Fostering Information Security Culture In Organizations: A Research Agenda

Information security is a major challenge for organizations due to the proliferation of digitization and constant connectivity. It is becoming widely accepted that raising an information security culture, meaning instilling security behaviour in people interacting with ICTs, is key to maintaining a healthy security posture. However the academic field of information security culture has been described as immature, lacks empirical validation, while the constituents of the concept as well as methods, tools, frameworks and metrics for fostering and evaluating it within organisations remain elusive. This pa- per, based on a critical analysis of relevant literature and practice, provides a research agenda of critical issues that need to be addressed so that users, from security’s weakest link, become an important actor for proactive information security. These issues include the need for proper and employable definitions of information security culture and the need to explore the existence of security subcultures, the need to develop frameworks, tools and metrics for guiding, evaluating and comparing security culture raising programs, the need to explore the interplay between organisational elements (including organisational structure, type and management practices) and security culture, the need to identify the impact of security culture in issues such as innovation adoption, the need to investigate the influence of national and organisational culture on security culture and so on

Addressing Organisational, Individual and Technological Aspects and Challenges in Information Security Management: Applying a Framework for a Case Study

This study investigates information security management challenges in a large organisation. The aim of this study is to apply the Technological-Organisational-Individual (TOI) Framework in this organisation to determine to what extent current security management practices are informed by findings of relevant literature and standards on information security incorporated in the framework. The TOI framework is used to map factors influencing security behavior to current practices applied by the organisation and to analyse them. Conclusions suggest that some factors that play a critical role in information security management are not adequately covered. This study also aims to provide recommendations to security managers on how to address these factors to implement security management practices that can improve ISP compliance, and inform literature on any additional security management practices. Further, this study includes insights into how organisations may exploit key strengths in applying information security management to achieve good security behaviour among their employees and take an adaptive approach to changing conditions, such as teleworking

Profiling with Big Data: Identifying Privacy Implication for Individuals, Groups and Society

User profiling using big data raises critical issues regarding personal data and privacy. Until recently, privacy studies were focused on the control of personal data; due to big data analysis, however, new privacy issues have emerged with unidentified implications. This paper identifies and investigates privacy threats that stem from data-driven profiling using a multi-level approach: individual, group and society, to analyze the privacy implications stemming from the generation of new knowledge used for automated predictions and decisions. We also argue that mechanisms are required to protect the privacy interests of groups as entities, independently of the interests of their individual members. Finally, this paper discusses privacy threats resulting from the cumulative effect of big data profiling

Disadvantaged neighbourhoods and young people not in education, employment or training at the ages of 18 to 19 in England

There is a growing interest among researchers in the impact of locality on young people who are inactive and not engaged in education, employment or training (NEETs). Previous research on this, however, is rather limited and does not account for a number of characteristics that mediate the effects of disadvantaged neighbourhoods on transition outcomes. This study investigates the effects of neighbourhood context on young people who experience NEET status at the ages 18 to 19 in one cohort born in 1989/90 in the Longitudinal Study of Young People in England (LSYPE). The analyses control for a wide range of factors which may affect NEET status. Drawing on previous sociological theories, we develop a theoretical framework that specifies four levels of influence on young people’s development: individual, family, school and peer group characteristics. Potential pathways between neighbourhood context and individual outcomes are explored using a logistic regression model. We demonstrate that there is a higher probability for young people who live in high-crime areas to become NEETs in comparison to those who live in less-deprived areas

An Evaluation Framework for Privacy Impact Assessment Methods

Privacy Impact Assessment (PIA) methods guide the implementation of Privacy-by-Design principles and are provisioned in the European Union’s General Data Protection Regulation. As implementing a PIA is still an intricate task for organizations, this paper provides a critical review and assessment of generic PIA methods proposed by related research, Data Protection Authorities and Standard’s Or-ganizations. The evaluation framework is based on a comprehensive set of criteria elicited through a systematic analysis of relevant literature. This paper also identifies elements of PIA methods that re-quire further support or clarification as well as issues that still remain open, such as the need for im-plementation of supporting tools

Data Breach Notification: Issues and Challenges for Security Management

Several high-profile personal data breaches have triggered a discussion among privacy advocates, security practitioners, corporate managers and politicians on what role regulation should play in how companies and organisations protect data. The self-regulation paradigm fails to reinforce individuals’ right to information and foster proactive risk management as incident-related information is communicated informally and on a voluntary basis. Lately (April 2016) the European Parliament adopted a reformed General Data Protection Regulation (GDPR) which regulates data breach notification. This paper analyzes the current status in information security incident management, describes the data breach notification mandate introduced by the GDPR and discusses its impact on the accountability and transparency of organisations, the amplification of the security function in organisations and the security market and the reinforcement of situational awareness. This paper also identifies enablers and barriers to compliance and highlights the key challenges that governments and organisations need to address for effective incident management, in the context of the new regulation paradigm

Aligning Security Awareness With Information Systems Security Management

This paper explores the way information security awareness connects to the overall information security management framework it serves. To date, the formulation of security awareness initiatives has tended to ignore the important relationship with the overall security management context, and vice versa. In this paper we show that the two processes can be aligned so as to ensure that awareness activities serve the security management strategy and that security management exploits the benefits of an effective awareness effort. To do so, we analyze the processes of security awareness and security management using a process analysis framework and we explore their interactions. The identification of these interactions results in making us able to place awareness in a security management framework instead of viewing it as an isolated security mechanism

IMPLEMENTATION CHALLENGES FOR INFORMATION SECURITY AWARENESS INITIATIVES IN E-GOVERNMENT

With the widespread adoption of electronic government services, there has been a need to ensure a seamless flow of information across public sector organizations, while at the same time, maintaining confidentiality, integrity and availability. Governments have put in place various initiatives and programs including information security awareness to provide the needed understanding on how public sector employees can maintain security and privacy. Nonetheless, the implementation of such initiatives often faces a number of challenges that impede further take-up of e-government services. This paper aims to provide a better understanding of the challenges contributing towards the success of information security awareness initiatives implementation in the context of e-government. Political, organizational, social as well as technological challenges have been utilized in a conceptual framework to signify such challenges in e-government projects. An empirical case study conducted in a public sector organization in Greece was exploited in this research to reflect on these challenges. While, the results from this empirical study confirm the role of the identified challenges for the implementation of security awareness programs in e-government, it has been noticed that awareness programmers often pursue different targets of preserving security and privacy, which sometimes results in adding more complexity to the organization

Πατερική και σύγχρονη ερμηνεία της Παύλειας φράσης «Πάντα μοι ἔξεστιν ἀλλ’ οὐ πάντα συμφέρει·» (Α' Κορ. 6,12)

Η εργασία εστιάζει στην Παύλεια φράση «Πάντα μοι ἔξεστιν ἀλλ’ οὐ πάντα συμφέρει·» (Α΄Κορ. 6,12). Μέσω της κριτικής μελέτης των σχετικών πατερικών και σύγχρονων ερμηνευτικών θέσεων καθώς και περιπτώσεων χρήσης της φράσης στην εκκλησιαστική παράδοση κι ορθόδοξη εκκλησία, η παρούσα έρευνα επιδιώκει να αναδειχτούν οι πιθανές εκφραζόμενες θέσεις του απ.Παύλου και να διερευνηθεί η διαχρονική σημαντικότητα της φράσης του για τον ορθόδοξο χριστιανό. Τα αποτελέσματα ανέδειξαν ότι η φράση αποτελεί έκφραση σημαντικών χριστιανικών θεολογικών θέσεων του απ. Παύλου, σχετίζεται με το θέμα της ελευθερίας όπως αυτή νοείται στη χριστιανική προσέγγιση, ενώ αναδείχτηκε η διαχρονικότητα της επίδρασης της φράσης καθώς οι ερμηνευτικές δυνατότητες που αυτή έχει για τον αναγνώστη βάσει των προσωπικών βιωμάτων και γνώσεών του.The postgraduate thesis focuses on Paul’s phrase «Πάντα μοι ἔξεστιν ἀλλ’ οὐ πάντα συμφέρει·» (1 Cor., 6.12). Through the critical study of the Holly Fathers and modern interpretations as well as cases of use of the phrase in ecclesiastical tradition and orthodox church, the reseqrch tries to highlight the possible Apostle Paul’s expressed positions and to investigate the timeless significance of his phrase for the orthodox christian. The results showed that the phrase is an expression of important theological positions of ap.Paul, is related to the issue of freedom as it is understood in the Christian approach, while highlighting the timeless of the effect of the phrase as well as the interpretive possibilities it has for the reader based on his personal experiences and knowledge