Business orientation in knowledge security risk management – a literature review

This paper examines the information systems literature field from the viewpoint of knowledge security risk management. The review this paper reports was able to identify 7 papers presenting a knowledge security risk management model. The models represent different takes and perspectives on knowledge security risk management. The main finding is that business orientation in the risk management models, and a comprehensive approach that would emphasize also continuous monitoring of the implementation and success of the risk mitigation solutions are not common in the literature. We suggest further theoretical and empirical studies that would address these issues

Knowledge Systems and Risk Management: Towards a Risk and Threat Assessment Framework

Knowledge is the most important asset that a company can have. Thus, it is imperative that this asset is safeguarded just like generic information assets. However, knowledge management (KM) and knowledge systems are different than traditional information systems with different threats and different operational requirements. Risk assessment is the corner stone to security. This paper discusses risk assessment. frameworks and builds on a KM/knowledge system specific risk assessment framework with a step-by-step guideline for managers as well as a generic KM/knowledge system specific threat assessment

Online consultation on experts’ views on digital competence

The objective of this investigation was to provide another perspective on what it means to be digitally competent today, in addition to reviews of literature and current frameworks for the development of digital competence, 5 all of which constitute part of the wider IPTS Digital Competence Project (DIGCOMP). Some common ground exists at a general level in defining digital competence in terms of knowledge, skills, and attitudes, which may be hierarchically organised. However, this does not provide the clarity needed by teachers, employers, citizens – all those who are responsible for digital competence development, be it their own or other people’s ‐ to make informed decisions. Further work is needed to create a common language that helps to enhance understanding across the worlds of research, education, training, and work. This will make it easier for citizens and employers to see what digital competence entails and how it is relevant to their jobs and more generally, their lives

Empirical evaluation of information security risk assessment framework GBM-OA

Abstract. Importance of information security is rapidly increasing when new security breaches are continuously reported by companies and organizations. These breaches cause loss of confidentiality, reputation and revenue for companies and organizations. They can also get legal penalties due lack of information security. To improve information security, companies and organizations are required to conduct assessment and audits for their systems to make sure that they do not have open critical vulnerabilities. In addition, information security risks need to be evaluated as part of companies’ and organizations’ risk management to prepare against possible attackers. Multiple different information security risk assessment frameworks have been developed to help companies and organizations to conduct information security risk assessment. To find out which framework is suitable for their needs, management needs to compare the different frameworks, estimate how much time and how many people are available for the assessment and how the frameworks have worked previously in the context. In this thesis, suitability of genre-based security risk assessment framework GBM-OA is evaluated in context of centralized CI/CD environment. A canonical action research was conducted in a team providing centralized CI/CD solution for the company’s projects. In the study, information security risk assessment was conducted using GBM-OA, and after the assessment semi-structured interviews were conducted for the participants to find out if the framework was suitable in the context. The findings show that the framework provided sufficient results for the team without taking much time from the participants. Additionally, participants found value in definition of environment, which helps the team to understand how responsibilities are split to different stakeholders. Downsides were confusing terminology used in the framework and filling of the templates was found compelling. About suitability, it was found that the framework is not suitable in the context as it is. Participants did not like that the assessment should be done separately, but it should be integrated into automation or development cycle. Right now, there is not any instructions regarding integration or iteration, even though it is stated that it is possible. Participants also provided improvement suggestions to add step to the framework for risk impact definition

Livelihood Diversification In Coastal and Inland Fishing Communities: Misconceptions, Evidence and Implications for Fisheries Management

This is the working paper regarding the Sustainable Fisheries Livelihoods Programme (SFLP). Diversification is a process by which households engage in multiple income generating activities. It is widely seen in the academic literature and international development arena as a strategy for spreading risk and reducing vulnerability. The formulation of policies promoting diversification is thus encouraged at national levels to alleviate poverty. However, such policies involve delicate choices and trade-offs between government objectives of development, e.g. intensification of agriculture and increase in agricultural outputs to satisfy export markets, versus increased household well-being and resilience to adversity through the promotion of small-scale, household-based, activities. In the context of fisheries, diversification is promoted as a means for reducing dependence on the resource, making restrictive management easier and less controversial for those affected by such measures. This often interprets diversification as job-substitution (stop fishing, do something else) rather than adding other activities to an income-portfolio. With the tendency for increasing pressure on fishery resources, it becomes ever more necessary to address in a coherent way diversification and its links with both poverty reduction and responsible fisheries. Implications of the development of alternative or complementary activities alongside a main, resource-dependent activity such as fishing, may echo those experienced by sectors such as agriculture and pastoralism. However, many characteristics of the fishing activity and of those who engage in it are particular to the sector. General poverty alleviation policies and fisheries management schemes have been found to lack the necessary differentiation and to fail to cater for the specific needs of fishing communities (Smith et al. 2005). The lack of attention -- or misplaced attention through maladapted policies -- that the sector and the communities it supports have received so far can be traced to a number of misconceptions stemming from "the old paradigm on poverty in small-scale fisheries" (Béné, 2003, p950). These assumptions include that (after Béné 2003, Allison and Ellis 2001): -- Fishing is an ingrained activity in fishing communities and fishermen will not leave fishing for cultural reasons. -- Fishermen are specialised and carry out fishing on a professional basis only. -- Fishing is a last resort activity and fishermen are unable to diversify into other income-generating activities. -- Fisheries development and development of fishing communities is not possible without increasing fishing effort. -- Livelihood diversification in fishing communities cannot go hand in hand with a sustainable natural resources management that encompasses both sustainable fisheries management and poverty alleviation. It is the aim of this paper to challenge these assumptions. Because of its linkages with resource management, looking at diversification in fishing communities involves re-exploring the issue from a different perspective than its current interpretation and most widely-encountered application to agricultural (land-based)-livelihoods. Despite the potential broad remit of this task, the objective here is to remain focused on the necessity to dispel misconceptions and show the need to formulate policies that support the engagement of fisherfolk and their families in multiple activities. By doing so, the paper shall also provide a compilation and review of available information related to diversification in fishing communities and point out the complexity of the issue of diversification in these communities. The geographical scope of the paper is global, guided by the availability of case study material, though reference to the West African experiences of the Sustainable Fisheries Livelihoods Programme (SFLP) is made wherever possible. Unless expressed otherwise, the terms 'fisheries' or 'fishers' make implicit reference to artisanal fisheries and the small-scale operations and modus operandi of those relying on them

A river of risk : a diagram of the history and historiography of risk management

The history of risk and risk management can be evaluated through the historiography of the subject. Writings on the history of risk and risk management can also be treated as pieces of evidence. A diagram is proposed describing some of the subjects and influencing the development of risk management, focused through the theme of records management. A detailed exploration of the historiography is undertaken to indicate the relevance of the history of risk management to its present interdisciplinary status

Designing a Thrifty Approach for SME Business Continuity: Practices for Transparency of the Design Process

Business continuity (BC) management is an organizational approach to preparing information systems (IS) for incidents, but such approaches are uncommon among small and medium-sized enterprises (SMEs). Past research has indicated a gap in approaches that are designed for SMEs since BC management approaches tend to originate from larger organizations and SMEs lack the resources to implement them. To fill this gap, and to respond to a practical need by an IT consultancy company, we employed design science research (DSR) to develop a BC approach for SMEs coined as the thrifty BC management approach. Jointly with the company’s practitioners, we developed a set of meta-requirements for BC approaches for SMEs anchored in prior BC literature, practitioners’ practical expertise, and the theories of collective mindfulness and sociotechnical systems. We evaluated our thrifty BC management approach with multiple SMEs. These evaluations suggest that the designed approach mostly meets the defined meta-requirements. Moreover, the evaluations offered ample opportunities for learning. The design process, unfolding in a real-world setting, was precarious, rife with contingencies and ad hoc decisions. To render the design process transparent, we adapted four writing conventions from the confessional research genre familiar to ethnographic research but novel to DSR. We offer a threefold contribution. First, we contribute to SMEs’ BC with meta-requirements and their instantiation in a new BC approach (artifact); second, we contribute with four practices of confessional writing for transparency of DSR research; and third, we contribute with reflections on our theoretical learning from throughout the design process

Sex on TV: Content and Context

Part of a series that examines the nature and extent of sexual messages conveyed on American television. Focuses on references to contraception, safer sex, and waiting to have sex. Based on a sample of 1997-1998 programs