Relating the cultural iceberg to organisations and information warfare

The Iceberg as initially proposed by Schein is often used when considering organizational culture and to try to understand what leads to visible behaviors and actions through surfacing the assumptions, values and beliefs that led to the selection of strategies, goals etc. When considering C2 in a contested environment, decision-making should never take place without fully understanding the context within which the decisions are being made. From all that is observable, we select those aspects that interest us and interpret them in our personal context and give them meaning accordingly. We will draw conclusions having applied our existing assumptions, frequently without acknowledging them, and develop beliefs based on these conclusions. Finally, we take actions that seem right in our context. The actions we may take will be from our personal repertoire according to the means available to us, the strength of our drive (motivation), and any constraints or restraints imposed on us. However, we need to see the ‘other’ by standing in their shoes and seek to understand their beliefs, values, motivations, and drives. We need to understand the impact of their organizational structures and technology on their courses of action. However, we also need to recognize they are doing the same to us, so we also need to look within to assess as best as possible those actions being taken against us to influence our beliefs, values, motivations, structures, and technological enablers. Finally, we explore what the impact on organization and C2 approaches and the challenges that need to be addressed. This is the critical understanding we need to achieve success

A multifaceted evaluation of the reference model of information assurance & security

The evaluation of a conceptual model, which is an outcome of a qualitative research, is an arduous task due to the lack of a rigorous basis for evaluation. Overcoming this challenge, the paper at hand presents a detailed example of a multifaceted evaluation of a Reference Model of Information Assurance & Security (RMIAS), which summarises the knowledge acquired by the Information Assurance & Security community to date in one all-encompassing model. A combination of analytical and empirical evaluation methods is exploited to evaluate the RMIAS in a sustained way overcoming the limitations of separate methods. The RMIAS is analytically evaluated regarding the quality criteria of conceptual models and compared with existing models. Twenty-six semi-structured interviews with IAS experts are conducted to test the merit of the RMIAS. Three workshops and a case study are carried out to verify the practical value of the model. The paper discusses the evaluation methodology and evaluation results

Self protecting data for de-perimeterised information sharing

The emergence of high-speed networks, Grid Computing, Service-Oriented Architectures, and an ever increasing ambient connection to mobile Internet has enabled an underpinning infrastructure for the development of dynamically formed, collaborative working groups known as Virtual Organisations (VOs). VOs provide strong motivation for investigation into the infrastructure, and in particular the security necessary to protect the information and resources shared within a VO, both while resident on local machines and when allowed to move beyond the secure boundary of a local organisational network perimeter and into the realm of the distributed VO. Traditional access control systems are perimeter- centric, meaning they apply the controls to both internal and external requests for access to information within or at the perimeter of their information system. • This paper presents the initial results of the JISC funded SPIDER project, being led by Cardiff University. Through case based example, the research investigates the limitations to granularity and persistent control over information when using the perimeter- centric approach in a collaborative working environment

GroundsWell: Community-engaged and data-informed systems transformation of Urban Green and Blue Space for population health – a new initiative

[version 1; peer review: awaiting peer review]Natural environments, such as parks, woodlands and lakes, have positive impacts on health and wellbeing. Urban Green and Blue Spaces (UGBS), and the activities that take place in them, can significantly influence the health outcomes of all communities, and reduce health inequalities. Improving access and quality of UGBS needs understanding of the range of systems (e.g. planning, transport, environment, community) in which UGBS are located. UGBS offers an ideal exemplar for testing systems innovations as it reflects place-based and whole society processes, with potential to reduce non-communicable disease (NCD) risk and associated social inequalities in health. UGBS can impact multiple behavioural and environmental aetiological pathways. However, the systems which desire, design, develop, and deliver UGBS are fragmented and siloed, with ineffective mechanisms for data generation, knowledge exchange and mobilisation. Further, UGBS need to be co-designed with and by those whose health could benefit most from them, so they are appropriate, accessible, valued and used well. This paper describes a major new prevention research programme and partnership, GroundsWell, which aims to transform UGBS-related systems by improving how we plan, design, evaluate and manage UGBS so that it benefits all communities, especially those who are in poorest health. We use a broad definition of health to include physical, mental, social wellbeing and quality of life. Our objectives are to transform systems so that UGBS are planned, developed, implemented, maintained and evaluated with our communities and data systems to enhance health and reduce inequalities. GroundsWell will use interdisciplinary, problem-solving approaches to accelerate and optimise community collaborations among citizens, users, implementers, policymakers and researchers to impact research, policy, practice and active citizenship. GroundsWell will be shaped and developed in three pioneer cities (Belfast, Edinburgh, Liverpool) and their regional contexts, with embedded translational mechanisms to ensure that outputs and impact have UK-wide and international application. Keyword

A framework for systems thinking practice

Presentation slides ©Cranfield UniversityThis paper provides a novel model/framework for OR practitioners to approach and engage in complex situations. Developed over many years by the Systems Thinking Practice team at Cranfield University, this framework builds upon and complements previous multi-methodology theory (Jackson, 2019; Mingers & Brocklesby, 1997) and draws from new methodological developments in philosophy of science (Blaikie & Priest, 2017). Reflective Practice lies at the heart of good systems intervention (Churchman, 1979; Dodd, 2018; Hoverstadt, 2022; Jackson, 2019). The proposed framework uses Reflective Practice as the conduit that coheres three interrelated and interdependent domains: the practitioner-academic interface; systems tools and methods; and philosophical perspectives. The intersection of these three domains highlights additional challenge areas that practitioners need to be aware of. At the intersection of Philosophy and Method is a new methodology that links the ‘whats’ and ‘hows’ (Checkland, 1999, p. 163). At the intersection of Practitioner and Method, the practitioner must balance the selection of methods in conjunction with their previous experience, skills and preference for individual tools, in such a way as to be mindful of any biases. The intersection between Practitioner and Philosophy is grounded in the lower levels of the Iceberg Model (Hall, 1976) where the practitioner should be mindful of (and potentially surface) any personal beliefs and values that may inhibit the appreciation of other perspectives. Currently, we apply this model/framework in research in Public Health, Defence and Security and Organisational Resilience; also, in teaching a new generation of systems thinking practitioners who will go on to be active members within the OR community. Going forward, our intention is to generate a set of principles to support practitioners engaging with complex situations within OR

Towards information sharing in virtual organisations: The development of an icon-based information control model

Today, innovation in information communication technology has encouraged contribution among different fields to tackle large-scale scientific problems or introduce novel inventories that, in both cases, demand extensive sharing of information among collaborating organisations in order to achieve the overall goal. Sharing information across different physical organisations, working as a single virtual organisation, raises a number of information security issues that limit the effectiveness, dynamism, and potential of collaborative working. Although extensive research has been conducted to provide secure information-sharing solutions within a single organisation, little research has investigated multi- organizational information-sharing environments where information requires to be protected but there are variations in information security needs and, in some cases, conflicts in applied information security controls. A key obstacle, the majority of research conducted in this area has overlooked, is not only the ability to govern remote access of users from one organisation to sensitive information stored in another organisation, but also having persistent control over owned information even after access has been granted and the information is either disseminated electronically, transformed into paper format, or even shared verbally. In addition, research was tailored to meet only specific research needs and address particular issues. Therefore, there is a lack of comprehensive, systematic approaches for controls on information usage shared electronically, regardless of specific circumstances. This paper aims to present a novel information control model that could keep information self-protected in dynamic collaborative environments by communicating information security needs along with the exchanged information using an Information Labelling Scheme. Based on SPIDER solution and Protective Commons, this scheme uses nine labelling icons (reflecting the protection type and level) associated with different information security controls (representing the information security mechanisms used to provide the protection). The model is demonstrated in the Microsoft Word 2007 application and a prototype has been developed as a plug-in software named Information Labelling Palette. It displays the nine self-explanatory icons in order for an information owner/user to label any information range within a single document using any icon. This consequently enforces the information security controls associated with the selected icon only into that particular range of electronic information, and secondly, communicates the information security needs to the recipient in a human-readable format, which would help keep recipients informed about how this information should be managed if printed out or shared verbally. Finally, the wide range of information security controls used in this proposed solution makes it widely applicable to meet the considerable diversity of organisations’ information security needs. Furthermore, it is believed to lay a solid foundation for future work in the area of information access control and control policy enforcement in collaborative environments

Information security requirements in patient-centred healthcare supporting systems

Enabling Patient-Centred (PC) care in modern healthcare requires the flow of medical information with the patient between different healthcare providers as they follow the patient's treatment plan. However, PC care threatens the stability of the balance of information security in the support systems since legacy systems fall short of attaining a security balance when sharing their information due to compromises made between its availability, integrity, and confidentiality. Results show that the main reason for this is that information security implementation in discrete legacy systems focused mainly on information confidentiality and integrity leaving availability a challenge in collaboration. Through an empirical study using domain analysis, observations, and interviews, this paper identifies a need for six information security requirements in legacy systems to cope with this situation in order to attain the security balance in systems supporting PC care implementation in modern healthcare