883 resultados para security policy assessment
Resumo:
Summary. Food security remains a critical issue for the international community. Although significant and positive steps have been taken towards worldwide food governance in recent years, this Policy Brief argues that more can and should be done in the coming years. Additional actions that policy-makers could consider range from enhancing understanding between different actors and improving the engagement of civil society to the extension of capacity-building efforts, regulatory stability and sufficient access to credit. When taken together in a search for strategic policy coordination, these actions offer the possibility to dramatically improve global food security.
Resumo:
The Lisbon Treaty has introduced significant changes in the field of EU security and defence. On the one hand, important institutional reforms, such as the creation of a renewed High Representative, have of course a great impact on this policy field. On the other hand, the Lisbon Treaty has also introduced specific innovations in the security and defence of the European Union. The mutual defence clause and the new mechanisms for flexible cooperation such as the permanent structured cooperation, are only some of the key innovations. Generally, the European Security and Defence Policy receives its own section in the Treaty on European Union and is rebranded as Common Security and Defence Policy. Thus, the Lisbon Treaty sets the objective for a common policy in this field. However, does this reform really provide for the means for the realization of such a common policy? Furthermore, does the Lisbon Treaty increase the importance of CSDP or is the increasing importance of this policy field just reflected in the Treaty text? These are the main questions that the present paper attempts to address through the analysis of the new institutional setting of the post-Lisbon security and defence policy, as well as through the examination of the specific innovations in this area.
Resumo:
The European Union has developed new capacity as a security actor in third countries, in particular in the area of crisis management. Over the past two decades the EU has deployed numerous missions, both of a civilian and military nature. Moreover the EU has defined its ability to intervene all along the ‘crisis cycle’, (from prevention to mediation, from peace-keeping to post-conflict reconstruction) and using all tools at its disposal (taking a ‘comprehensive approach’). However the EU is still not perceived as a major security provider globally and interventions remain limited to some geographic areas, mostly in its neighbourhood and Africa, with just a few examples further afield. The EU also tends to avoid taking direct action and seems to prefer partnership arrangements with other players. How can we explain the growing activism and number of EU’s intervention with the low impact and lack of visibility? Can we expect the EU to become more active in the future, taking on more responsibility and leading roles in addressing conflict situations? This paper will argue that the main reason for the EU’s hesitant role in crisis management is to be found in the weak decision-making provisions for EU’s security interventions, as one of the few policy areas still subject to consensus amongst 28 European Union Member States. Lack of a clearer delegation of competence or stronger coordination structures is closely linked to low legitimacy for the EU to take more robust action as a security actor. In order to overcome this legitimacy problem, and in order to facilitate consensus amongst Member States, the EU thus privileges partnership arrangements with other actors who can provide legitimacy and know-how, such as the UN or the African Union. As there is no political desire in the EU for tighter decision-making in this area, we can expect that the EU will continue to play a supporting rather than leading role in crisis management, becoming the partner of choice as it deepens its experience. However this does not mean that the EU is playing just a secondary role in the wider area of security, in particular when looking at nontraditional security. Looking at the role of the EU in Asia, where the EU has deployed just two missions, this paper will offer a broader assessment of the EU as a partner in the area of security taking into account different types of actions. The paper will argue that in order to strengthen cooperation with Asian partners in the area of crisis management, the EU will need to define better what it is able to offer, present its actions as part of an overall strategy rather than ad-hoc and piecemeal, and enter into partnership arrangements with different players in the region.
Resumo:
FOREWORD. When one looks at the present state of the CSDP, one cannot help but look on with disenchantment at the energy that appears to have abandoned both institutions and Member States. Commentators increasingly take for granted that nothing much should be expected from this field of EU policy. The reasons for this state of mind are well known: the recent economic and financial strains, which have impacted all EU action since 2008, means that most of the Member States will struggle to keep their defence budgets at their present level in the future, and we may even see reductions. Furthermore, and to put it mildly, most of the recent CSDP operations have also experienced a lack of enthusiasm. Adding to this overall trend, the EU is far from presenting a common vision of what security and defence should really mean. Many of the Member States do not want to be involved in all of today’s international turmoils, and they rarely share the strategic culture which inspires those Member States who see themselves as having special responsibilities in dealing with these crises. In the end it may be that Member States diverge fundamentally on the simple question of whether it is relevant for the EU to engage in most of the ‘hot’ crises Europe faces; many prefer to see Europe as a soft power, mostly dedicated to intervening on less dramatic fronts and more inclined to mend than to fight. For whatever reason given, it remains that if there is a lack of common understanding on what CSDP should really be about, it should not come as a surprise if this policy is presently in stalemate. As an additional blow, the Ukrainian crisis, which dragged on for the whole of last year, could only add to the downward spiral the EU has been experiencing, with a new Russia aggressively confronting Europe in a manner not too distant from the Cold War days. This attitude has triggered the natural reaction among EU Member States to seek reassurances from NATO about their own national security. Coupled with the return of France a few years ago into the integrated military command, NATO’s renewed relevance has sent a strong message to Europe about the military organisation’s credibility with regard to collective defence. Surprisingly, this overall trend was gathering momentum at the same time as other more positive developments. The European Council of December 2013 dedicated its main session to CSDP: it underlined Europe’s role as a ‘security provider’ while adopting a very ambitious road map for Europe in all possible dimensions of the security sector. Hence the impression of a genuine boost to all EU institutions, which have been invited to join efforts and give CSDP a reinvigorated efficiency. In the same way, the increasing instability in Europe’s neighbourhood has also called for more EU operations: most recently in Iraq, Libya, Northern Nigeria or South Sudan. Pressure for further EU engagement has been one of the most constant features of the discussions taking place around these crises. Moreover, a growing number of EU partners in Asia, Latin America or Eastern Europe have shown a renewed eagerness to join CSDP missions in what sounds like a vote of confidence for EU capacities. What kind of conclusion should be drawn from this contradictory situation? Probably that the EU has much more potential than it can sometimes figure out itself, if only it would be ready to adapt to the new global realities. But, more than anything else, an enhanced CSDP needs from all Member States strong political will and a clear vision of what they want this policy to be. Without this indispensable ingredient CSDP may continue to run its course, as it does today. It may even grow in efficiency but it will keep lacking the one resource that would definitely help it overcome all the present shortcomings that have prevented Europe from finding its true role and mission through the CSDP. Member States remain central to EU security and defence policy. This is why this collection of essays is so valuable for assessing in no uncertain way the long road that lies ahead for any progress to be made. Pierre VIMONT Senior Associate at Carnegie Europe Former Executive Secretary-General of the European External Action Service
Resumo:
Existing studies focus on overall support for European integration while less work has been done on explaining public opinion on specific policy areas, such as the development of the Common Security and Defense Policy (CSDP). We hypothesize that the probability of supporting a CSDP increases with greater levels of trust in the European Union member states, most notably the more powerful members. This variable is critical since integration’s development is influenced strongly by, and dependent on, the resources of the relatively more powerful European member states. Binary logistic regression analyses using pooled repeated cross-sectional data from the Eurobarometer surveys conducted from 1992 to 1997 among individuals of 11 member states largely support these claims.
Resumo:
This article intends to study the evolution of the European Union foreign policy in the Southern Caucasus and Central Area throughout the Post-Cold War era. The aim is to analyze Brussels’ fundamental interests and limitations in the area, the strategies it has implemented in the last few years, and the extent to which the EU has been able to undermine the regional hegemons’ traditional supremacy. As will be highlighted, the Community’s chronic weaknesses, the local determination to preserve sovereignty and an increasing international geopolitical competition undermine any European aspiration to become a pre-eminent actor at the heart of the Eurasian continent in the near future.
Resumo:
Australia is an increasingly important ally for the United States. It is willing to be part of challenging global missions, and its strong economy and growing self-confi dence suggest a more prominent role in both global and regional affairs. Moreover, its government has worked hard to strengthen the link between Canberra and Washington. Political and strategic affi nities between the two countries have been refl ected in--and complemented by--practiced military interoperability, as the two allies have sustained a pattern of security cooperation in relation to East Timor, Afghanistan and Iraq in the last 4 years. This growing collaboration between the two countries suggests that a reinvention of the traditional bilateral security relationship is taking place. At the core of this process lies an agreement about the need for engaging in more proactive strategic behavior in the changing global security environment, and a mutual acceptance of looming military and technological interdependence. But this new alliance relationship is already testing the boundaries of bipartisan support for security policy within Australia. Issues of strategic doctrine, defense planning, and procurement are becoming topics of fi erce policy debate. Such discussion is likely to be sharpened in the years ahead as Australia’s security relationship with the United States settles into a new framework.
Resumo:
This article addresses the normative dilemma located within the application of `securitization,’ as a method of understanding the social construction of threats and security policies. Securitization as a theoretical and practical undertaking is being increasingly used by scholars and practitioners. This scholarly endeavour wishes to provide those wishing to engage with securitization with an alternative application of this theory; one which is sensitive to and self-reflective of the possible normative consequences of its employment. This article argues that discussing and analyzing securitization processes have normative implications, which is understood here to be the negative securitization of a referent. The negative securitization of a referent is asserted to be carried out through the unchallenged analysis of securitization processes which have emerged through relations of exclusion and power. It then offers a critical understanding and application of securitization studies as a way of overcoming the identified normative dilemma. First, it examines how the Copenhagen School’s formation of securitization theory gives rise to a normative dilemma, which is situated in the performative and symbolic power of security as a political invocation and theoretical concept. Second, it evaluates previous attempts to overcome the normative dilemma of securitization studies, outlining the obstacles that each individual proposal faces. Third, this article argues that the normative dilemma of applying securitization can be avoided by firstly, deconstructing the institutional power of security actors and dominant security subjectivities and secondly, by addressing countering or alternative approaches to security and incorporating different security subjectivities. Examples of the securitization of international terrorism and immigration are prominent throughout.
Resumo:
The primary goal of this paper is to discuss how the leading position of Brazil in South America could contribute to boost security cooperation between the European Union and Mercosur. Both parties share common foreign and security policy concerns, including immigration, terrorism and drug trafficking. Through its great influence on the regional security agenda, Brazil could seek closer bilateral cooperation with Europe in tackling these global challenges, acting at the same time as a representative of regional interests.
Resumo:
Many political economic theories use and emphasize the process of votingin their explanation of the growth of Social Security, governmentspending, and other public policies. But is there an empirical connectionbetween democracy and Social Security program size or design? Using somenew international data sets to produce both country-panel econometricestimates as well as case studies of South American and southern Europeancountries, we find that Social Security policy varies according toeconomic and demographic factors, but that very different politicalhistories can result in the same Social Security policy. We find littlepartial effect of democracy on the size of Social Security budgets, onhow those budgets are allocated, or how economic and demographic factorsaffect Social Security. If there is any observed difference, democraciesspend a little less of their GDP on Social Security, grow their budgetsa bit more slowly, and cap their payroll tax more often, than doeconomically and demographically similar nondemocracies. Democracies andnondemocracies are equally likely to have benefit formulas inducingretirement and, conditional on GDP per capita, equally likely to induceretirement with a retirement test vs. an earnings test.
Resumo:
This paper provides a quantitative evaluation of the intra--cohortredistributive elements of the United States social security system in thecontext of a computable general equilibrium model. I determine how thewell--being of individuals that differ across {\sl gender, race} and {\sl education}is affected by government social security policy. I find that females, whitesand non--college graduates stand less to gain (lose) from reductions(increases) in the size of social security than males, non--whites andcollege graduates, respectively. Differences in mortality risk and laborproductivity translate into differences in the magnitudes of capitalaccumulation and labor supply distortions, that are responsible for theobserved welfare difference between types. Results imply that the currentprogram is lifetime progressive across gender and education, yet lifetimeregressive across race.
Resumo:
EXECUTIVE SUMMARY : Evaluating Information Security Posture within an organization is becoming a very complex task. Currently, the evaluation and assessment of Information Security are commonly performed using frameworks, methodologies and standards which often consider the various aspects of security independently. Unfortunately this is ineffective because it does not take into consideration the necessity of having a global and systemic multidimensional approach to Information Security evaluation. At the same time the overall security level is globally considered to be only as strong as its weakest link. This thesis proposes a model aiming to holistically assess all dimensions of security in order to minimize the likelihood that a given threat will exploit the weakest link. A formalized structure taking into account all security elements is presented; this is based on a methodological evaluation framework in which Information Security is evaluated from a global perspective. This dissertation is divided into three parts. Part One: Information Security Evaluation issues consists of four chapters. Chapter 1 is an introduction to the purpose of this research purpose and the Model that will be proposed. In this chapter we raise some questions with respect to "traditional evaluation methods" as well as identifying the principal elements to be addressed in this direction. Then we introduce the baseline attributes of our model and set out the expected result of evaluations according to our model. Chapter 2 is focused on the definition of Information Security to be used as a reference point for our evaluation model. The inherent concepts of the contents of a holistic and baseline Information Security Program are defined. Based on this, the most common roots-of-trust in Information Security are identified. Chapter 3 focuses on an analysis of the difference and the relationship between the concepts of Information Risk and Security Management. Comparing these two concepts allows us to identify the most relevant elements to be included within our evaluation model, while clearing situating these two notions within a defined framework is of the utmost importance for the results that will be obtained from the evaluation process. Chapter 4 sets out our evaluation model and the way it addresses issues relating to the evaluation of Information Security. Within this Chapter the underlying concepts of assurance and trust are discussed. Based on these two concepts, the structure of the model is developed in order to provide an assurance related platform as well as three evaluation attributes: "assurance structure", "quality issues", and "requirements achievement". Issues relating to each of these evaluation attributes are analysed with reference to sources such as methodologies, standards and published research papers. Then the operation of the model is discussed. Assurance levels, quality levels and maturity levels are defined in order to perform the evaluation according to the model. Part Two: Implementation of the Information Security Assurance Assessment Model (ISAAM) according to the Information Security Domains consists of four chapters. This is the section where our evaluation model is put into a welldefined context with respect to the four pre-defined Information Security dimensions: the Organizational dimension, Functional dimension, Human dimension, and Legal dimension. Each Information Security dimension is discussed in a separate chapter. For each dimension, the following two-phase evaluation path is followed. The first phase concerns the identification of the elements which will constitute the basis of the evaluation: ? Identification of the key elements within the dimension; ? Identification of the Focus Areas for each dimension, consisting of the security issues identified for each dimension; ? Identification of the Specific Factors for each dimension, consisting of the security measures or control addressing the security issues identified for each dimension. The second phase concerns the evaluation of each Information Security dimension by: ? The implementation of the evaluation model, based on the elements identified for each dimension within the first phase, by identifying the security tasks, processes, procedures, and actions that should have been performed by the organization to reach the desired level of protection; ? The maturity model for each dimension as a basis for reliance on security. For each dimension we propose a generic maturity model that could be used by every organization in order to define its own security requirements. Part three of this dissertation contains the Final Remarks, Supporting Resources and Annexes. With reference to the objectives of our thesis, the Final Remarks briefly analyse whether these objectives were achieved and suggest directions for future related research. Supporting resources comprise the bibliographic resources that were used to elaborate and justify our approach. Annexes include all the relevant topics identified within the literature to illustrate certain aspects of our approach. Our Information Security evaluation model is based on and integrates different Information Security best practices, standards, methodologies and research expertise which can be combined in order to define an reliable categorization of Information Security. After the definition of terms and requirements, an evaluation process should be performed in order to obtain evidence that the Information Security within the organization in question is adequately managed. We have specifically integrated into our model the most useful elements of these sources of information in order to provide a generic model able to be implemented in all kinds of organizations. The value added by our evaluation model is that it is easy to implement and operate and answers concrete needs in terms of reliance upon an efficient and dynamic evaluation tool through a coherent evaluation system. On that basis, our model could be implemented internally within organizations, allowing them to govern better their Information Security. RÉSUMÉ : Contexte général de la thèse L'évaluation de la sécurité en général, et plus particulièrement, celle de la sécurité de l'information, est devenue pour les organisations non seulement une mission cruciale à réaliser, mais aussi de plus en plus complexe. A l'heure actuelle, cette évaluation se base principalement sur des méthodologies, des bonnes pratiques, des normes ou des standards qui appréhendent séparément les différents aspects qui composent la sécurité de l'information. Nous pensons que cette manière d'évaluer la sécurité est inefficiente, car elle ne tient pas compte de l'interaction des différentes dimensions et composantes de la sécurité entre elles, bien qu'il soit admis depuis longtemps que le niveau de sécurité globale d'une organisation est toujours celui du maillon le plus faible de la chaîne sécuritaire. Nous avons identifié le besoin d'une approche globale, intégrée, systémique et multidimensionnelle de l'évaluation de la sécurité de l'information. En effet, et c'est le point de départ de notre thèse, nous démontrons que seule une prise en compte globale de la sécurité permettra de répondre aux exigences de sécurité optimale ainsi qu'aux besoins de protection spécifiques d'une organisation. Ainsi, notre thèse propose un nouveau paradigme d'évaluation de la sécurité afin de satisfaire aux besoins d'efficacité et d'efficience d'une organisation donnée. Nous proposons alors un modèle qui vise à évaluer d'une manière holistique toutes les dimensions de la sécurité, afin de minimiser la probabilité qu'une menace potentielle puisse exploiter des vulnérabilités et engendrer des dommages directs ou indirects. Ce modèle se base sur une structure formalisée qui prend en compte tous les éléments d'un système ou programme de sécurité. Ainsi, nous proposons un cadre méthodologique d'évaluation qui considère la sécurité de l'information à partir d'une perspective globale. Structure de la thèse et thèmes abordés Notre document est structuré en trois parties. La première intitulée : « La problématique de l'évaluation de la sécurité de l'information » est composée de quatre chapitres. Le chapitre 1 introduit l'objet de la recherche ainsi que les concepts de base du modèle d'évaluation proposé. La maniéré traditionnelle de l'évaluation de la sécurité fait l'objet d'une analyse critique pour identifier les éléments principaux et invariants à prendre en compte dans notre approche holistique. Les éléments de base de notre modèle d'évaluation ainsi que son fonctionnement attendu sont ensuite présentés pour pouvoir tracer les résultats attendus de ce modèle. Le chapitre 2 se focalise sur la définition de la notion de Sécurité de l'Information. Il ne s'agit pas d'une redéfinition de la notion de la sécurité, mais d'une mise en perspectives des dimensions, critères, indicateurs à utiliser comme base de référence, afin de déterminer l'objet de l'évaluation qui sera utilisé tout au long de notre travail. Les concepts inhérents de ce qui constitue le caractère holistique de la sécurité ainsi que les éléments constitutifs d'un niveau de référence de sécurité sont définis en conséquence. Ceci permet d'identifier ceux que nous avons dénommés « les racines de confiance ». Le chapitre 3 présente et analyse la différence et les relations qui existent entre les processus de la Gestion des Risques et de la Gestion de la Sécurité, afin d'identifier les éléments constitutifs du cadre de protection à inclure dans notre modèle d'évaluation. Le chapitre 4 est consacré à la présentation de notre modèle d'évaluation Information Security Assurance Assessment Model (ISAAM) et la manière dont il répond aux exigences de l'évaluation telle que nous les avons préalablement présentées. Dans ce chapitre les concepts sous-jacents relatifs aux notions d'assurance et de confiance sont analysés. En se basant sur ces deux concepts, la structure du modèle d'évaluation est développée pour obtenir une plateforme qui offre un certain niveau de garantie en s'appuyant sur trois attributs d'évaluation, à savoir : « la structure de confiance », « la qualité du processus », et « la réalisation des exigences et des objectifs ». Les problématiques liées à chacun de ces attributs d'évaluation sont analysées en se basant sur l'état de l'art de la recherche et de la littérature, sur les différentes méthodes existantes ainsi que sur les normes et les standards les plus courants dans le domaine de la sécurité. Sur cette base, trois différents niveaux d'évaluation sont construits, à savoir : le niveau d'assurance, le niveau de qualité et le niveau de maturité qui constituent la base de l'évaluation de l'état global de la sécurité d'une organisation. La deuxième partie: « L'application du Modèle d'évaluation de l'assurance de la sécurité de l'information par domaine de sécurité » est elle aussi composée de quatre chapitres. Le modèle d'évaluation déjà construit et analysé est, dans cette partie, mis dans un contexte spécifique selon les quatre dimensions prédéfinies de sécurité qui sont: la dimension Organisationnelle, la dimension Fonctionnelle, la dimension Humaine, et la dimension Légale. Chacune de ces dimensions et son évaluation spécifique fait l'objet d'un chapitre distinct. Pour chacune des dimensions, une évaluation en deux phases est construite comme suit. La première phase concerne l'identification des éléments qui constituent la base de l'évaluation: ? Identification des éléments clés de l'évaluation ; ? Identification des « Focus Area » pour chaque dimension qui représentent les problématiques se trouvant dans la dimension ; ? Identification des « Specific Factors » pour chaque Focus Area qui représentent les mesures de sécurité et de contrôle qui contribuent à résoudre ou à diminuer les impacts des risques. La deuxième phase concerne l'évaluation de chaque dimension précédemment présentées. Elle est constituée d'une part, de l'implémentation du modèle général d'évaluation à la dimension concernée en : ? Se basant sur les éléments spécifiés lors de la première phase ; ? Identifiant les taches sécuritaires spécifiques, les processus, les procédures qui auraient dû être effectués pour atteindre le niveau de protection souhaité. D'autre part, l'évaluation de chaque dimension est complétée par la proposition d'un modèle de maturité spécifique à chaque dimension, qui est à considérer comme une base de référence pour le niveau global de sécurité. Pour chaque dimension nous proposons un modèle de maturité générique qui peut être utilisé par chaque organisation, afin de spécifier ses propres exigences en matière de sécurité. Cela constitue une innovation dans le domaine de l'évaluation, que nous justifions pour chaque dimension et dont nous mettons systématiquement en avant la plus value apportée. La troisième partie de notre document est relative à la validation globale de notre proposition et contient en guise de conclusion, une mise en perspective critique de notre travail et des remarques finales. Cette dernière partie est complétée par une bibliographie et des annexes. Notre modèle d'évaluation de la sécurité intègre et se base sur de nombreuses sources d'expertise, telles que les bonnes pratiques, les normes, les standards, les méthodes et l'expertise de la recherche scientifique du domaine. Notre proposition constructive répond à un véritable problème non encore résolu, auquel doivent faire face toutes les organisations, indépendamment de la taille et du profil. Cela permettrait à ces dernières de spécifier leurs exigences particulières en matière du niveau de sécurité à satisfaire, d'instancier un processus d'évaluation spécifique à leurs besoins afin qu'elles puissent s'assurer que leur sécurité de l'information soit gérée d'une manière appropriée, offrant ainsi un certain niveau de confiance dans le degré de protection fourni. Nous avons intégré dans notre modèle le meilleur du savoir faire, de l'expérience et de l'expertise disponible actuellement au niveau international, dans le but de fournir un modèle d'évaluation simple, générique et applicable à un grand nombre d'organisations publiques ou privées. La valeur ajoutée de notre modèle d'évaluation réside précisément dans le fait qu'il est suffisamment générique et facile à implémenter tout en apportant des réponses sur les besoins concrets des organisations. Ainsi notre proposition constitue un outil d'évaluation fiable, efficient et dynamique découlant d'une approche d'évaluation cohérente. De ce fait, notre système d'évaluation peut être implémenté à l'interne par l'entreprise elle-même, sans recourir à des ressources supplémentaires et lui donne également ainsi la possibilité de mieux gouverner sa sécurité de l'information.
Resumo:
Peer-reviewed
Resumo:
Tietoturvallisuus on prosessi, jonka tavoitteena on turvata yrityksen liiketoiminnassa käytettävän tiedon luottamuksellisuus, eheys ja käytettävyys. Tietoturvallisuutta johdetaan hallintajärjestelmällä, johon riskien arviointi ja tietoturvaohjeisto kuuluvat. Työssä tutkitaan, kuinka tietoturvaohjeiston dokumentteja voidaan kehittää tietoturvariskien arvioinnin avulla. Työn käytännön osuudessa suoritetaan Kemppi-konsernissa tietoriskien arviointi, jonka perusteella uudistetaan konsernin tietoturvaohjeistoa ja annetaan jatkosuositukset tietoturvallisuuden kehittämisestä.
Resumo:
Finnish Defence Studies is published under the auspices of the National Defence College, and the contributions reflect the fields of research and teaching of the College. Finnish Defence Studies will occasionally feature documentation on Finnish Security Policy. Views expressed are those of the authors and do not necessarily imply endorsement by the National Defence College.
