Analiza povezanosti pametnih mest s policijsko in kriminalistično dejavnostjo

Purpose: The main objective is to present the symbiosis between smart cities, policing, criminal investigation and criminal intelligence. Moreover, another purpose is to critically address the underlying privacy concerns arising from smart city designs. Design/Methods/Approach: The paper is theoretical in scope and utilises a literature review as the basic method. Correlations between smart cities, policing and criminal investigations are identified by analysing the applicability of core smart city technologies and services [SCTS]. Findings: It is evident that SCTS can influence policing styles and police effectiveness. SCTS hold great potential for criminal investigations and criminal intelligence as they provide information upon which police can develop investigations or crime-control strategies. Vice-versa, criminal investigations and criminal intelligence can provide guidelines for SCTS developers and the governance of smart cities. However, privacy concerns and the slowly developing regulatory framework remain the biggest issues when it comes to SCTS adoption, thus making measures to safeguard privacy a key factor for the legitimacy of smart cities and smart policing. Practical Implications: The paper introduces practical knowledge about the implications of smart cities for policing and crime investigation. Some research ideas are presented as well as suggestions for legislators, developers and others whose work area falls in the scope of (smart) city governance. Originality/Value: A comprehensive study of the symbiosis between smart cities and policing must not only consider the potential of SCTS but the related need to develop regulation and skillsets of human resources. Only a handful of papers address the connectivity of smart cities, criminal investigations and criminal intelligence from such a multidisciplinary scope. Therefore, the paper represents a contribution to works discussing these concepts.Namen prispevka: Namen prispevka je predstaviti simbiozo med pametnimi mesti, policijsko dejavnostjo, kriminalističnim preiskovanjem in kriminalističnoobveščevalno dejavnostjo. V tem kontekstu je podan tudi kritični razmislek o izzivih in dilemah, povezanih z varstvom zasebnosti. Metode: Prispevek je teoretične narave in temelji na pregledu literature. Korelacije med temeljnimi pojmi (pametna mesta, policijska in kriminalistična dejavnost) smo identificirali z analizo temeljnih tehnologij, sistemov in storitev, ki podpirajo delovanje pametnih mest. Ugotovitve: Tehnologije pametnih mest omogočajo razvoj novih oblik policijskega dela in imajo potencial za izboljšanje policijske učinkovitosti. Funkcionalnost tehnologij je razvidna tudi na področju kriminalistične dejavnosti, ki lahko z obdelovanjem podatkov in njihovo uporabo bolje načrtuje kriminalistične preiskave in razvija strategije preprečevanja kriminalitete. Simbioza je opazna tudi z nasprotnega vidika – s podajanjem smernic lahko kriminalistična in policijska dejavnost pomagata upravljavcem pametnih mest in razvojnikom tehnologij ter rešitev. Glavni izziv predstavlja varovanje zasebnosti in osebnih podatkov prebivalcev, zato so mehanizmi za preprečevanje zlorab ključni faktor legitimnosti pametnih mest in policijske dejavnosti. Praktična uporabnost: V prispevku so predstavljena uporabna znanja glede potencialov pametnih mest za izvajanje policijske in kriminalistične dejavnosti, prav tako tudi predlogi za raziskovalce in oblikovalce politik, razvojnike in druge, ki delujejo na področju upravljanja (pametnih) mest. Izvirnost/pomembnost prispevka: Če želimo razumeti sistem dejavnikov, ki vplivajo na simbiozo med policijsko dejavnostjo in pametnimi mesti, je treba upoštevati ne samo potenciale različnih tehnologij in rešitev, temveč tudi potrebe in dileme, ki se pojavijo sočasno s tehnološkim razvojem, primarno na področju razvoja kadrovskih kompetenc in prilagoditve normativnih okvirjev. Pregled literature pokaže, da obstajajo redke znanstvene objave, ki multidimenzionalno proučujejo simbiozo pametnih mest in policijske dejavnosti. Prispevek zato dopolnjuje obstoječa dela in znanja na tem področju

Information Warfare in Slovenia – from Traditional Local to Global Cyber Space

Namen prispevka: Opozoriti želimo na tveganja, ki so jim izpostavljeni vsi informacijski sistemi in jih prinaša informacijsko bojevanje. Z razvojem sodobne informacijskokomunikacijske tehnologije (v nadaljevanju IKT) je vojaško, politično, gospodarsko in ideološko motivirano bojevanje pridobilo popolnoma nove razsežnosti in nevarnosti, čeprav se njene resnosti marsikatera država še vedno ne zaveda. Zaradi anonimnosti, možnosti dostopanja z oddaljene lokacije in zakrivanja izvora napada, storilci svoje cilje dosegajo lažje in hitreje, kot je to bilo mogoče pred razvojem spleta in informacijske tehnologije. To je omogočilo razvoj in prenos informacijskega bojevanja na različna družbena področja. Ker pa so tehnike informacijskega bojevanja postale primerljive z ostalo (klasično) računalniško kriminaliteto, je kompleksnost problematike še toliko širša. Resnost in nevarnost tovrstne grožnje prikazujemo skozi primere. S predstavitvijo trenutne zakonske ureditve v Sloveniji pa želimo prikazati neustrezno normativno podlago za delo organov pregona. Trenutna zakonska ureditev omogoča stanje, v katerih je primere informacijskega bojevanja lažje vršiti kot preganjati. Metode: Podan je pregled definicij informacijskega bojevanja v strokovni literaturi. Na podlagi analize definicij je predlagana konkretna in natančnejša opredelitev pojava informacijskega bojevanja. Kratko so predstavljeni nekateri primeri kibernetskih napadov, ki potrjujejo obstoj tovrstne grožnje. Analizirana je aktualna zakonodaja v Republiki Sloveniji. Na podlagi ugotovljenih slabosti so podani utemeljeni predlogi za izboljšave zakonodaje. Ugotovitve: Temeljna ugotovitev prispevka je, da se je (informacijsko) bojevanje, kot tradicionalni način doseganja ciljev, z razvojem sodobne IKT razširilo v vse sfere družbenega življenja, skladno s tem pa so se spremenile tudi njegove tehnike delovanja. Kibernetsko okolje je tej grožnji omogočilo neobvladljivo širjenje, kar je povzročilo novo globalno/transnacionalno tveganje za države in organizacije. Gospodarstvo, kritična infrastruktura, politični odnosi in svetovni mir so tista temeljna področja, ki jih informacijsko bojevanje želi kompromitirati. Kot kaže trenutno stanje normativne ureditve informacijskega bojevanja, so na nacionalni ravni naše države pomanjkanje politične volje, nerazumevanje in ravnodušnost temeljni atributi, ki omogočajo obstoj in razvoj informacijskega bojevanja. Na ravni svetovnih velesil in mednarodnih organizacij pa gre, zaradi zavedanja in uporabe prednosti tovrstnega bojevanja, za poskus ohranjanja neurejenega stanja, saj z informacijskim bojevanjem napadajo normativno ureditev. Izvirnost/pomembnost prispevka: Izvirna vrednost prispevka je opredelitev informacijskega bojevanja. Poleg tega pa je pomemben tudi prikaz narave informacijskega bojevanja na primerih in stanje normativne ureditve. Slednje je glavni zaviralec za preprečevanje opisane problematike.Purpose: The purpose of this paper is to draw attention to security risks to information systems which confront every country and organization – the risk in question is information warfare. Development of modern information communication technology has led us to the situation in which politically, economically and ideologically motivated warfare has gained a completely new dimension and constitutes new dangers, but many countries still don’t acknowledge its presence. Anonymity, the possibility of accessing information from distant locations, and the possibility of concealing the source of the attack are enabling perpetrators to achieve their vicious goals much easier and faster than before the development of the Internet and information technology in general. Development made it possible for information warfare to spread to different social spheres. The complexity of this modern threat has become much more worrisome, because techniques of information warfare have became comparable with other (classic) computer crimes. We would like to demonstrate the gravity and danger of this threat through practical examples and present the current legal regulation of this issue in Slovenia. The current Slovenian legislation creates conditions in which it is easier to commit information warfare than prosecute it. Design/Methods/Approach: In forming a definition of information warfare, we used a comparative method. We carried out a comparison of different written sources published abroad. For better understanding the nature of modern warfare, we presented some practical examples. An understanding of the legislation in the Republic of Slovenia in reference to these issues was acquired through a thorough study and comparison of Slovenian legal acts. Findings: The main finding of this paper is that information warfare, which was used in the past for military purposes, has now (with the development of modern technology) spread into every area of society. Simultaneously the techniques of information warfare have also changed. Cyber space allowed information warfare to extend uncontrollably, and this resulted in the birth of new transnational and global threats to all countries and organizations. Economies, crucial national infrastructure, political relations and world peace are the main areas that information warfare tries to compromise. The current legislation, at the national and global levels, reflects, that a lack of political will, incomprehension and apathy are the major factors which allow information warfare to exist and develop. Originality/Value: The originality of this paper is in the suggested definition of information warfare, and further in the presentation of the nature of this specific threat through practical examples and an overview of the relevant legislature, which is the main obstacle in the prevention of this type of criminality

Uloga civilnog društva i zajednica u suzbijanju nasilnog ekstremizma i radikalizacije

Contemporary policies and initiatives aimed at addressing radicalisation and violent extremism aim to facilitate a systematic multi-stakeholder approach that encompasses the incorporation of civil society organisations. Despite the general recognition of various roles and potentials of non-state actors in the area of prevention and de-radicalisation, in practice, many challenges and knowledge-gaps are leading to a situation where civil society still represents an underused resource. This paper presents the potentials and capabilities of civil society and community organisations in countering violent extremism and radicalisation. Through an extensive literature review, we investigated good practices in joint collaborations, as well as practical limitations hindering the establishment of a whole-of-society approach. The central aim of this paper is to provide a clear picture of the current gaps and highlight conditions that need to be addressed in the future to facilitate a comprehensive and coordinated approach to countering violent extremism and radicalisation.Aktualne politike i inicijative usmjerene na suzbijanje radikalizacije i nasilnog ekstremizma potiču sustavan međuresorni pristup koji uključuje i organizacije civilnoga društva. Unatoč generalnom prepoznavanju različitih uloga i potencijala civilnog društva u području prevencije i deradikalizacije, u praksi je ipak puno izazova i neznanja što dovodi do toga da civilno društvo ostaje neiskorišteni resurs. U ovome radu prezentiramo potencijale i sposobnosti civilnog društva i njegovih organizacija i zajednica u suzbijanju nasilnog ekstremizma i radikalizacije. Kroz ekstenzivni pregled literature istražujemo dobre prakse u kolaboracijama, kao i ograničenja koja ometaju razvoj holističkog pristupa i angažmana cijelog društva u suzbijanju nasilnog ekstremizma i radikalizacije. Glavni je cilj ovoga rada pružiti jasnu sliku aktualnih propusta i uputiti na probleme koji se moraju rješavati kako bi u perspektivi bilo moguće postići sveobuhvatan i koordiniran pristup u suzbijanju nasilnog ekstremizma i radikalizacije

Decision-making factors contributing to the management of information security in organisations

Namen prispevka: V preglednem znanstvenem prispevku analiziramo aktualne varnostne trende in sociološke ter psihološke ovire, s katerimi se sooča varnostni management, z namenom pojasniti dileme pri zagotavljanju informacijske varnosti. V času negotovih razmer v poslovnem okolju postaja informacijska varnost vse pomembnejši poslovni proces. Učinkovitost je pogojena z različnimi okoljskimi, strukturnimi in osebnostnimi dejavniki, ki jih je potrebno upravljati, če se želi ustrezno obvladovati tveganja, ki ogrožajo obstoj organizacij. Metode: Analiza varnostnih trendov je izvedena s pregledom aktualnih mednarodnih raziskav o trenutnem stanju informacijske varnosti. Prav tako je bil izveden pregled teorij, ki pojasnjujejo vpliv psiholoških dejavnikov na odločitvene procese. S sintezo ugotovitev smo izoblikovali predpostavke o vzrokih neracionalnih odločitev, teoretične pristope pa smo nadgradili z njihovo umestitvijo v organizacijsko in varnostno področje. Ugotovitve: Ugotavljamo, da organizacije funkcije informacijske varnosti ne razvijajo ustrezno. Pregled aktualnih raziskav je pokazal, da se organizacije pogosto neučinkovito odzivajo na povečana varnostna tveganja, saj jim to onemogočajo neugodne poslovne razmere, strokovna nepodkovanost in tradicionalna vodstvena mentaliteta, spremembe na področju varnostnih rešitev in kognitivne pristranskosti pri odločevalcih. Prav tako ugotavljamo, da je učinkovitost informacijske varnosti vse bolj pogojena z netehničnimi ukrepi, pri čemer največjo vlogo odigra usposobljen, dobro razvit in strateško naravnan varnostni management. Praktična uporabnost: Varnostni trendi, ki jih predstavljamo v prispevku, za večino sodobnih organizacij predstavljajo velik izziv pri doseganju poslovne uspešnosti. S prispevkom želimo opozoriti na sodobne varnostne dileme in prispevati k večji ozaveščenosti odgovornega managementa. Ponujamo tudi izhodiščne točke za učinkovito soočanje s kognitivnimi ovirami pri sprejemanju odločitev. Izvirnost/pomembnost prispevka: Prispevek je aktualen, saj analizira najnovejše raziskave o informacijski varnosti in na osnovi tega predstavlja sodobne trende. Prav tako je izviren, ker združuje spoznanja s področja psihologije tveganj in odločitev ter informacijske varnosti v organizacijski kontekst.Purpose: Information security is becoming an ever more important business process in this period characterised by uncertainty in the business environment. Its efficiency depends on various environmental, structural, and personal factors which need to be managed in order to adequately control all risks threatening organisations‘ survival. This paper analyses current security trends, as well as sociological and psychological obstacles in security management, with a view to clarifying different dilemmas related to the provision of information security. Design/Methods/Approach: The analysis of security trends was conducted on the basis of an overview of current international research on the present state of play in the field of information security. It also includes an overview of theories explaining the impact of psychological factors on decision-making processes. Assumptions regarding the reasons for irrational decisions were drawn by performing the synthesis of findings, while theoretical approaches were upgraded by placing them in the organisational and security fields. Findings: The authors find that organisations are not developing the function of information security in an adequate manner. The overview of current research shows that organisations are often inefficient in their response to higher security risks, since they are prevented from doing so by unfavourable business conditions, lack of expertise, traditional management mentality, changes in the field of security- related solutions and cognitive bias found in decision-makers. The authors also find that the efficiency of information security is ever more dependent on non- technical measures, whereby trained, well-developed and strategically-oriented security management plays a crucial role. Practical Implications: For the majority of modern organisations, security trends presented in this paper represent a great challenge in terms of achieving business success. This paper wishes to draw attention to contemporary security-related dilemmas and raise the awareness of responsible management. The paper also provides several starting points enabling an efficient confrontation with cognitive obstacles in the course of decision-making. Originality/Value: This paper is up-to-date, as it analyses the latest research into information security and uses such analysis to present contemporary trends. It is also original, since it combines findings from the fields of the psychology of risk and decision- making, as well as from information security, and places them in organisational context

Stakeholders in Disengaging from Radicalisation in a Local Community

Radicalisation and extremism, with the potential to lead to violent extremism, are a constant security threat in modern democratic societies. In the last few decades, Europe generally and the Western Balkan countries in particular have been broadly viewed as a breeding ground for religious radicals and violent extremis It is becoming clear that radicalisation-prevention strategies must be locally oriented and harmonised at the international and interagency levels. It is intelligence agencies that deal with violent extremism since they are leading national security actors and operate using classified information. Nowadays, the police and other local stakeholders like local government, schools and NGOs are crucial for facilitating a preventative multi-agency approach, especially in local settings. Such an approach should combine measures from the area of criminal justice with policies from the fields of education, social inclusion and integration, while ensuring the timely provision of effective de-radicalisation and/or disengagement. The authors of this paper understand the term disengagement as the action or process of withdrawing from being involved in a radical activity, situation or group. It differs from counter-radicalisation (preventing radicalisation from taking place) and de-radicalisation (bringing about a change in values and ideas away from radical and/or violent ideas). The paper presents the preliminary findings of a study conducted on a sample of 108 students at the Croatian Police College of the MoI concerning the role of different stakeholders responsible for efforts towards the disengagement of individuals from radical and extremist movements in Croatia. The data were collected during the students’ study courses in December 2018.</p

Do they feel like cops? Police culture among private security guards

Police culture can result in several problems that can manifest themselves in various side effects, such as excessive use of force or domestic violence. Such occupational culture is formed due to the different circumstances police officers encounter in their work, e.g., constant exposure to danger, high authority, the possibility of using force, the right to autonomous decision-making, and working in a strictly hierarchical environment. As private security guards also operate in public areas and often in the public interest and have the option of enforcing measures that in some cases extend to the degree of police powers, previous research indicated that there is a possibility that a police-like occupational culture prevails among private security guards. The paper identifies the elements of police culture among private security guards through the narrative literature review. The literature search was performed according to a pre-defined strategy. We pre-determined the keywords, inclusion criteria, search methods, and bibliographic databases. The identified literature was analyzed with the descriptive and comparative methods. The results indicate that despite differences in the nature of their work, attitudes, and values between security guards and police officers, significantly more related circumstances and factors suggest similarities in occupational cultures

Učinkovitost sistema korporativne varnosti pri upravljanju informacijskih groženj

Purpose: Information security should be a strategic goal of every responsible and safety-conscious organisation that wants to follow current security and technological trends. The purpose of this paper is to summarize the corporate practices in addressing IT risks, to explain the benefits of a comprehensive approach to information security as a business function, and to improve understanding of the current issues associated with its management. Design/Methods/Approach: Topics presented in this paper were analysed using descriptive and qualitative analysis of international reports and surveys. The findings obtained using the comparative method and their synthesis are supported by other research in this area. Findings: Due to the large volume of information assets, sophisticated IT threats and the heterogeneous nature of security factors, the efficiency of information security is very difficult to achieve. It has been observed that many organisations are at an early stage in developing a comprehensive approach to information security, since, in practice, they are still dealing with the problems of the past, yet they are very consistent with tracking user trends. This disproportionate situation represents a major security challenge for an organisation’s management. Practical Implications: The findings of this research are useful for the further analysis and evaluation of information security and victimization of cybercrime, and are also applicable to facilitating strategic planning and decision making. Originality/Value: Based on the review of the current corporate state, this paper presents baseline information and security situations in the business environment and evaluates the efficiency of information security as a business tool. Based on the results, contemporary security challenges and organisational guidelines for the future were identified.Namen prispevka: Informacijska varnost mora biti cilj vsake organizacije, ki želi odgovorno slediti tehnološkim trendom. Namen prispevka je analizirati prakso organizacij pri soočanju z informacijskimi tveganji, pojasniti prednosti celovite ureditve informacijske varnosti kot poslovne funkcije in izboljšati razumevanje aktualnih problemov, povezanih z njenim upravljanjem. Metode: Uporabljena je deskriptivna metoda in vsebinska analiza mednarodnih poročil in raziskav, povezanih z informacijsko varnostjo. Ugotovitve pridobljene s komparativno metodo in zaključki so podprti z drugimi strokovnimi viri. Ugotovitve: Zaradi velikega obsega informacijskega premoženja, sofisticiranih informacijskih groženj in heterogene narave varnostnih dejavnikov je učinkovitost informacijske varnosti težko uresničljiv cilj. Ugotavljamo, da je veliko organizacij pri celoviti obravnavi informacijske varnosti šele na začetni stopnji, saj se v praksi podjetja še vedno ukvarjajo z zastarelimi problemi, medtem ko je sledenje uporabniškim trendom zelo aktualno. Takšno stanje predstavlja velik izziv za management organizacij. Praktična uporabnost: Ugotovitve prispevka so uporabne na znanstveno-raziskovalnem področju oz. ravni analiziranja in ocenjevanja informacijske varnosti, viktimizacije ter upravljavskem nivoju, za lažje strateško načrtovanje in sprejemanje odločitev. Izvirnost/pomembnost prispevka: Prispevek s pregledom stanja predstavlja izhodiščno informacijskovarnostno situacijo v poslovnem okolju in podaja oceno razvitosti ter učinkovitosti informacijske varnosti kot poslovne funkcije. Na podlagi analize rezultatov so identificirani tudi sodobni varnostni izzivi in organizacijske smernice za prihodnost

Stališča prebivalcev o varnosti kolesarjev in kolesarski infrastrukturi v Mestni občini Celje

Purpose: The paper presents the results of two research studies analysing the views of different target populations on cyclist safety and the adequacy of preventive measures in Slovenia. The purpose of both research studies was to identify the shortcomings of different approaches to ensuring cyclist safety, evaluate the adequacy of planned solutions and propose some improvements of preventive actions taken by various stakeholders. Design/Methods/Approach: A field survey was conducted among the residents of the City Municipality of Celje (n = 171) on their satisfaction with cyclist safety, while an online survey was carried out among internet users (n = 210) on the usefulness of an alternative approach to raise cyclists’ awareness by digitising cycling routes and safety risks. Findings: Results show that respondents are generally not satisfied with cyclist safety, as most believe that municipal efforts are insufficient to ensure it. It was observed that cycling infrastructure needs to be properly regulated and that a positive traffic culture should be promoted at the municipal level, including through the promotion of preventive activities. Both internet users and local residents recognise a strong need to digitise cycle paths by indicating safety risks. Therefore, it would be reasonable to upgrade conventional approaches to raising public awareness by introducing solutions that are useful for cyclists. Research Limitations / Implications: The limitation of the research study arises from the fact that its results cannot be generalised to all municipalities, since they apply different approaches to ensuring cyclist safety due to their autonomy and are facing different safety risks. Moreover, due to the use of a non-random sample, caution is necessary when generalising research results. Practical Implications: The results of the presented studies are primarily useful to decision-makers and infrastructure managers at national and local level when planning changes and safety measures in the field of cyclist safety. Originality/Value: The paper encompasses two studies, the findings of which complement one another substantially and provide a deeper insight into the issues of cyclist safety and preventive actions taken by different stakeholders. They serve as a basis for further exploring this issue in different local environments with a view of obtaining a more comprehensive insight into the key challenges of traffic safety from a broader perspective.Namen prispevka: V prispevku predstavljamo rezultate raziskav, s katerima smo analizirali stališča različnih ciljnih populacij o kolesarski varnosti in primernosti preventivnih ukrepov v Sloveniji. Namen raziskav je ugotoviti pomanjkljivosti v pristopih k zagotavljanju varnosti kolesarjev, oceniti primernost načrtovanih rešitev in predlagati izboljšave na področju preventivnega ukrepanja različnih deležnikov. Metode: V okviru prispevka smo izvedli terensko raziskavo med prebivalci Mestne občine Celje (n = 171) o zadovoljstvu z urejenostjo kolesarske varnosti in spletno anketo med uporabniki spleta (n = 210) o uporabnosti alternativnega pristopa k ozaveščanju kolesarjev skozi digitalizacijo kolesarskih poti in varnostnih tveganjih. Ugotovitve: Rezultati kažejo, da anketiranci na splošno niso zadovoljni z varnostjo kolesarjev, saj večina meni, da občina za varnost kolesarjev ne naredi dovolj. Ugotavljamo, da je na ravni občine treba zagotoviti ustrezno urejenost kolesarske infrastrukture in spodbujati kulturo udeležencev v cestnem prometu, tudi skozi spodbujanje preventivnega ukrepanja. Uporabniki spleta kot tudi prebivalci Mestne občine Celje prepoznavajo visoko potrebo po digitalizaciji kolesarskih poti z označbo varnostnih tveganj, zato je smiselno klasične pristope k ozaveščanju javnosti nadgraditi z rešitvami, ki so uporabne za kolesarje. Omejitve/uporabnost raziskave Omejitev raziskave je v tem, da je ne gre posplošiti na vse občine, saj občine zaradi svoje suverenosti različno pristopajo k zagotavljanju varnosti kolesarjev, prav tako pa se v vsaki občini pojavljajo različna varnostna tveganja. Obenem je zaradi neslučajnostnega vzorca potrebna previdnost tudi pri posploševanju rezultatov raziskave. Praktična uporabnost: Rezultati prispevka so primarno uporabni za odločevalce in upravljavce na državni ravni ter lokalni ravni pri načrtovanju sprememb in varnostnih ukrepov na področju varnosti kolesarjev. Izvirnost/pomembnost prispevka: Prispevek vključuje raziskavi, katerih ugotovitve se pomembno dopolnjujejo in omogočajo globlji vpogled v problematiko varnosti kolesarjev ter preventivnega ukrepanja različnih deležnikov. Prispevek predstavlja podlago za nadaljnje raziskovanje tovrstne problematike v različnih lokalnih okoljih za pridobitev celovitejšega vpogleda v ključne izzive prometne varnosti na širši ravni

The Influence of Social Networks on the Dynamics of Protests

Namen prispevka: Namen prispevka je predstaviti dinamiko protestnih gibanj v kontekstu tehnologije in spletnih storitev. Množična gibanja so se v zadnjem desetletju zaradi vpliva sodobne tehnologije spremenila v strukturi, organizaciji, komunikaciji in razširjenosti, kar potrjujejo tudi nedavni protesti v Sloveniji. Metode: Splošne ugotovitve so podane na podlagi analize teoretičnih predpostavk in praktičnih primerov. Podpiramo jih z raziskavo o vplivu spletnih socialnih omrežij na slovenske proteste, kjer je bila uporabljena kvantitativna metoda zbiranja podatkov med uporabniki socialnega omrežja Facebook. Ugotovitve: Primeri iz prakse kažejo, da so se pri organizaciji aktivističnih organizacij in kolektivnih akcij spletna socialna omrežja izkoriščala za širjenje idej, sporočil in pozivov ter rekrutiranje podpornikov. Ker je tehnologija postala integriran del množičnih gibanj, so se v zadnjih letih pogosto pojavljale ideje po njenem strožjem nadzoru ali celo prepovedi, vendar je to neprimeren odziv, saj je uporaba tehnologije in spleta temeljna človekova pravica, hkrati pa omejitve ne vplivajo na zaviranje kolektivnih akcij. Negativnega vpliva spletnih storitev na aktivnosti podpornikov, skozi analizo podatkov in strokovnih virov, ni bilo moč zaznati. Omejitve/uporabnost raziskave: Glavne omejitve se kažejo v omejenosti raziskave na slovenski prostor in uporabnike socialnega omrežja Facebook, medtem ko drugih spletnih storitev v raziskavo nismo zajeli. Ugotavljamo, da je omenjeno omrežje pripomoglo k širjenju protestnih sporočil in pozivanju ljudi k aktivni udeležbi. Prav tako se je uporabljalo za organizacijo aktivnih podpornikov, med splošno populacijo pa kot vir informiranja o preteklih in prihodnjih dogodkih. Izvirnost/pomembnost prispevka: Izvirnost prispevka se kaže v tem, da je glede na trenutna dogajanja aktualen in daje vpogled v vlogo socialnih omrežij tudi v kontekstu slovenskih protestov.Purpose: The purpose of this article is to deal with the dynamics of protest movements in the context of technology and web services. In the last decade, mass movements have changed in structure, organization, communication and their extent due to the influence of modern technology. This was also confirmed in the latest Slovenian protests. Design/Methods/Approach: The analysis of theoretical resources and practical examples was conducted, as well as a research about the influence of social networks on the dynamics of protests in Slovenia. We used a quantitative method of gathering necessary data amongst users of Facebook. Findings: The practical examples show that online social networks mostly play a key role in organizing of activist organizations and collective actions with the spread of ideas, messages and invitations as well as the gathering of supporters. Since the technology became an integrated part of the mass movements, there have been ideas to introduce a stricter control on it or even to ban it. However, this happened to be an inappropriate reaction because the use of technology and web is a basic human right. What is more, the restrictions do not influence the prevention of collective actions. The data analysis and technical literature have not showed any negative influence of web services on the activities of supporters. Research Limitations/Implications: The research is limited to Slovenian environment and users of specific social network, while other social media weren’t included. The research showed that the social network Facebook has played a significant role in the organization of those protests, especially in spreading of the protest messages and inviting people to active participation. Furthermore, Facebook contributed to organizing of active supporters, while the general population used it as an information resource on the past as well as current happenings. Originality/Value: The article has an original value, because it’s up to date in the context of current Slovenian relations. It also gives an insight into the role of social media in the development and dynamics of Slovenian protests

MULTI-CRITERIA MODEL FOR EFFECTIVE INFORMATION SECURITY IN ORGANISATIONS

Informatizacija poslovnih procesov spreminja koncepte zagotavljanja organizacijske varnosti. V doktorski disertaciji pojasnimo, kako v sodobnem poslovnem svetu pristopiti k upravljanju informacijske varnosti, kakšen je njen vpliv na poslovni uspeh in kako presoditi njeno zrelost. V situaciji, ko se evolucija informacijskih groženj odvija ob boku težkih gospodarskih razmer, je namreč veliko organizacij nesposobnih obvladovanja informacijskih tveganj in hkrati slediti tehnološkim trendom. Ugotovitve doktorske disertacije predstavljajo pristop k zagotavljanju tega ravnovesja, uporabne pa so za lastnike podjetij, managerje, strokovni kader in ostalo zainteresirano javnost. Ugotavljamo, da je upravljanje informacijske varnosti omejeno predvsem zaradi slabe informacijske podpore pri načrtovanju. Tiste organizacije, ki ne ugotavljajo izhodiščne situacije in presojajo uspešnosti ter učinkovitosti varnosti, ne morejo doseči skladnosti med operativnimi ukrepi, varnostnimi potrebami ter organizacijsko strategijo. V ospredje razprave zato postavljamo presojanje kakovosti informacijske varnosti. To področje proučujemo skozi prizmo poslovne funkcije, izhodišče pa predstavljajo priporočila iz področja varovanja informacijskih tehnologij, sledijo teorije sistemov, preprečevanja groženj/kriminalitete, managementa ter organizacije. Glavni rezultat je interdisciplinarni model ocenjevanja informacijsko varnostne kompetentnosti organizacij. V procesu razvijanja celovitega pristopa k presoji stanja informacijske varnosti, smo identificirali ukrepe, ki v stroki veljajo za uspešne in učinkovite. Z raziskavo izvedeno med strokovnjaki v Sloveniji, smo analizirali veljavnost izbranih ukrepov in njihov vpliv na kakovost informacijske varnosti. Glede na priporočila je v začetnih fazah treba najprej poskrbeti za represivno-nadzorne in logične kontrole, v nadaljevanju pa za strateške, socialne, organizacijske, normativne in okoljske vidike. Rezultat raziskave je odločitveno orodje, sestavljeno iz desetih faktorjev in 100 unikatno uteženih indikatorjev merjenja. Z uporabo modela se organizacije razvrstijo v enega izmed šestih razredov učinkovitosti, kjer so podana priporočila za izboljšanje stanja. Z namenom evalvacije uporabnosti predlagane rešitve smo z dodatno raziskavo model praktično testirali. Implementirali smo ga v majhen vzorec srednje-velikih organizacij in ugotovili, da je v teh organizacijah informacijska varnost v začetnih razvojnih fazah. Z izjemo fizičnih, tehničnih in logičnih kontrol, so najvplivnejši kriteriji najmanj razviti, izmed vseh področij pa se največje težave kažejo pri izvajanju analiz informacijskih tveganj. Ob upoštevanju tehnološkega konteksta organizacij, s katerim smo normirali indeksirane rezultate, se je pokazalo, da 25 % organizacij skrbi samo za osnovne vidike, 40 % sodi v srednji nivo, 35 % pa lahko ocenimo kot dobre prakse. Glede na razvitost ukrepov je 60 % proučevanih organizacij v reaktivni drži, generalno pa večina razvija približno polovico ukrepov v modelu. S primerjavo enot smo ugotovili, kateri faktorji ločujejo učinkovite organizacije od neučinkovitih, z analizo korelacij pa razvili priporočila za nadaljnje ukrepe. Evalvacija je pokazala tudi, da je model uporaben za sprejemanje odločitev pri internih evalvacijah – študije primerov ali analize splošnega stanja na večjih vzorcih.In the course of this thesis, we aim to resolve three questions: how to approach information security management effectively and efficientlywhat is the impact of this security function on overall business successand how to prove security maturity through performance measurements. In today’s corporate world, many organisations are challenged by their inability to successfully manage information security risks while trying to keep up with the trends of technological development. The findings of this doctoral dissertation deliver an answer that is intended for those who are interested in how to systematically advance information security in a manner that contributes to functional balance. We hypothesise and prove that information security management currently lacks proper information support. Organisations that are not capable to perform analytics of security performance, cannot achieve compliance between the operational measures, security needs, and organisational strategy. Since the area has been studied through the lens of business functions, the starting points for developing a solution were based on the recommendations of IT professionals, followed by the system, threat prevention, and organisational theories. Observations made within security literature and research, legislation, and standards suggest that there are ten key areas that should be addressed when trying to manage the information security risks. We identified numerous preventive and reactive technical and management oriented security measures that should be incorporated to a security system. In the scope of initial research conducted among security experts, we analysed the validity and significance of those security measures for information security performance. The obtained data made it possible to weigh the variables in terms of their impact. The final outcome is a decision-making tool (10×10 information security performance model) which consists of ten critical success factors and 100 unique, weighted key performance indicators. In applying this model, the organisation is categorised through six levels of maturity that determine which measures should be developed for improvement. We also aimed to validate the utility of the proposed approach, so the second research applied the 10×10 model to a small sample of organisations. We learned that information security in those organisations remains in its initial development stages. With the exception of physical, technical and logical controls, the most influential criteria are the least developed. In fact, the biggest problems are reflected in the management and analysis of information risks. These controls include a variety of approaches to measurement of information security, which confirms the significance of the study undertaken. Taking account of the technological context of the organisations, the graph of the situation shows that 25% of the units only catered to their most basic security needs, 40% made it to the intermediate level, and 35% were recognised as good practices. The results showed that most of these organisations develop only half of recommended security measures in the model. By benchmarking the organisations, we identified which factors separate efficient organisations from inefficient ones and by analysing correlations between factors, we developed recommendations for further development. The most important impact of this study is that the presented model makes an original contribution to social science as well as to the field of IT security. It reaches beyond the limitations of previous studies that merely focused on isolated information security dimensions which are, in fact, interconnected. The added value of this study is seen in the development process, as the model also considers the opinion of experts, while proving its practicality and validity. It is useful for decision-making in the context of internal evaluations or analyses of the overall situation in larger samples