5th Food Safety and Security Symposium: food and health

Abstract The 5º Simpósio de Segurança Alimentar (5th Food Safety and Security Symposium) was held in May, 2015, in Bento Gonçalves, RS, Brazil with the objective of discussing the interrelation between food and health, in various perspectives. This paper reviews the state of the art regarding all the issues discussed during the Symposium, connecting them with the lectures presented at the conference. As final remarks, it was perceived that the interrelation between food and health is growing stronger and cannot be discussed without involving the different areas involved.

Perceptions of corporate social responsibility: A case study of the perceived contents and outcomes

CSR has been subject of broad debate and research over the decades and has gained attention recently. The purpose of this thesis is to find out how companies perceive CSR. In addition this thesis is researching what is CSR in Finnish companies, how do companies measure CSR, what are the effects of CSR and how companies perceive those effects and what actors and factors support CSR. This research is a case study where altogether nine informants from seven companies were interviewed. This research is qualitative case study implemented with theme interviews. The analysis method is content analysis. Several interesting issues emerged from the empirical findings. CSR is playing pivotal role in companies values, vision and mission. CSR was perceived differently in companies but also mutual points emerged. The role of stakeholders is essential in CSR. In addition the communication with stakeholders was seen very important. Companies perceived that they can gain many benefits when acting responsibly for instance in issues related to cost reduction, reputation and personnel. However measuring these effects from CSR point of view was seen challenging. Other CSR related challenges are for example change and lack of resources. When considering empirical findings from a theoretical point of view, three interesting issues emerged. CSR reports play an important role in measuring and developing of CSR. However, this is not the case with all companies and some of them argued that reporting has too much attention nowadays when talking about CSR. The benefits of CSR are mostly related to responsive CSR. However maybe in a long-term follow-up strategic CSR related competitive advantage benefits could be more easily noticed. Many different issues supported CSR. Some issues are driven by outside of companies like NGO`s and media and some inside like the motivation of personnel and management. Vastuullista liiketoimintaa on tutkittu vuosien saatossa laajalti ja se on saanut viime vuosina erityisen paljon huomiota. Tämän pro gradu –tutkielman tavoitteena on selvittää, miten yritykset kokevat vastuullisen liiketoiminnan. Tämän lisäksi tutkimuksessa selvitetään, mitä vastuullinen liiketoiminta suomalaisissa yrityksissä tarkoittaa, miten yritykset mittaavat omaa vastuullisuuttaan, mitkä ovat vastuullisuuden vaikutukset, miten yritykset kokevat vastuullisuuden vaikutukset ja mitkä tekijät tukevat vastuullisen liiketoiminnan syntyä. Tutkimus toteutettiin haastattelemalla yhdeksää suomalaisen yrityksen yritysvastuusta vastaavaa tai sen kanssa työskentelevää henkilöä seitsemästä eri organisaatiosta loppuvuodesta 2014 ja alkuvuodesta 2015. Tutkimus on laadullinen, teemahaastatteluilla toteutettu haastattelututkimus. Aineisto on analysoitu teemoittain. Tutkimusaineiston perusteella vaikuttaa siltä, että vastuullinen liiketoiminta on tärkeässä roolissa yritysten arvoissa, visiossa ja missiossa. Yritysvastuu koettiin yrityksissä erilailla, mutta myös yhtäläisyyksiä on nähtävissä. Sidosryhmien rooli on erittäin tärkeä yritysvastuusta puhuttaessa ja myös kommunikointi sidosryhmien kanssa nousi tärkeäksi aiheeksi. Yritykset kokivat saavuttavansa monia hyötyjä vastuullisesta toiminnasta kuten kustannussäästöihin, maineeseen ja työntekijöihin liittyvissä asioissa. Näiden hyötyjen mittaaminen yritysvastuun näkökulmasta koettiin kuitenkin haasteelliseksi. Muita vastuullisuuteen liittyviä haasteita olivat esimerkiksi siihen liittyvä muutos sekä niukat resurssit. Tutkimuksen johtopäätöksistä nousi esille kolme merkittävää seikkaa. Vastuullisuusraportoinnin koettiin olevan hyödyllinen yritysvastuun mittaamisessa ja kehittämisessä. Kaikki yritykset eivät kuitenkaan olleet tätä mieltä ja osa koki raportoinnin saavan liian paljon huomiota nykypäivänä. Yritysten kokemat hyödyt vastuullisuuteen liittyen syntyivät pääosin reaktiivisesta vastuullisuudesta. Tässä kohdin on kuitenkin huomionarvoista mainita, että strategisen vastuullisuuden hyödyt olisivat saattaneet nousta paremmin esille pidemmän aikavälin tutkimuksessa. Yritysvastuun syntyä tukevia tekijöitä löytyi monia. Osa tekijöistä oli yrityksen ulkopuolisia kuten kansalaisjärjestöt ja media ja jotkut taas kumpusivat yrityksen sisältä esimerkiksi työntekijöiden ja johdon motivaatio.

Enhancing Security of Linux OS against Administrators

Inside cyber security threats by system administrators are some of the main concerns of organizations about the security of systems. Since operating systems are controlled and managed by fully trusted administrators, they can negligently or intentionally break the information security and privacy of users and threaten the system integrity. In this thesis, we propose some solutions for enhancing the security of Linux OS by restricting administrators’ access to superuser’s privileges while they can still manage the system. We designed and implemented an interface for administrators in Linux OS called Linux Admins’ User Interface (LAUI) for managing the system in secure ways. LAUI along with other security programs in Linux like sudo protect confidentiality and integrity of users’ data and provide a more secure system against administrators’ mismanagement. In our model, we limit administrators to perform managing tasks in secure manners and also make administrators accountable for their acts. In this thesis we present some scenarios for compromising users’ data and breaking system integrity by system administrators in Linux OS. Then we evaluate how our solutions and methods can secure the system against these administrators’ mismanagement.

New threats - old routines : bureaucratic adaptability in the security policy environment

Within the framework of state security policy, the focus of this dissertation are the relations between how new security threats are perceived and the policy planning and bureaucratic implementation that are designed to address them. In addition, this thesis explores and studies some of the inertias that might exist in the core of the state apparatus as it addresses new threats and how these could be better managed. The dissertation is built on five thematic and interrelated articles highlighting different aspects of when new significant national security threats are detected by different governments until the threats on the policy planning side translate into protective measures within the society. The timeline differs widely between different countries and some key aspects of this process are also studied. One focus concerns mechanisms for adaptability within the Intelligence Community, another on the policy planning process within the Cabinet Offices/National Security Councils and the third focus is on the planning process and how policy is implemented within the bureaucracy. The issue of policy transfer is also analysed, revealing that there is some imitation of innovation within governmental structures and policies, for example within the field of cyber defence. The main findings of the dissertation are that this context has built-in inertias and bureaucratic seams found in most government bureaucratic machineries. As much of the information and planning measures imply security classification of the transparency and internal debate on these issues, alternative assessments become limited. To remedy this situation, the thesis recommends ways to improve the decision-making system in order to streamline the processes involved in making these decisions. Another special focus of the thesis concerns the role of the public policy think tanks in the United States as an instrument of change in the country’s national security decision-making environment, which is viewed from the perspective as being a possible source of new ideas and innovation. The findings in this part are based on unique interviews data on how think tanks become successful and influence the policy debate in a country such as the United States. It appears clearly that in countries such as the United States think tanks smooth the decision making processes, and that this model with some adaptations also might be transferrable to other democratic countries.

Threat modeling a factory environment using Microsoft Security Development Lifecycle methodology

The number of security violations is increasing and a security breach could have irreversible impacts to business. There are several ways to improve organization security, but some of them may be difficult to comprehend. This thesis demystifies threat modeling as part of secure system development. Threat modeling enables developers to reveal previously undetected security issues from computer systems. It offers a structured approach for organizations to find and address threats against vulnerabilities. When implemented correctly threat modeling will reduce the amount of defects and malicious attempts against the target environment. In this thesis Microsoft Security Development Lifecycle (SDL) is introduced as an effective methodology for reducing defects in the target system. SDL is traditionally meant to be used in software development, principles can be however partially adapted to IT-infrastructure development. Microsoft threat modeling methodology is an important part of SDL and it is utilized in this thesis to find threats from the Acme Corporation’s factory environment. Acme Corporation is used as a pseudonym for a company providing high-technology consumer electronics. Target for threat modeling is the IT-infrastructure of factory’s manufacturing execution system. Microsoft threat modeling methodology utilizes STRIDE –mnemonic and data flow diagrams to find threats. Threat modeling in this thesis returned results that were important for the organization. Acme Corporation now has more comprehensive understanding concerning IT-infrastructure of the manufacturing execution system. On top of vulnerability related results threat modeling provided coherent views of the target system. Subject matter experts from different areas can now agree upon functions and dependencies of the target system. Threat modeling was recognized as a useful activity for improving security.

Finland's security in a changing Europe : a historical perspective

Finnish Defence Studies is published under the auspices of the National Defence College, and the contributions reflect the fields of research and teaching of the College. Finnish Defence Studies will occasionally feature documentation on Finnish Security Policy. Views expressed are those of the authors and do not necessarily imply endorsement by the National Defence College.