Co-design and modelling of security policy for cultural and behavioural aspects of security in organisations

Organisations have historically applied a technology-oriented approach to information security. However, organisations are increasingly acknowledging the importance of human factors in managing secure workplaces. Having an effective security culture is seen as preferable to enforced compliance with policy. Yet, the study of security culture has not been addressed consistently, either in terms of its conceptual meaning or its practical implementation. Consequently, practitioners lack guidance on cultural elements of security provisioning and on engaging employees in identifying security solutions. To address existing problems relating to security policy in respect of organisational culture, this thesis explores behavioural and cultural aspects of organisational security. We address gaps in human-centred research, focusing on the lack of work representing real-world environments and insufficient collaboration between researchers and practitioners in the study of security culture. We address these gaps through analytical work, a novel co-design methodology, and two user studies. We demonstrate that current approaches to security interventions mirror rational-agent economics, even where behavioural economics is embodied in promoting security behaviours. We present two case studies exploring the dynamics between security provisioning and organisational culture in real-world environments, focusing on distinct groups of users — employees, security managers, and IT/security support — whose interactions are understudied. Our co-design methodology surfaces the complex, interconnected nature of supporting workable security practices by engaging modellers and stakeholders in a collaborative process producing mutually understood and beneficial models. We find employees prefer local support and assurances of secure behaviour rather than guidance without local context. Trust-based relationships with support teams improve engagement. Policy is perceived through interactions with support staff and by observing everyday workplace security behaviours. We find value in engaging with decision-makers and understanding their decision-making processes. We encourage researchers and practitioners to engage in a co-design process producing multi-stakeholder views of the complexities of security in organisations

The use of implants for ear prosthesis. Bringing back hope and smile

Introduction: Maxillofacial prosthetics is an ever-evolving branch of patient compliance in restoring and rehabilitating craniofacial defects and problems. Craniofacial defects include a large proportion of newborns with one or a combination of different defects. Purpose: It is known that the causes of facial tissue loss are often congenital malformations, tumoral lesions or accidents. Facial defects can cause not only functional problems, but also some serious psychological problems that can make the individual avoid social contact. With this in mind, the first goal of maxillofacial rehabilitation should be to solve aesthetic problems. The loss of any facial structure is associated with psychological impact that compromises an individual\u27s self-confidence. The outer ear is an integral part of the face and the loss of any part of the ear structure in an individual changes their overall aesthetics and appearance, thus affecting their mental status. The absence of the ear results in an asymmetrical, distorted appearance, which may not greatly affect function, but the patient\u27s psychological state and self-esteem are profoundly affected. Methods: Data were researched using online information in Researchgate, Pubmed, ScienceDirect, analyzing articles and books written and students\u27 books. Of the 60 articles analyzed, 21 articles were included in the writing of this review article. Conclusion: Implant-supported ear prostheses offer numerous advantages to the patient: they provide comfort, provide security, easy to wear and stable positioning, and eliminate the need for adhesives to hold the prosthesis

You've left me no choices: Security economics to inform behaviour intervention support in organizations

Security policy-makers (influencers) in an organization set security policies that embody intended behaviours for employees (as decision-makers) to follow. Decision-makers then face choices, where this is not simply a binary decision of whether to comply or not, but also how to approach compliance and secure working alongside other workplace pressures, and limited resources for identifying optimal security-related choices. Conflict arises due to information asymmetries present in the relationship, where influencers and decision-makers both consider costs, gains, and losses in ways which are not necessarily aligned. With the need to promote ‘good enough’ decisions about security-related behaviours under such constraints, we hypothesize that actions to resolve this misalignment can benefit from constructs from both traditional economics and behavioural economics. Here we demonstrate how current approaches to security behaviour provisioning in organizations mirror rational-agent economics, even where behavioural economics is embodied in the promotion of individual security behaviours. We develop and present a framework to accommodate bounded security decision-making, within an ongoing programme of behaviours which must be provisioned for and supported. We also point to applications of the framework in negotiating sustainable security behaviours, such as policy concordance and just security cultures

How Genes and Environmental Factors Determine the Different Neurodevelopmental Trajectories of Schizophrenia and Bipolar Disorder

The debate endures as to whether schizophrenia and bipolar disorder are separate entities or different manifestations of a single underlying pathological process. Here, we argue that this sterile argument obscures the fact that the truth lies somewhere in between. Thus, recent studies support a model whereby, on a background of some shared genetic liability for both disorders, patients with schizophrenia have been subject to additional genetic and/or environmental factors that impair neurodevelopment; for example, copy number variants and obstetric complications are associated with schizophrenia but not with bipolar disorder. As a result, children destined to develop schizophrenia show an excess of neuromotor delays and cognitive difficulties while those who later develop bipolar disorder perform at least as well as the general population. In keeping with this model, cognitive impairments and brain structural abnormalities are present at first onset of schizophrenia but not in the early stages of bipolar disorder. However, with repeated episodes of illness, cognitive and brain structural abnormalities accumulate in both schizophrenia and bipolar disorder, thus clouding the picture

The boundedly rational employee: Security economics for behaviour intervention support in organizations

Security policy-makers (influencers) in an organization set security policies that embody intended behaviours for employees (as decision-makers) to follow. Decision-makers then face choices, where this is not simply a binary decision of whether to comply or not, but also how to approach compliance and secure working alongside other workplace pressures, and limited resources for identifying optimal security-related choices. Conflict arises because of information asymmetries present in the relationship, where influencers and decision-makers both consider costs, gains, and losses in ways which are not necessarily aligned. With the need to promote ‘good enough’ decisions about security-related behaviours under such constraints, we hypothesize that actions to resolve this misalignment can benefit from constructs from both traditional economics and behavioural economics. Here we demonstrate how current approaches to security behaviour provisioning in organizations mirror rational-agent economics, even where behavioural economics is embodied in the promotion of individual security behaviours. We develop and present a framework to accommodate bounded security decision-making, within an ongoing programme of behaviours which must be provisioned for and supported. Our four stage plan to Capture, Adapt, Realign, and Enable behaviour choices provides guidance for security managers, focusing on a more effective response to the uncertainty associated with security behaviour in organizations

‘The trivial tickets build the trust’: a co-design approach to understanding security support interactions in a large university

Increasingly, organizations are acknowledging the importance of human factors in the management of security in workplaces. There are challenges in managing security infrastructures in which there may be centrally mandated and locally managed initiatives to promote secure behaviours. We apply a co-design methodology to harmonize employee behaviour and centralized security management in a large university. This involves iterative rounds of interviews connected by the co-design methodology: 14 employees working with high-value data with specific security needs; seven support staff across both local and central IT and IT-security support teams; and two senior security decision-makers in the organization. We find that employees prefer local support together with assurances that they are behaving securely, rather than precise instructions that lack local context. Trust in support teams that understand local needs also improves engagement, especially for employees who are unsure what to do. Policy is understood by employees through their interactions with support staff and when they see colleagues enacting secure behaviours in the workplace. The iterative co-design approach brings together the viewpoints of a range of employee groups and security decision-makers that capture key influences that drive secure working practices. We provide recommendations for improvements to workplace security, including recognizing that communication of the policy is as important as what is in the policy

Philosophical afterthought and Hegel's account of the Fall in the Encyclopaedia logic

The purpose of the essay is to offer a close reading of Hegel's account of the Fall along theologically orthodox lines. To this extent I am more in agreement with traditional readers of Hegel like Peter Hodgson, and more recently theologians like Graham Ward and Nicholas Adams who wish to bring Hegel closer to a 'generous orthodoxy' (Ward, p. 290) in order to open up the possibility of appropriating elements of the Hegelian project for the purposes of Christian theology and philosophy. In so far as I will argue for an orthodox reading of the Fall in the Encyclopaedia Logic, I will nevertheless try to show how this more or less theologically traditional reading of a religious account in Hegel engenders a sophisticated and in many ways novel meta-philosophical argument for the foundations of philosophy grounded in the features of human thought which participates in divine thought

Social Deprivation, Inequality, and the Neighborhood-Level Incidence of Psychotic Syndromes in East London

licenses/by-nc/3.0/), which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited