21,791 research outputs found
The enemy has passed through the gate: insider threats, the dark triad, and the challenges around security
Purpose
â The purpose of this paper is to highlight the potential role that the so-called âtoxic triangleâ (Padilla et al., 2007) can play in undermining the processes around effectiveness. It is the interaction between leaders, organisational members, and the environmental context in which those interactions occur that has the potential to generate dysfunctional behaviours and processes. The paper seeks to set out a set of issues that would seem to be worthy of further consideration within the Journal and which deal with the relationships between organisational effectiveness and the threats from insiders.<p></p>
Design/methodology/approach
â The paper adopts a systems approach to the threats from insiders and the manner in which it impacts on organisation effectiveness. The ultimate goal of the paper is to stimulate further debate and discussion around the issues.<p></p>
Findings
â The paper adds to the discussions around effectiveness by highlighting how senior managers can create the conditions in which failure can occur through the erosion of controls, poor decision making, and the creation of a culture that has the potential to generate failure. Within this setting, insiders can serve to trigger a series of failures by their actions and for which the controls in place are either ineffective or have been by-passed as a result of insider knowledge.<p></p>
Research limitations/implications
â The issues raised in this paper need to be tested empirically as a means of providing a clear evidence base in support of their relationships with the generation of organisational ineffectiveness.<p></p>
Practical implications
â The paper aims to raise awareness and stimulate thinking by practising managers around the role that the âtoxic triangleâ of issues can play in creating the conditions by which organisations can incubate the potential for crisis.<p></p>
Originality/value
â The paper seeks to bring together a disparate body of published work within the context of âorganisational effectivenessâ and sets out a series of dark characteristics that organisations need to consider if they are to avoid failure. The paper argues the case that effectiveness can be a fragile construct and that the mechanisms that generate failure also need to be actively considered when discussing what effectiveness means in practice.<p></p>
Recommended from our members
Systems Assurance, Complexity and Emergence: The Need for a Systems Based Approach
The complexity of modern products, systems and processes makes the task to identify, characterise and provide sufficient assurance about the desirable properties a major challenge. Stakeholders also, demand a degree of enhanced confidence about the absence of undesirable properties with a potential to cause harm or loss. The paper develops a framework of seven fundamental facets of performance as an ontology for emergent behavioural properties and a separate framework for the emergent structural properties of complex systems. The emergent behavioural aspects are explored and we develop a systems framework for assurance based on an Assessment and Management paradigm each comprising a number of principles and processes. The key argument advanced is that in the face of complexity and incessant change, enhanced confidence in the achievement of desirable and avoidance of undesirable properties requires a systems approach empowered by suitable modelling and relevant diagnostic tools explaining the nature of emergent properties. The principal focus of this paper is on safety, security and sustainability emergent behavioural (performance) aspects of complex products, systems and processes
Recommended from our members
Complexity, Emergence and the Challenges of Assurance: The Need for a Systems Paradigm
The complexity of modern products, systems, and processes makes the task to identify, characterise, and provide sufficient assurance about the desirable properties a major challenge. Stakeholders also demand a degree of enhanced confidence about the absence of undesirable properties with a potential to cause harm or loss. This develops a framework of seven fundamental facets of performance as an ontology for emergent behavioural properties and a separate framework for the emergent structural properties of complex systems. The emergent behavioural aspects are explored and we develop a systems framework for assurance based on an Assessment and Management paradigm each comprising a number of principles and processes. The key argument advanced is that in the face of complexity and incessant change, enhanced confidence in the achievement of desirable and avoidance of undesirable properties requires a systems approach empowered by suitable modelling and relevant diagnostic tools explaining the nature of emergent properties. Our principal focus is on safety, security, and sustainability emergent behavioural (performance) aspects of complex products, systems, and processes
Formal-Guided Fuzz Testing: Targeting Security Assurance from Specification to Implementation for 5G and Beyond
Softwarization and virtualization in 5G and beyond necessitate thorough
testing to ensure the security of critical infrastructure and networks,
requiring the identification of vulnerabilities and unintended emergent
behaviors from protocol designs to their software stack implementation. To
provide an efficient and comprehensive solution, we propose a novel and
first-of-its-kind approach that connects the strengths and coverage of formal
and fuzzing methods to efficiently detect vulnerabilities across protocol logic
and implementation stacks in a hierarchical manner. We design and implement
formal verification to detect attack traces in critical protocols, which are
used to guide subsequent fuzz testing and incorporate feedback from fuzz
testing to broaden the scope of formal verification. This innovative approach
significantly improves efficiency and enables the auto-discovery of
vulnerabilities and unintended emergent behaviors from the 3GPP protocols to
software stacks. Following this approach, we discover one identifier leakage
model, one DoS attack model, and two eavesdrop attack models due to the absence
of rudimentary MITM protection within the protocol, despite the existence of a
Transport Layer Security (TLS) solution to this issue for over a decade. More
remarkably, guided by the identified formal analysis and attack models, we
exploit 61 vulnerabilities using fuzz testing demonstrated on srsRAN platforms.
These identified vulnerabilities contribute to fortifying protocol-level
assumptions and refining the search space. Compared to state-of-the-art fuzz
testing, our united formal and fuzzing methodology enables auto-assurance by
systematically discovering vulnerabilities. It significantly reduces
computational complexity, transforming the non-practical exponential growth in
computational cost into linear growth
On the emergent Semantic Web and overlooked issues
The emergent Semantic Web, despite being in its infancy, has already received a lotof attention from academia and industry. This resulted in an abundance of prototype systems and discussion most of which are centred around the underlying infrastructure. However, when we critically review the work done to date we realise that there is little discussion with respect to the vision of the Semantic Web. In particular, there is an observed dearth of discussion on how to deliver knowledge sharing in an environment such as the Semantic Web in effective and efficient manners. There are a lot of overlooked issues, associated with agents and trust to hidden assumptions made with respect to knowledge representation and robust reasoning in a distributed environment. These issues could potentially hinder further development if not considered at the early stages of designing Semantic Web systems. In this perspectives paper, we aim to help engineers and practitioners of the Semantic Web by raising awareness of these issues
ANALYSIS OF DOMAIN-SPECIFIC NUCLEAR ONTOLOGY USING MONTEREY PHOENIX BEHAVIOR MODELING
Current nuclear energy ontologies are known to lack a common vocabulary to formally verify nuclear energy data relationships for modeling system behaviors. Idaho National Laboratory (INL) developed the Data Integration Aggregated Model and Ontology for Nuclear Deployment (DIAMOND) ontology to provide a standard vocabulary and taxonomy for identifying data relationships in nuclear energy system models. This thesis conducted an analysis of DIAMOND using a Spent Fuel Pool (SFP) Monterey Phoenix (MP) behavior model. The SFP MP behavior modeling application demonstrated components of and interactions among a spent fuel cooling pool and its environment. The MP behavior model demonstrated a viable approach for analyzing nuclear reactor system behavior consistent with DIAMOND and the ability to generate the exhaustive set of nuclear reactor cooling pool behavior scenarios. The results supported the ability of DIAMOND definitions to be used to organize and structure knowledge about SFPâs normal and off-normal behaviors. The SPF example showed the application of assets, actions, and triggers from DIAMOND to events and relationships in MP. Assets and actions were represented as MP events, and triggers were represented as precedence relations between MP events. This thesis research verified the DIAMOND ontology was implemented correctly in the model from data representative of operationally realistic behavior and the modeling results validated the MP behavior model was well constrained.Idaho National LabCivilian, Department of the Air ForceApproved for public release. Distribution is unlimited
Recent Advances and Opportunities for Improving Critical Realism-Based Case Study Research in IS
Critical realism (CR) has been proposed as an alternative to positivist and interpretivist research in information systems. In recent years, there have been several articles that describe methodological guidelines for conducting CR-based empirical studies. These guidelines have been used by numerous researchers as the methodological underpinnings for empirical research articles in IS, particularly for case studies. As a result, CR-based research has evolved as these researchers address many of the challenges and issues associated with this approach. In this article, we present a review and synthesis of methodological and recent empirical CR literature. We identify the methodological advances and important gaps in the empirical research and present a set of state-of-the-art recommendations for conducting and evaluating critical realist research studies in IS
Quantify resilience enhancement of UTS through exploiting connect community and internet of everything emerging technologies
This work aims at investigating and quantifying the Urban Transport System
(UTS) resilience enhancement enabled by the adoption of emerging technology
such as Internet of Everything (IoE) and the new trend of the Connected
Community (CC). A conceptual extension of Functional Resonance Analysis Method
(FRAM) and its formalization have been proposed and used to model UTS
complexity. The scope is to identify the system functions and their
interdependencies with a particular focus on those that have a relation and
impact on people and communities. Network analysis techniques have been applied
to the FRAM model to identify and estimate the most critical community-related
functions. The notion of Variability Rate (VR) has been defined as the amount
of output variability generated by an upstream function that can be
tolerated/absorbed by a downstream function, without significantly increasing
of its subsequent output variability. A fuzzy based quantification of the VR on
expert judgment has been developed when quantitative data are not available.
Our approach has been applied to a critical scenario (water bomb/flash
flooding) considering two cases: when UTS has CC and IoE implemented or not.
The results show a remarkable VR enhancement if CC and IoE are deploye
Creating confidence amongst complexity: the âlived experienceâ of client-side project managers in the Australian construction sector
The client-side project manager is a professional who manages projects within complex and dynamic environments while ensuring their clientâs interests are protected and maintained. This thesis explores the âlived experienceâ of client-side project managers who deliver projects in the Australian Construction sector. In this sector, client-side project managers are regularly confronted with challenges such as poorly defined project scope, disparate and conflicting stakeholder expectations, and countless opportunities for carefully planned and rigorously monitored projects to encounter unforeseen events that can ultimately result in the project being regarded as a failure.
Little is known about the âlived-experienceâ of a client-side project manager, and even less about how they deal with these challenges to effectively manage their project work. Client-side project management has traditionally been considered a form of production management. However, in many ways, this perception appears at odds with the âlived-experienceâ of client-side project management practitioners. Through this thesis, I argue that this perception is hindering the development of the body of theory for the profession by limiting discussions within unjustified constraints and restricting the development of tools that could help client-side project managers perform crucial elements of their role.
This thesis comprises a collection of publications that investigates the âlived experienceâ of client-side project managers. How they think; how they manage ambiguity, conflicting expectations, and poorly defined problems; and ultimately how they create value in the project delivery process.
During the course of my candidature; I have published thirteen papers. Seven of these papers (one theoretical and six empirical) have been included in this thesis. All of the empirical papers adopted qualitative research methodologies, the most predominant of these is Grounded Theory. This particular methodology aligned well with the emerging nature of the research included in this thesis. The themes of the thesis move from a broad recognition and understanding of a divide that exists between the theory and practice of client-side project management, through to a detailed analysis of how a cohort of practitioners adopt the role of System Specialists to deliver their projects, and thereby create value through managing a complex network of actors.
Through this thesis I will argue that the âlived experienceâ of client-side project management is not supported by the traditionally accepted theoretical foundations of Transformational Production Management, and I call for a broader theoretical basis for the profession. I argue that client-side project managers operate beyond the role of project Implementers and instead play a critical role in managing a complex value network. This network is created to deliver the strategic, technical, financial and human goals which clients are expecting from their projects. As I will demonstrate through this thesis, achieving these outcomes requires client-side project managers to think more strategically, holistically and creatively about their projects than the current theoretical foundations of their profession supports.
This thesis will demonstrate that client-side project managers must balance both the success and satisfaction paradigms of their projects, manage Drift-Changes and attempt to create Project Management Yinyang. To achieve this they utilize Design Thinking Mentalities, Thinking Styles, Practices and Tools, and act as System Specialist who create network Constructs and Controls to create value.
This thesis outlines multiple opportunities for project management researchers to pursue. These include, but are not limited to, new project management practices such as Funnelling and Optioneering, the role of Design Thinking in the practice of client-side project management and how client-side project managers create value by acting as System Specialists. In addition this thesis provides insight in to new skills, competencies and tools which practitioners can adopt if they wish to become more proficient in their craft.
In summary, this thesis demonstrates that the âlived experienceâ of the client-side project manager is not the ordered, rational and well planned experience that the traditional theoretical foundations of the profession would have us believe. Instead it is dynamic and complex, as well as exciting and challenging. Client-side project management demands a high level of technical expertise combined with highly developed social skills and creativity. It requires optimistic professionals who are capable of balancing paradoxes, navigating through ambiguity, relentlessly pressing forward in the face of uncertainty and who have the intellectual capacity to manage a complex value network using an action-as-planning approach. Finally, in the midst of all this, they must foster the belief among all the stakeholders that the Functionality and Representation of value required by the project is achievable. Consequently, the client-side project manager creates confidence among complexity
- âŠ