The information security policy unpacked:a critical study of the content of university policies

Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.

Dialogue, partnership and empowerment for network and information security:the changing role of the private sector from objects of regulation to regulation shapers

The protection of cyberspace has become one of the highest security priorities of governments worldwide. The EU is not an exception in this context, given its rapidly developing cyber security policy. Since the 1990s, we could observe the creation of three broad areas of policy interest: cyber-crime, critical information infrastructures and cyber-defence. One of the main trends transversal to these areas is the importance that the private sector has come to assume within them. In particular in the area of critical information infrastructure protection, the private sector is seen as a key stakeholder, given that it currently operates most infrastructures in this area. As a result of this operative capacity, the private sector has come to be understood as the expert in network and information systems security, whose knowledge is crucial for the regulation of the field. Adopting a Regulatory Capitalism framework, complemented by insights from Network Governance, we can identify the shifting role of the private sector in this field from one of a victim in need of protection in the first phase, to a commercial actor bearing responsibility for ensuring network resilience in the second, to an active policy shaper in the third, participating in the regulation of NIS by providing technical expertise. By drawing insights from the above-mentioned frameworks, we can better understand how private actors are involved in shaping regulatory responses, as well as why they have been incorporated into these regulatory networks.

A simple remote sensing based information system for monitoring sites of conservation importance

Monitoring is essential for conservation of sites, but capacity to undertake it in the field is often limited. Data collected by remote sensing has been identified as a partial solution to this problem, and is becoming a feasible option, since increasing quantities of satellite data in particular are becoming available to conservationists. When suitably classified, satellite imagery can be used to delineate land cover types such as forest, and to identify any changes over time. However, the conservation community lacks (a) a simple tool appropriate to the needs for monitoring change in all types of land cover (e.g. not just forest), and (b) an easily accessible information system which allows for simple land cover change analysis and data sharing to reduce duplication of effort. To meet these needs, we developed a web-based information system which allows users to assess land cover dynamics in and around protected areas (or other sites of conservation importance) from multi-temporal medium resolution satellite imagery. The system is based around an open access toolbox that pre-processes and classifies Landsat-type imagery, and then allows users to interactively verify the classification. These data are then open for others to utilize through the online information system. We first explain imagery processing and data accessibility features, and then demonstrate the toolbox and the value of user verification using a case study on Nakuru National Park, Kenya. Monitoring and detection of disturbances can support implementation of effective protection, assist the work of park managers and conservation scientists, and thus contribute to conservation planning, priority assessment and potentially to meeting monitoring needs for Aichi target 11.

Lessons learned from INTAMAP, an interoperable web service for the real-time interpolation of environmental variables

Interpolated data are an important part of the environmental information exchange as many variables can only be measured at situate discrete sampling locations. Spatial interpolation is a complex operation that has traditionally required expert treatment, making automation a serious challenge. This paper presents a few lessons learnt from INTAMAP, a project that is developing an interoperable web processing service (WPS) for the automatic interpolation of environmental data using advanced geostatistics, adopting a Service Oriented Architecture (SOA). The “rainbow box” approach we followed provides access to the functionality at a whole range of different levels. We show here how the integration of open standards, open source and powerful statistical processing capabilities allows us to automate a complex process while offering users a level of access and control that best suits their requirements. This facilitates benchmarking exercises as well as the regular reporting of environmental information without requiring remote users to have specialized skills in geostatistics.