141 research outputs found
Drafting a composite indicator of validity for regulatory models and legal systems
The aim of this paper is to lay the groundwork for the creation of a composite indicator of the validity of regulatory systems. The composite nature of the indicator implies a) that its construction is embedded in the long-standing theoretical debate and framework of legal validity; b) that it formally contains other sub-indicators whose occurrence is essential to the determination of validity. The paper suggests, in other words, that validity is a second-degree property, i.e., one that occurs only once the justice, efficiency, effectiveness, and enforceability of the system have been checked
Information security: Listening to the perspective of organisational insiders
Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research & Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders – a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders’ perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed
Critical analysis of information security culture definitions
This article aims to advance the understanding of information security culture through a critical reflection on the wide-ranging definitions of information security culture in the literature. It uses the hermeneutic approach for conducting literature reviews. The review identifies 16 definitions of information security culture in the literature. Based on the analysis of these definitions, four different views of culture are distinguished. The shared values view highlights the set of cultural value patterns that are shared across the organization. An action-based view highlights the behaviors of individuals in the organization. A mental model view relates to the abstract view of the individual’s thinking on how information security culture must work. Finally, a problem-solving view emphasizes a combination of understanding from shared value-based and action-based views. The paper analyzes and presents the limitations of these four views of information security culture definitions
A framework for designing cloud forensic‑enabled services (CFeS)
Cloud computing is used by consumers to access cloud services. Malicious
actors exploit vulnerabilities of cloud services to attack consumers. The link
between these two assumptions is the cloud service. Although cloud forensics assists
in the direction of investigating and solving cloud-based cyber-crimes, in many
cases the design and implementation of cloud services falls back. Software designers
and engineers should focus their attention on the design and implementation of
cloud services that can be investigated in a forensic sound manner. This paper presents
a methodology that aims on assisting designers to design cloud forensic-enabled
services. The methodology supports the design of cloud services by implementing
a number of steps to make the services cloud forensic-enabled. It consists
of a set of cloud forensic constraints, a modelling language expressed through a
conceptual model and a process based on the concepts identified and presented in
the model. The main advantage of the proposed methodology is the correlation of
cloud services’ characteristics with the cloud investigation while providing software
engineers the ability to design and implement cloud forensic-enabled services via
the use of a set of predefined forensic related task
Sex and sexuality: An evolutionary view
In this article, I first offer a summary of Darwin’s main ideas, especially relating to sex, and explain how these have been elaborated by more recent evolutionary scholars. I then give an account of the historical divergence between psychoanalysis and classical Darwinian thought, and describe how the early psychoanalyst Sabina Spielrein tried to counter this by addressing some biological themes in her work. Following a review of some contemporary attempts to bring psychoanalysis and evolutionary thought into alignment with each other, I make some suggestions regarding a view of sex and sexuality that would be sound in evolutionary terms while also being helpful in psychoanalytic ones
- …