Drafting a composite indicator of validity for regulatory models and legal systems

The aim of this paper is to lay the groundwork for the creation of a composite indicator of the validity of regulatory systems. The composite nature of the indicator implies a) that its construction is embedded in the long-standing theoretical debate and framework of legal validity; b) that it formally contains other sub-indicators whose occurrence is essential to the determination of validity. The paper suggests, in other words, that validity is a second-degree property, i.e., one that occurs only once the justice, efficiency, effectiveness, and enforceability of the system have been checked

Information security: Listening to the perspective of organisational insiders

Aligned with the strategy-as-practice research tradition, this article investigates how organisational insiders understand and perceive their surrounding information security practices, how they interpret them, and how they turn such interpretations into strategic actions. The study takes a qualitative case study approach, and participants are employees at the Research & Development department of a multinational original brand manufacturer. The article makes an important contribution to organisational information security management. It addresses the behaviour of organisational insiders – a group whose role in the prevention, response and mitigation of information security incidents is critical. The article identifies a set of organisational insiders’ perceived components of effective information security practices (organisational mission statement; common understanding of information security; awareness of threats; knowledge of information security incidents, routines and policy; relationships between employees; circulation of stories; role of punishment provisions; and training), based on which more successful information security strategies can be developed

Critical analysis of information security culture definitions

This article aims to advance the understanding of information security culture through a critical reflection on the wide-ranging definitions of information security culture in the literature. It uses the hermeneutic approach for conducting literature reviews. The review identifies 16 definitions of information security culture in the literature. Based on the analysis of these definitions, four different views of culture are distinguished. The shared values view highlights the set of cultural value patterns that are shared across the organization. An action-based view highlights the behaviors of individuals in the organization. A mental model view relates to the abstract view of the individual’s thinking on how information security culture must work. Finally, a problem-solving view emphasizes a combination of understanding from shared value-based and action-based views. The paper analyzes and presents the limitations of these four views of information security culture definitions

A framework for designing cloud forensic‑enabled services (CFeS)

Cloud computing is used by consumers to access cloud services. Malicious actors exploit vulnerabilities of cloud services to attack consumers. The link between these two assumptions is the cloud service. Although cloud forensics assists in the direction of investigating and solving cloud-based cyber-crimes, in many cases the design and implementation of cloud services falls back. Software designers and engineers should focus their attention on the design and implementation of cloud services that can be investigated in a forensic sound manner. This paper presents a methodology that aims on assisting designers to design cloud forensic-enabled services. The methodology supports the design of cloud services by implementing a number of steps to make the services cloud forensic-enabled. It consists of a set of cloud forensic constraints, a modelling language expressed through a conceptual model and a process based on the concepts identified and presented in the model. The main advantage of the proposed methodology is the correlation of cloud services’ characteristics with the cloud investigation while providing software engineers the ability to design and implement cloud forensic-enabled services via the use of a set of predefined forensic related task

Sex and sexuality: An evolutionary view

In this article, I first offer a summary of Darwin’s main ideas, especially relating to sex, and explain how these have been elaborated by more recent evolutionary scholars. I then give an account of the historical divergence between psychoanalysis and classical Darwinian thought, and describe how the early psychoanalyst Sabina Spielrein tried to counter this by addressing some biological themes in her work. Following a review of some contemporary attempts to bring psychoanalysis and evolutionary thought into alignment with each other, I make some suggestions regarding a view of sex and sexuality that would be sound in evolutionary terms while also being helpful in psychoanalytic ones