Security readiness evaluation framework for Tonga e-government initiatives

The rapid expansion of the Information and Communication Technologies (ICTs) in the Pacific have reached the Kingdom of Tonga. The submarine fibre-optic cable which connects Tonga to Fiji and onward to a hub in Sydney went live 2013. Now the people of Tonga experience the high-speed impact of digital communication, fast international access, and social changes such as the government is implementing a digital society through e-government services. This study focuses on identifying the factors that will later become a vulnerability and a risk to the security of Tonga government e-government initiatives. Data was collected through interviews with three government officials, document analysis, and critical reflection on the theory context. Consequently, a security-readiness evaluation framework has been designed from the data analysis to inform the e-government initiatives. This study contributes a security-readiness evaluation framework for use in developing countries to guide the implementation of e-government initiatives

Scientific Knowledge of the Human Side of Information Security as a Basis for Sustainable Trainings in Organizational Practices

Comprehensive digitization leads to new chal-lenges because of cybercrime and related security countermeasures. There is no doubt that this will fundamentally affect our lives and is leading to an increase in the importance of information security (IS). However, technology solutions alone are not sufficient to ensure IS countermeasures. The human side of security is important to protect organizational assets like user information and systems. The paper illustrates these relationships in terms of information security awareness (ISA), examining its goals and the factors influencing it through the systematic analysis and review of scientific literature and the transfer of scientific knowledge for practical purposes. We reviewed the publications of leading academic journals in the field of IS over the past decade

Information security: Listening to the perspective of organisational insiders

Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research & Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders – a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders’ perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed

Work in Progress: Class and Voter Interaction in Election Campaigns of Dutch Social Democrats, c. 1945 to the 1970s

Abstract: This article discusses the post-war history of the Dutch social-democratic Partij van de Arbeid. It takes as its point of departure the fact that the two elements at the heart of contemporary discussions about the future of social democracy – struggles over the definition of its constituency, particularly the role class should play in it, and attempts to revitalize its interaction with the electorate – are present throughout the post-war history of the PvdA. The article explores both the content and mode of political representation: it investigates the representative claims of the Dutch social democrats and the communicative practices through which these claims were made in order to establish how the PvdA imagined and tried to constitute its constituency. Who, which groups of voters, were the social democrats claiming to represent? How did they try to reach voters? How did their interaction with the electorate develop against the background of the rise of – new forms of – mass media?Abstract: This article discusses the post-war history of the Dutch social-democratic Partij van de Arbeid. It takes as its point of departure the fact that the two elements at the heart of contemporary discussions about the future of social democracy – struggles over the definition of its constituency, particularly the role class should play in it, and attempts to revitalize its interaction with the electorate – are present throughout the post-war history of the PvdA. The article explores both the content and mode of political representation: it investigates the representative claims of the Dutch social democrats and the communicative practices through which these claims were made in order to establish how the PvdA imagined and tried to constitute its constituency. Who, which groups of voters, were the social democrats claiming to represent? How did they try to reach voters? How did their interaction with the electorate develop against the background of the rise of – new forms of – mass media

Information Security Awareness in Public Administrations

Government digital agendas worldwide go hand in hand with the digital transformation in businesses and public administrations as well as the digital changes taking place in society. Information security (IS) and awareness (ISA) must be an integrated part of these agendas. The goal of IS is to protect information of all types and origins. Here, the employees play a necessary and significant role in the success of IS, and the entire staff of an institution need to know about their specific roles and be aware of the information security management system (ISMS). As there are still fundamental strategic deficiencies in the institutions themselves, humans should not be called “the weakest link” in the security chain. Rather, sustainable awareness-raising and training for people should be established in the institutions using interactive, authentic, and game-based learning methods. Psychological studies show the great importance of emotionalization when communicating IS knowledge and the reliable exchange of experience about IS. However, in many institutions, a change in culture is becoming necessary. IS must be integrated into all (business) processes and projects, and viable safeguards must be included. This chapter summarizes the most important scientific findings and transfers them to the practice of public administrations in Germany. Moreover, it shows examples of learning methods and provides practical assistance for IS sensitization and training

Informacijos saugumo valdymas Lietuvos viešajame sektoriuje

Informacijos saugumas tampa vis aktualesnis šiuolaikinėje visuomenėje. Dažniausiai informacijos saugumo problematika išryškėja įvykus informacijos saugumo incidentams ar pažeidimams, todėl suprantama, kad visame pasaulyje augantis informacijos saugumo pažeidimų skaičius ir dėl jų patiriamų nuostolių mastai įvardijami kaip vienas iš pagrindinių informacijos saugumo problemų egzistavimo rodiklių. Vertinant nuolatinį šių problemų pobūdį, galima daryti prielaidą, kad trūksta sisteminio požiūrio į informacijos saugumo valdymą. Užsienio šalių mokslininkai informacijos saugumo valdymo problematiką nagrinėja įvairiais strateginio, žmogiškojo veiksnio bei technologinio požiūrio aspektais; išskiriamas problematikos specifiškumas organizacijų, valstybės bei tarptautiniu lygmeniu, tačiau Lietuvoje informacijos saugumo valdymo mokslinis ištirtumas tebėra menkas. Siekiant išryškinti informacijos saugumo valdymo formavimosi Lietuvoje ypatumus tarptautiniame kontekste, straipsnyje teorinės užsienio ir Lietuvos mokslininkų informacijos saugumo valdymo paradigmos jungiamos į sisteminę informacijos saugumo valdymo koncepciją, o atliktas tyrimas leido įvertinti Lietuvos viešojo sektoriaus informacijos saugumo valdymo būklę ir suformuoti tolimesnių mokslinių tyrimų prielaidas.Pagrindiniai žodžiai: informacijos saugumas, informacijos saugumo valdymas, informacijos saugumo valdymo koncepcija, saugumo standartai, saugumo reikalavimai, informacinės sistemos, valstybės registrai, valstybės institucijos, viešasis sektorius.Information Security Management in Lithuania’s Public SectorSaulius Jastiuginas SummaryInformation security is becoming more and more important in modern society. The most common information security issues become apparent when information security incidents or violations occur. Worldwide growth in the number of security breaches and losses are the major indicators showing that there is a lack of systematic approach to information security management.Solution of practical problems requires the use of scientific approaches. Among academic researchers, a number of studies that focus on various aspects of information security management have emerged in recent years. Scientists are exploring the issues of information security management in various strategic, technological and human factor issues that also deals with the problems of organizations, national and international levels.Currently, in Lithuania is a lack of information security management research. In order to highlight the information security management characteristics of Lithuania in an international context, this paper combines a theoretical foreign and Lithuanian scientific information security management insights into the systemic information security management concept.This article also contains the results of the study, which allowed an assessment of the situation in Lithuania’s public sector information security management and creates preconditions for further research

Integralus informacijos saugumo valdymo modelis

oai:ojs.www4063.vu.lt:article/1063Saugumo sąvoka yra daugialypė ir nevienareikšmiškai apibrėžiama, saugumas gali būti suprantamas kaip būsena, kuri gali reikšti ir apsisaugojimą nuo pavojaus (objektyvus saugumas), ir saugumo jausmą (subjektyvus saugumas). Siekiant sumažinti neapibrėžtumą, aptariant saugumo sąvoką būtina įvardyti objektą, t. y. kas turi būti (tapti) saugu. Analizuojant informacijos saugumo mokslinių tyrimų problematiką, galima daryti prielaidą, kad pagrindinis objektas, kurį siekiama apsaugoti, yra informacija, tačiau neretai saugumo objektu virsta informacinės technologijos ar informacinės sistemos, kuriomis tvarkoma informacija. Darant esminę mokslinę prielaidą, kad svarbiausias informacijos saugumo objektas yra informacija, tikėtina, kad informacijos saugumas turėtų būti tiriamas kaip sudėtinė informacijos vadybos ir kitų gretutinių informacinių koncepcijų (informacijos išteklių vadybos, informacijos sistemų vadybos, informacijos įrašų vadybos) dalis. Straipsnyje aptariamas tyrimas, įrodantis keliamos mokslinės prielaidos pagrįstumą.Pagrindiniai žodžiai: informacijos saugumas, informacijos saugumo valdymas, informacijos vadyba, informacijos saugumo valdymo modelis.Integral Information Security Management ModelSaulius JastiuginasSummaryAnalysis of the currently most widely applied means of information security management (methodologies, standards, models) allows finding a growing assimilation of media content, but the frequent information security problems (for example, information security incident growth), show that the existing measures do not provide sufficient information security management.The analysis of information security research problems shows that the main object is to protect the information, but it often becomes the subject of security information technology or information systems that support information processing.A substantial scientific assumption is that the primary object of information security is information, it is likely that information security should be studied as an integral part of information management and the other related concepts (information resourcemanagement, information systems management, information, records management).The analysis of the information management has shown that the security component of informa30tion management is not developed. Scientific insight, emphasizing information as a critical resource organization, poor information management, focus on the resource security becomes a relevant scientific problem and do not provide scientific information security management problems that are apparent on the practical level.The aim of the study was to create a scientific basis for the integral management of information security model that integrates information security management and information management components.The paper deals with the basic information management tools and practices of information security management possibilities. The results of the analysis helped to reduce the gap in research and to develop a theoretical basis for the integral form of information security management model.The proposed theoretical model and the integrated security information management component extend the possibilities of secure information management.The aim of the article was to create a scientific basis for the integral model of information security management that integrates information security management and information management components.The paper analyzes the main information management tools and opportunities to use them for information security management. The results of the analysis helped to reduce the gap in scientific research and to develop a theoretical basis for the integral information security management model

Managing the Risks of Extreme Events and Disasters to Advance Climate Change Adaptation: Special Report of the Intergovernmental Panel on Climate Change

This Special Report on Managing the Risks of Extreme Events and Disasters to Advance Climate Change Adaptation (SREX) has been jointly coordinated by Working Groups I (WGI) and II (WGII) of the Intergovernmental Panel on Climate Change (IPCC). The report focuses on the relationship between climate change and extreme weather and climate events, the impacts of such events, and the strategies to manage the associated risks. The IPCC was jointly established in 1988 by the World Meteorological Organization (WMO) and the United Nations Environment Programme (UNEP), in particular to assess in a comprehensive, objective, and transparent manner all the relevant scientific, technical, and socioeconomic information to contribute in understanding the scientific basis of risk of human-induced climate change, the potential impacts, and the adaptation and mitigation options. Beginning in 1990, the IPCC has produced a series of Assessment Reports, Special Reports, Technical Papers, methodologies, and other key documents which have since become the standard references for policymakers and scientists.This Special Report, in particular, contributes to frame the challenge of dealing with extreme weather and climate events as an issue in decisionmaking under uncertainty, analyzing response in the context of risk management. The report consists of nine chapters, covering risk management; observed and projected changes in extreme weather and climate events; exposure and vulnerability to as well as losses resulting from such events; adaptation options from the local to the international scale; the role of sustainable development in modulating risks; and insights from specific case studies

Towards the Ethics of a Green Future

What are our obligations towards future generations who stand to be harmed by the impact of today’s environmental crises? This book explores ecological sustainability as a human rights issue and examines what our long-term responsibilities might be. This interdisciplinary collection of chapters provides a basis for understanding the debates on the provision of sustainability for future generations from a diverse set of theoretical standpoints. Covering a broad range of perspectives such as risk and uncertainty, legal implementation, representation, motivation and economics, Towards the Ethics of a Green Future sets out the key questions involved in this complex ethical issue. The contributors bring theoretical discussions to life through the use of case studies and real-world examples. The book also includes clear and tangible recommendations for policymakers on how to put the suggestions proposed within the book into practice. This book will be of great interest to all researchers and students concerned with issues of sustainability and human rights, as well as scholars of environmental politics, law and ethics more generally