VISTA:an inclusive insider threat taxonomy, with mitigation strategies

Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat

The Public Core of the Internet: An international Agenda for Internet Governance

The growth and health of our digital economies and societies depend on the core protocols and infrastructure of the Internet. This technical and logical substructure of our digital existence is now in need of protection against unwarranted interference in order to sustain the growth and the integrity of the global Internet. The Internet's key protocols and infrastructure can be considered a global public good that provides benefits to everyone in the world. Countering the growing state interference with this 'public core of the Internet' requires a new international agenda for Internet governance that departs from the notion of a global public good. Core ingredients of this strategy are: - To establish and disseminate an international norm stipulating that the Internet's public core - its main protocols and infrastructure- should be considered a neutral zone, safeguarded against unwarranted intervention by governments. - To advocate efforts to clearly differentiate at the national and international level between Internet security (security of the Internet infrastructure) and national security (security through the Internet). - To broaden the arena for cyber diplomacy to include new coalitions of states (including the so called 'swing states') and private companies, including the large Internet companies as well as Internet intermediaries such as Internet Service Providers

An employee assistance programme for small and medium enterprises in Namibia

Small and Medium Enterprises (SMEs) contribute significantly to employment and poverty alleviation in Namibia, relying mostly on the labour of its employees for production. However, not much is known about the personal and work-related problems experienced by employees in SMEs that impact their productivity and how these problems are addressed in the workplace. Therefore the aim of this study was to design, implement and evaluate an Employee Assistance Programme (EAP) suitable for SMEs in Namibia. In order to achieve the general objectives of the study, the following sub-objectives were formulated: Explore the type of problems experienced by SMEs and its employees; Describe ways to address these problems as viewed by SMEs and its employees; Develop and implement an EAP for SMEs; Evaluate the newly developed EAP after a 12-month implementation and administration period; Compile and disseminate guidelines for EAPs for SMEs in Namibia, based on the research findings. An extensive literature review was conducted to contextualize SMEs in terms of significance, operations and the challenges it faces. In addition, a review of the literature around EAPs was undertaken with a specific focus on small businesses. It became evident from the literature that EAPs are diverse. The intervention research design was applied in this study. The study adopted the two-phase sequential mixed methods research approach in which both quantitative and qualitative approaches, methods and procedures were combined to come up with a more complete picture of the research problem. The review of the literature led to the exploration of needs of SME owners/employers and employees using semi-structured interviews. The outcome of the needs assessment provided input for the development of an EAP guided by the EAP core technologies and EAPA-SA Standards. The EAP which was developed was implemented in four SMEs in Windhoek and focused on employee education. Pre- and post-intervention assessments measuring the impact of the employee education sessions in terms of absenteeism, presenteeism, work engagement, life satisfaction and workplace distress was undertaken using the Workplace Outcome Suite (WOS). The WOS is a standardised measuring instrument, was used to evaluate the effectiveness of the EAP intervention. In addition, trainings provided to the EAP counsellors and supervisors in SME as well as the marketing strategy applied was also assessed. The evaluation of the training sessions and marketing strategy revealed that participants gained insight into EAPs and its benefits for employees as well as the workplace. Although there was a reduction in absenteeism as a result of the intervention, there is a need for a comprehensive EAP that incorporates both counselling and employee education to ensure optimal utilisation and effectiveness. Overall, this study highlighted the need for an EAP for SMEs, taking into account the uniqueness of SMEs.Thesis (PhD)--University of Pretoria, 2019.Social Work and CriminologyPhDUnrestricte

The nerves of government: electronic networking and social control in the information society

Informatisation was introduced as a functional parameter in social and political research in 1978 (Nora & Minc 1978). Today, nearly a quarter of a century later, popular and academic political debates in the West appear to be growing increasingly aware of the intense interaction between information technology and social development. This project follows in the footsteps of this increased awareness and explores the meaning of digitisation for the socio- political concept of citizens' privacy.This project seeks to contribute to a wider body of literature that desires to provide meaningful answers to the following questions: (1) what sociotechnical trends are evident today in information privacy policies in the United Kingdom (UK) and the United States (US)? (2) What particular political visions do these trends seem to favour and what do these visions appear to suggest for the future of citizens' privacy in the West? (3) What is the potential importance of digital networking for practices of social management and control, both by governmental decision centres and commercial bodies?As case study for the above issues, the eventful appearance of two recent legislative works has been selected: the Regulation of Investigatory Powers Act (RIPA), enacted by the UK parliament in July 2000; and the Communications Assistance for Law Enforcement Act (CALEA), enacted in the US in 1994. Both Acts, which have yet to be fully implemented, in effect make it mandatory for all telecommunications operators and service providers to, among other things, ensure that their customers' communications can be intercepted by law enforcement and intelligence organisations, whose interception capabilities have been seriously hampered by the digitisation of telecommunications during the past few years.The project combines quantitative and qualitative data on RIPA and CALEA, which have been acquired through open- source, restricted or leaked government and industry reports on the subject, as well as through a number of interviews with informed individuals representing different sides of the communications interception (CI) debate. The development of communications interception is thus placed into the context of complex relationships between political actors, such as national policy experts and government advisors, state and corporate decision -makers and members of regulatory bodies

Mapping Ocean Governance and Regulation

The well-being of humanity is inextricably linked to the health of ocean ecosystems and the stability of the ocean's biogeochemical processes. Although the ocean already sustains a range of industries, its potential as a dynamo for sustainable development has led it to be dubbed the new economic frontier. This report introduces a mapping exercise that demonstrates how uneven the governance landscape is across the industries that populate this frontier. Six industries are considered: international shipping, offshore oil and gas, offshore renewable energy, marine aquaculture, marine fisheries and seabed mining. While some, such as maritime shipping, have well-established and extensive governance structures encompassing a wide breadth of public and private sector actors, others like the seabed mining industry are still in a state of emergence. Crucially, all ocean-based industries are having an impact on the health of ocean ecosystems. In addition, many of the challenges the ocean faces, including climate change, ocean plastics, and biodiversity loss, transcend the capacity of a single industry or a single state to address. Concerted action is needed to ensure coherent action across thematic areas and towards addressing cross-cutting ocean challenges. Due regard must also be taken to linkages between land, water, coastal and marine systems. Finally, effective implementation and enforcement of the rules and arrangements that have been agreed upon must continue to be prioritised.Ocean-based industries are well-positioned to act in line with the principles of the UN Global Compact, to promote sustainable and socially responsible operations. In some cases, the governance and implementation gaps highlighted in this report are already being mitigated through voluntary private sector initiatives that often go beyond the threshold of compliance to promote new norms of best practice. The diversity of experience across the industries represented in the Platform for Sustainable Ocean Business provides an opportunity for learning and sharing of best practice, while the scale of the crosscutting challenges facing the ocean underscores the need for cross-sectoral cooperation. Collectively, the ocean-based industries are of relevance to all of the Sustainable Development Goals, and most specifically to achieving the suite of targets under Goal #14 on Life Below Water

Global Governance in the Information Age: The Terrorist Finance Tracking Program

Europe has long been deemed more protective of privacy than the United States. In the context of transatlantic cooperation in the war on terrorism, divergences in privacy law and policy have become ever more apparent. As has always been the case, the same technologies that pose new and vital privacy issues with regard to personal information and private data are those that are important sources for government actors, including law enforcement and intelligence agencies. Despite the increasing reliance by national agencies on information flowing from other nations, regulation of information transfer, processing and sharing has been achieved largely outside of the international sphere. This Note argues that the use of personal information in the national security setting offers a new and important look at the functions and limitations of global governance in the information age. Exploring the Terrorist Finance Tracking Program (TFTP), a joint initiative among European states and the United States, within the framework of Global Administrative Law (GAL), I argue that common accounts of differences between U.S. and European law on privacy issues do not explain the very real tensions at stake in the TFTP. I show that the TFTP is a real effort at constituting a soft-law mechanism to manage privacy and security in the information age, and argue that it fails to embody those values of transparency, participation, legality, and accountability to which we generally hold GAL mechanisms

Data Epistemologies / Surveillance and Uncertainty

Data Epistemologies studies the changing ways in which ‘knowledge’ is defined, promised, problematised, legitimated vis-á-vis the advent of digital, ‘big’ data surveillance technologies in early twenty-first century America. As part of the period’s fascination with ‘new’ media and ‘big’ data, such technologies intersect ambitious claims to better knowledge with a problematisation of uncertainty. This entanglement, I argue, results in contextual reconfigurations of what ‘counts’ as knowledge and who (or what) is granted authority to produce it – whether it involves proving that indiscriminate domestic surveillance prevents terrorist attacks, to arguing that machinic sensors can know us better than we can ever know ourselves. The present work focuses on two empirical cases. The first is the ‘Snowden Affair’ (2013-Present): the public controversy unleashed through the leakage of vast quantities of secret material on the electronic surveillance practices of the U.S. government. The second is the ‘Quantified Self’ (2007-Present), a name which describes both an international community of experimenters and the wider industry built up around the use of data-driven surveillance technology for self-tracking every possible aspect of the individual ‘self’. By triangulating media coverage, connoisseur communities, advertising discourse and leaked material, I examine how surveillance technologies were presented for public debate and speculation. This dissertation is thus a critical diagnosis of the contemporary faith in ‘raw’ data, sensing machines and algorithmic decision-making, and of their public promotion as the next great leap towards objective knowledge. Surveillance is not only a means of totalitarian control or a technology for objective knowledge, but a collective fantasy that seeks to mobilise public support for new epistemic systems. Surveillance, as part of a broader enthusiasm for ‘data-driven’ societies, extends the old modern project whereby the human subject – its habits, its affects, its actions – become the ingredient, the raw material, the object, the target, for the production of truths and judgments about them by things other than themselves

Regulating the technological actor: how governments tried to transform the technology and the market for cryptography and cryptographic services and the implications for the regulation of information and communications technologies

The formulation, adoption, and transformation of policy involves the interaction of actors as they negotiate, accept, and reject proposals. Traditional studies of policy discourse focus on social actors. By studying cryptography policy discourses, I argue that considering both social and technological actors in detail enriches our understanding of policy discourse. The case-based research looks at the various cryptography policy strategies employed by the governments of the United States of America and the United Kingdom. The research method is qualitative, using hermeneutics to elucidate the various actors’ interpretations. The research aims to understand policy discourse as a contest of principles involving various government actors advocating multiple regulatory mechanisms to maintain their surveillance capabilities, and the reactions of industry actors, non-governmental organisations, parliamentarians, and epistemic communities. I argue that studying socio-technological discourse helps us to understand the complex dynamics involved in regulation and regulatory change. Interests and alignments may be contingent and unstable. As a result, technologies can not be regarded as mere representations of social interests and relationships. By capturing the interpretations and articulations of social and technological actors we may attain a better understanding of the regulatory landscape for information and communications technologies