client-side project management and how client-side project managers create value by acting as System Specialists. In addition this thesis provides insight in to new skills, competencies and tools which practitioners can adopt if they wish to become more proficient in their craft. In summary, this thesis demonstrates that the ‘lived experience’ of the client-side project manager is not the ordered, rational and well planned experience that the traditional theoretical foundations of the profession would have us believe. Instead it is dynamic and complex, as well as exciting and challenging. Client-side project management demands a high level of technical expertise combined with highly developed social skills and creativity. It requires optimistic professionals who are capable of balancing paradoxes, navigating through ambiguity, relentlessly pressing forward in the face of uncertainty and who have the intellectual capacity to manage a complex value network using an action-as-planning approach. Finally, in the midst of all this, they must foster the belief among all the stakeholders that the Functionality and Representation of value required by the project is achievable. Consequently, the client-side project manager creates confidence among complexity