Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Responding to the (almost) unknown: Social representations and corporate policies of social media

End-user driven technologies, such as social media, have dramatically changed organizations’ innovation processes. In these new contexts, organizational decision makers have to contend with a de facto adoption of new technologies that they have yet to understand fully. In order to contribute to the understanding of these new contexts and their implications for organizations and their decision makers, this paper examines the following question: How do organizations come to comprehend and react to end-user driven technologies? Conceptually based on social representations theory, this paper underscores how organizational decision-makers develop common sense knowledge of end-user driven technologies and how they consequently endorse responses in the form of dedicated policies that reflect this knowledge. This theoretical framework helps us interpret the empirical analysis of 25 corporate social media policies. The paper shows that, in developing their understanding of social media, so far organizational decision-makers have mostly associated them with what was already familiar to them and have devised policies that have reflected this mostly conservative understanding of the new technologies. Implications of this research include a better understanding of the foundation of the duality between mindful and mindless innovations in the context

RePaths: How to support reflection to lead your career path?

The recently released '2022 Rural Migrant Workers Monitoring and Survey Report' by the National Bureau of Statistics, shows an increase of 1.1 percentage points, compared to the previous year, in the proportion of migrant workers with a diploma or higher education. This indicates that approximately 1 out of every 7 migrant workers has received tertiary education, highlighting the significant progress in educational opportunities and aspirations within the rural workforce. However, despite these positive developments, rural graduates face challenges during their early career exploration, as evidenced by the use of self-mockery names like “small-town question-answers,” or being criticized as “985 rubbish”. This paper explores the living conditions of rural graduates, especially those aged 20 to 30, with a population over 7.5million, and delves into the theoretical foundations of rumination, reflection, and their impact on career development. Building upon these concepts, the design of RePaths is presented, featuring a structured reflection diary, AI-powered rumination recognition, access to peer support and social networks, and community engagement. The findings of this paper contribute to our understanding of how technology-backed reflection can support career development among rural graduates. The integration of these features not only addresses the specific challenges faced by rural graduates but also offers a promising approach to bridging the gap between education and employment, RePaths paves the way for empowering individuals and fostering personal growth and success

Ocean governance: the New Zealand dimension

  The Oceans Governance project was funded by the Emerging Issues Programme, overseen by the Institute of Policy Studies at Victoria University of Wellington. Its primary goal is to provide interested members of the public and policymakers with a general overview and a description of the types of principles, planning tools and policy instruments that can be used to strengthen and improve marine governance in New Zealand. The major findings of this study are that the existing marine governance framework in New Zealand emphasises a traditional sector-by-sector approach to management and planning and that this fragmented governance framework contributes to a number of institutional challenges. In addition, the study identifies a number of factors that influence marine planning and decision-making in the country, including but not limited to; the relationships between economic use of marine resources and the maintenance of marine ecosystem services and goods; Māori interests, perspectives and treaty obligations; the role of international treaties and conventions; the synergistic and cumulative impacts of multiple use and climate disturbance on marine ecosystems, and the role of scientists and science in marine planning and decision-making.The report makes two general recommendations.  First, with respect to the territorial sea (which includes the marine area out to 12 nautical miles) the report recommends that regional councils develop integrative marine plans where conflict between users and users-ecosystems is likely to develop in the future.  Second, the report recommends the adoption of new role for central government to support an ecosystem-based approach to integrative marine planning and decision-making

New Organizational Challenges in a Digital World: Securing Cloud Computing Usage and Reacting to Asset-Sharing Platform Disruptions

Information technology (IT) and IT-enabled business models are transforming the business ecosystem and posing new challenges for existing companies. This two-essay dissertation examines two such challenges: cloud security and the disruption of asset-sharing business models.The first essay examines how an organizations usage of cloud storage affects its likelihood of accidental breaches. The quasi-experiment in the U.S. healthcare sector reveals that organizations with higher levels of digitalization (i.e., Electronic Health Records levels) or those with more IT applications running on their internal data center are less likely to experience accidental breaches after using public cloud storage. We argue that digitalization and operational control over IT applications increase organizations awareness and capabilities of establishing a company-wide security culture, thereby reducing negligence related to physical devices and unintended disclosure after adopting cloud storage. The usage of cloud storage is more likely to cause accidental breaches for organizations contracting to more reputable or domain expert vendors. We explain this result as the consequence of less attention being focused on securing personally accessible data and physical devices given high reliance on reputed and knowledgeable cloud providers. This research is among the first to empirically examine the actual security impacts of organizations cloud storage usage and offers practical insights for cloud security management.The second essay examines how Asset-Sharing Business Model Prevalence (ASBMP) affects the performance implications of industry incumbent firms competitive actions when faced with entrants with asset-sharing business models, like Airbnb. ASBMP represents the amount of third-party products and services that originally were unavailable inside the traditional business model but now are orchestrated by asset-sharing companies in an industry. We use texting mining and econometrics approaches to analyze a longitudinal dataset in the accommodation industry. Our results demonstrate that incumbents competitive action repertoires (i.e., action volume, complexity, and heterogeneity) increase their performance when the ASBMP is high but decrease incumbents performance when the ASBMP is low. Practically, incumbents who are facing greater threat from asset-sharing firms can implement more aggressive competitive action repertoires and strategically focus on new product and M&A strategies. This research contributes to the literature of both competitive dynamics and asset-sharing business models

From Ancient Contemplative Practice to the App Store: Designing a Digital Container for Mindfulness

Hundreds of popular mobile apps today market their ties to mindfulness. What activities do these apps support and what benefits do they claim? How do mindfulness teachers, as domain experts, view these apps? We first conduct an exploratory review of 370 mindfulness-related apps on Google Play, finding that mindfulness is presented primarily as a tool for relaxation and stress reduction. We then interviewed 15 U.S. mindfulness teachers from the therapeutic, Buddhist, and Yogic traditions about their perspectives on these apps. Teachers expressed concern that apps that introduce mindfulness only as a tool for relaxation neglect its full potential. We draw upon the experiences of these teachers to suggest design implications for linking mindfulness with further contemplative practices like the cultivation of compassion. Our findings speak to the importance of coherence in design: that the metaphors and mechanisms of a technology align with the underlying principles it follows.Comment: 10 pages (excluding references), 4 figures. To appear in the Proceedings of DIS '20: Designing Interactive Systems Conference 202

Eye quietness and quiet eye in expert and novice golf performance: an electrooculographic analysis

Quiet eye (QE) is the final ocular fixation on the target of an action (e.g., the ball in golf putting). Camerabased eye-tracking studies have consistently found longer QE durations in experts than novices; however, mechanisms underlying QE are not known. To offer a new perspective we examined the feasibility of measuring the QE using electrooculography (EOG) and developed an index to assess ocular activity across time: eye quietness (EQ). Ten expert and ten novice golfers putted 60 balls to a 2.4 m distant hole. Horizontal EOG (2ms resolution) was recorded from two electrodes placed on the outer sides of the eyes. QE duration was measured using a EOG voltage threshold and comprised the sum of the pre-movement and post-movement initiation components. EQ was computed as the standard deviation of the EOG in 0.5 s bins from –4 to +2 s, relative to backswing initiation: lower values indicate less movement of the eyes, hence greater quietness. Finally, we measured club-ball address and swing durations. T-tests showed that total QE did not differ between groups (p = .31); however, experts had marginally shorter pre-movement QE (p = .08) and longer post-movement QE (p < .001) than novices. A group × time ANOVA revealed that experts had less EQ before backswing initiation and greater EQ after backswing initiation (p = .002). QE durations were inversely correlated with EQ from –1.5 to 1 s (rs = –.48 - –.90, ps = .03 - .001). Experts had longer swing durations than novices (p = .01) and, importantly, swing durations correlated positively with post-movement QE (r = .52, p = .02) and negatively with EQ from 0.5 to 1s (r = –.63, p = .003). This study demonstrates the feasibility of measuring ocular activity using EOG and validates EQ as an index of ocular activity. Its findings challenge the dominant perspective on QE and provide new evidence that expert-novice differences in ocular activity may reflect differences in the kinematics of how experts and novices execute skills

Individual information systems : design, use, and a negative outcome in the business and private domain

Digitalization increasingly changes individuals business and private lives. Today, individuals build and use ever more complex individual information systems (IIS) composed of privately-owned and business-owned components. The COVID-19 pandemic has accelerated this development since individuals were forced to work from home due to the social distancing measures associated with the pandemic. The ongoing digitalization comes with great opportunities for individuals, such as higher mobility and flexibility, as well as for organizations, such as lower costs and increased productivity. However, the increased use of IIS at the workplace also bears risks for individuals. Such risks include technostress, which refers to stress that is caused by digital technologies. Technostress, in turn, can lead to health-related issues, reduced productivity, and higher turnover intentions. Thus, to leverage the positive opportunities of digitalization while reducing its associated risk of technostress, a better understanding of IIS, their use, and its effect on technostress, and of individual resources that may affect this relationship is needed. The aim of this dissertation is threefold: First, to contribute to a better understanding of layers of IIS and their different components. Second, since a negative outcome of IIS use can be technostress, this dissertation seeks to advance knowledge on technostress creators and how they can be influenced by IIS use and by various IIS characteristics. Third, this dissertation aims to reveal which resources of individuals may help mitigate technostress. This dissertation uses quantitative methods, such as online surveys and structural equation modeling, and qualitative methods, such as literature analyses and semi-structured interviews. Thereby, the methodological focus lies on quantitative data collection and analysis, while some papers use a mixed-methods approach as a combination of quantitative and qualitative methods. Chapter 2 of this dissertation aims at providing a better understanding of IIS by investigating its various components. Therefore, Chapter 2.1 conceptualizes four layers of IIS: devices, digital identities, relationships, and information. It also considers that IIS have two more or less integrated subsystems: the business information systems with business-owned components and the private information systems with privately-owned components. An empirical validation supports this conceptualization as well as the definition of integration between the two sub-systems on each of the four layers. Chapter 2.2 studies IT consumerization, which refers to the use of private IIS components in the business domain and applies a risk-benefit consideration. The results imply that benefits of consumerization of IT services, such as better functionalities of a private IT service outweigh risks, such as the threat of sanctions for the use of private IT services. Chapter 3 focuses on technostress as a negative outcome of the increased IIS use. Chapter 3.1 analyzes how IT consumerization is related to the technostress creator unreliability of digital technologies. The results reveal a positive relationship between IT consumerization and unreliability and show that unreliability is perceived higher when the IT portfolio integration and the individuals computer self-efficacy are low. Chapter 3.2 proceeds with studying characteristics of digital technologies and how these are related to technostress. It presents ten characteristics that are associated with at least one technostress creator. Chapter 3.3 extends the concept of technostress and introduces a framework of twelve different technostress creators, reveals four second-order factors underlying the twelve technostress creators, and brings them into relation with work- and health-related effects. Chapter 4 also deals with technostress and investigates resources to mitigate technostress. Chapter 4.1 focuses on organizational measures and finds different relationships of the investigated measures with different technostress creators. While some of the technostress creators can be inhibited by the implementation of organizational measures, others are found to be even intensified by the organizational measures. Chapter 4.2 focuses on social mechanisms that function as technostress inhibitors. Findings differ between technostress creators and the investigated social support dimensions. Furthermore, the results highlight the fact that some of the social support dimensions gain even greater importance in light of increasing telework. In summary, this dissertation provides new insights into IIS and their use, the emergence of technostress in digitalized workplaces, and organizational as well as social mechanisms that help mitigate technostress. Hence, this dissertation supports current efforts in both research and practice to reduce technostress while leveraging the positive opportunities of workplace digitalization.Die Digitalisierung verändert unser berufliches und privates Leben zunehmend und hat dazu geführt, dass Individuen heute immer komplexere individuelle Informationssysteme (IIS) nutzen. Die COVID-19-Pandemie hat diese Entwicklung noch beschleunigt, da Beschäftigte durch Social-Distancing-Maßnahmen gezwungen waren, von zu Hause aus zu arbeiten. Die fortschreitende Digitalisierung der Arbeitswelt bringt sowohl für Individuen als auch für Organisationen große Chancen mit sich, wie höhere Mobilität und Flexibilität sowie geringere Kosten und eine gesteigerte Produktivität. Allerdings birgt die verstärkte Nutzung von IIS am Arbeitsplatz auch Risiken. Dazu gehört Technostress, also Stress, der durch digitale Technologien verursacht wird. Technostress wiederum kann zu gesundheitlichen Problemen, verringerter Produktivität sowie einer höheren Fluktuationsrate führen. Um die Chancen der Digitalisierung nutzen und gleichzeitig die Risiken des Technostresses reduzieren zu können, ist ein besseres Verständnis über IIS, deren Nutzung und deren Auswirkung auf Technostress erforderlich sowie darüber, welche individuellen Ressourcen diesen Zusammenhang beeinflussen. Die vorliegende Dissertation verfolgt drei Ziele: Erstens soll zu einem besseren Verständnis über IIS und deren Komponenten beigetragen werden. Zweitens soll das Wissen über Auslöser von Technostress erweitert werden sowie darüber, wie Technostress durch die Nutzung von IIS und durch verschiedene IIS-Charakteristika beeinflusst werden kann. Drittens strebt die Dissertation an, aufzuzeigen, welche Ressourcen helfen, Technostress zu verringern. Zu diesem Zweck werden quantitative Methoden (z.B. Online-Befragungen und Strukturgleichungsmodellierung) und qualitative Methoden (Literaturanalysen und semi-strukturierte Interviews) eingesetzt. Der methodische Schwerpunkt liegt dabei auf der quantitativen Datenerhebung und -analyse, wobei teilweise ein Mixed-Methods-Ansatz als Kombination quantitativer und qualitativer Methoden verwendet wird. Kapitel 2 zielt auf ein besseres Verständnis über IIS und deren verschiedene Komponenten ab. Dafür werden in Kapitel 2.1 vier Ebenen eines IIS konzeptualisiert: Devices, Digital Identities, Beziehungen und Informationen. Zudem berücksichtigt die Konzeptualisierung, dass ein IIS aus zwei mehr oder weniger integrierten Subsystemen besteht: dem beruflichen und dem privaten Informationssystem. Eine empirische Validierung unterstützt die Konzeptualisierung sowie die Definition der Integration zwischen den Subsystemen auf jeder der vier Ebenen. Kapitel 2.2 analysiert IT-Consumerization also die Nutzung privater IIS-Komponenten im beruflichen Kontext. Die Ergebnisse zeigen, dass der relative Nutzen, wie z.B. bessere Funktionalitäten des privaten IT-Services, die wahrgenommenen Risiken, wie z.B. die Androhung von Sanktionen für die Nutzung privater IT-Services, überwiegt. Kapitel 3 beschäftigt sich mit Technostress als negativer Folge der verstärkten IIS-Nutzung. In Kapitel 3.1 wird analysiert, wie IT-Consumerization mit dem Belastungsfaktor Unzuverlässigkeit digitaler Technologien zusammenhängt. Die Ergebnisse zeigen einen positiven Zusammenhang, der noch stärker wahrgenommen wird, wenn die IT-Portfolio-Integration und die Computer-Selbstwirksamkeit des Individuums niedrig sind. Kapitel 3.2 untersucht Charakteristika digitaler Technologien und deren Zusammenhang mit Technostress. Es werden zehn Charakteristika gesammelt, die mit mindestens einem digitalen Belastungsfaktor zusammenhängen. Kapitel 3.3 erweitert das Technostress-Konzept und präsentiert zwölf digitale Belastungsfaktoren. Zudem werden vier Faktoren aufgedeckt, die den zwölf Belastungsfaktoren zugrunde liegen, und mit arbeits- und gesundheitsbezogenen Folgen in Zusammenhang gebracht. Kapitel 4 untersucht Ressourcen, die helfen können, Technostress zu mindern. Kapitel 4.1 untersucht organisatorische Maßnahmen und findet unterschiedliche Zusammenhänge der untersuchten Maßnahmen mit verschiedenen digitalen Belastungsfaktoren. Während einige der Belastungsfaktoren durch die organisatorischen Maßnahmen gehemmt werden, werden andere sogar verstärkt. Kapitel 4.2 untersucht soziale Mechanismen, die Technostress verringern können. Die Ergebnisse zeigen unterschiedliche Auswirkungen der untersuchten Dimensionen sozialer Unterstützung auf die digitalen Belastungsfaktoren. Darüber hinaus wird deutlich, dass einige der Dimensionen sozialer Unterstützung angesichts der zunehmenden Arbeit von zuhause eine noch größere Bedeutung erlangen. Zusammenfassend liefert die vorliegende Dissertation neue Erkenntnisse über IIS und deren Nutzung, die Entstehung von Technostress und über organisatorische sowie soziale Mechanismen, die helfen, Technostress zu mindern. Damit leistet die Dissertation einen Beitrag zu den aktuellen Initiativen in Forschung und Praxis, Technostress zu reduzieren und gleichzeitig die Chancen der Digitalisierung der Arbeit zu realisieren

Agile Processes in Software Engineering and Extreme Programming: 18th International Conference, XP 2017, Cologne, Germany, May 22-26, 2017, Proceedings

agile software development; lean development; scrum; project management; software developmen