Information security culture : a behaviour compliance conceptual framework

Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.

The neoliberal way of war: a critical analysis of contemporary British security in policy and practice.

Dominant paradigms of causal explanation for why and how Western liberal-democracies go to war in the post-Cold War era remain versions of the 'liberal peace' or 'democratic peace' thesis. Yet such explanations have been shown to rest upon deeply problematic epistemological and methodological assumptions. Of equal importance, however, is the failure of these dominant paradigms to account for the 'neoliberal revolution' that has gripped Western liberal-democracies since the 1970s. The transition from liberalism to neoliberalism remains neglected in analyses of the contemporary Western security constellation. Arguing that neoliberalism can be understood simultaneously through the Marxian concept of ideology and the Foucauldian concept of governmentality – that is, as a complementary set of 'ways of seeing' and 'ways of being' – the thesis goes on to analyse British security in policy and practice, considering it as an instantiation of a wider neoliberal way of war. In so doing, the thesis draws upon, but also challenges and develops, established critical discourse analytic methods, incorporating within its purview not only the textual data that is usually considered by discourse analysts, but also material practices of security. This analysis finds that contemporary British security policy is predicated on a neoliberal social ontology, morphology and morality – an ideology or 'way of seeing' – focused on the notion of a globalised 'network-market', and is aimed at rendering circulations through this network-market amenable to neoliberal techniques of government. It is further argued that security practices shaped by this ideology imperfectly and unevenly achieve the realisation of neoliberal 'ways of being' – especially modes of governing self and other or the 'conduct of conduct' – and the re-articulation of subjectivities in line with neoliberal principles of individualism, risk, responsibility and flexibility. The policy and practice of contemporary British 'security' is thus recontextualised as a component of a broader 'neoliberal way of war'.

Security practice: survey evidence from three countries

Computer security is becoming a global problem. Recent surveys show that there increased concern about security risks such as hackers. There is also an increase in the growth of Internet access around the world. This growth of the Internet has resulted in the development of new businesses such as e-commerce and with the new businesses come new associated security risks such as on-line fraud and hacking. Is it fair to assume the security practices are the same all over the world? The paper tries to look at security practices from a number of different countries perspective and tries to show that security practices are not generic and vary from country to country.

The impact of security surveys within Australia and New Zealand

Information security is portrayed as a global problem that impacts all countries that are considered as part of the Information Society. Recent surveys show that there are increased concerns about computer crime. The paper will focus upon recent national security surveys from Australia and New Zealand and the trends that this research shows. Is it fair to assume the security practices are the same all over the world? The paper looks at security practices from a number of different countries perspectives and shows that security practices are not generic and vary from country to country. The paper will also evaluate the worth that National Security Surveys have in the field of Information Security Surveys.

Information security governance : when compliance becomes more important than security

Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational security practices, this may not be sufficient in the current dynamic security environment. Organizational information security must adapt to changing conditions by extending security governance to middle management as well as system/network administrators. Unfortunately the lack of clear business security objectives and strategies at the business unit level is likely to result in a compliance culture, where those responsible for implementing information security are more interested in complying with organizational standards and policies than improving security itself.

Surveillance, Security and Sporting Mega Events: Toward a Research Agenda on the Organisation of Security Networks

Surveillance and security at sports mega events have been the subject of considerable scholarly attention. Events such as the Olympic Games and Fédération Internationale de Football Association (FIFA) World Cups have become occasions of almost unparalleled economic, political and social significance. In the lead up to the London 2012 Olympic Games, scholars have examined issues such as the ‘security legacies’ of sports mega events, the infrastructures and technologies used in an attempt to secure these events, and the planning mentalities underpinning the staggering ‘security spectacle’ of these globally televised events. This paper deals with the subject of how surveillance and security practices at sports mega events are organised. It uses the emerging paradigm of ‘security networks’ to call attention to some important issues involving the entire ‘security assemblage’ that accompanies these mega events. The paper presents five levels of analysis—structural, cultural, policy, technological and relational—to examine these practices and documents several key areas for further research on sports mega events.

A Framework for Security Transparency in Cloud Computing

Individuals and corporate users are persistently considering cloud adoption due to its significant benefits compared to traditional computing environments. The data and applications in the cloud are stored in an environment that is separated, managed and maintained externally to the organisation. Therefore, it is essential for cloud providers to demonstrate and implement adequate security practices to protect the data and processes put under their stewardship. Security transparency in the cloud is likely to become the core theme that underpins the systematic disclosure of security designs and practices that enhance customer confidence in using cloud service and deployment models. In this paper, we present a framework that enables a detailed analysis of security transparency for cloud based systems. In particular, we consider security transparency from three different levels of abstraction, i.e., conceptual, organisation and technical levels, and identify the relevant concepts within these levels. This allows us to provide an elaboration of the essential concepts at the core of transparency and analyse the means for implementing them from a technical perspective. Finally, an example from a real world migration context is given to provide a solid discussion on the applicability of the proposed framework.

Radicalisation theories, policing practices, and “the future of terrorism?”

This article explores how theories of radicalisation have placed an emphasis on the development of an indicators-based approach to identify individuals who might engage in politically motivated violence. We trace how policing agencies have juxtaposed the search for indicators as a defence against criticisms of racial profiling. However, through an analysis of Canadian counter-terrorism training programmes, we demonstrate that the search for radicalisation indicators reaffirms pre-emptive and discriminatory security practices. We insist that despite efforts to theorise radicalisation outside of the practices of the “war on terror”, current trends risk rationalising prejudicial policing that affirms social exclusion and injustice.

Private security beyond private military and security companies:exploring diversity within private-public collaborations and its consequences for security governance

The aim of this special issue is to widen the existing debates on security privatization by looking at how and why an increasing number of private actors beyond private military and/or security companies (PMSCs) have come to perform various security related functions. While PMSCs produce security for profit, most other private sector actors make profit by selling goods and services that were originally not connected with security in the traditional understanding of the term. However, due to the continuous introduction of new legal and technical regulations by public authorities, many non- security related private businesses nowadays have to perform at least some security functions. Little research, however, has been done thus far, both in terms of security practices of non- security related private businesses and their impact on security governance. This introduction explains how this special issue contributes to closing this glaring gap by 1) extending the conceptual and theoretical arguments in the existing body of literature; and 2) offering a range of original case studies on the specific roles of non- security related private companies of all sizes, areas of businesses, and geographic origin.

The Nagle Royal Commission 25 years on : gaining perspective on two and a half decades of NSW prison reform

This article attempts an audit of changes in the NSW penal system over the last nearly 30 years. Taking the 1978 Nagle Royal Commission findings and analysis as the starting point a comparison is made between the Nagle era and the contemporary scene across a range of practices including imprisonment rates, violence, drug use, deaths in custody, prison conditions, prisoners rights, legal regulation, and others. It is suggested that developments since Nagle are mixed and cannot be attributed to a single logic or force. Major changes include a doubling of imprisonment rates, significant increases in Indigenous and women's imprisonment rates, the apparent ending of institutionalised bashings and the centrality of drug use to imprisonment and to the culture, health and security practices which characterise the current prison experience. The article may constitute a useful starting point for broader attempts to relate current penal practices to far wider changes in the conditions of life under late modernity.

On the Decidability of Model-Checking Information Flow Properties

Current standard security practices do not provide substantial assurance about information flow security: the end-to-end behavior of a computing system. Noninterference is the basic semantical condition used to account for information flow security. In the literature, there are many definitions of noninterference: Non-inference, Separability and so on. Mantel presented a framework of Basic Security Predicates (BSPs) for characterizing the definitions of noninterference in the literature. Model-checking these BSPs for finite state systems was shown to be decidable in [8]. In this paper, we show that verifying these BSPs for the more expressive system model of pushdown systems is undecidable. We also give an example of a simple security property which is undecidable even for finite-state systems: the property is a weak form of non-inference called WNI, which is not expressible in Mantel’s BSP framework.

La alianza de estados insulares pequeños y la securitización del cambio climático en la convención marco de Naciones Unidas sobre cambio climático (1992-2012)

La presente monografía busca explicar el proceso de securitización realizado por la AOSIS del cambio climático en las COP de la CMNUCC. Esta investigación defiende que la AOSIS sí ha hecho dicho proceso a través de estrategias como el liderazgo moral y los nexos con actores no-estatales; pero dicho proceso no ha sido exitoso, dado el predominio del discurso del desarrollo sostenible en las negociaciones, el debilitamiento de la AOSIS como actor securitizador y el poco apoyo formal de las potencias emergentes y el bloque UMBRELLA. Para sustentar lo anterior, se realizará una revisión de informes científicos que demuestran que el cambio climático es una amenaza a la seguridad, y un estudio desde de la teoría de securitización de Thierry Balzacq, de los discursos dados por los estados AOSIS, de las COP y de las posiciones de algunos bloques de negociación sobre el cambio climático.

Características do aço API X70 utilizado em tubos de transporte de petróleo e gás

Having in mind that petroleum's history presents a huge growth, the exploration and production areas have been receiving lots of investments, in order to attend the increasing demand for gas and petroleum. Looking through that scenario, new technologies have been evolving in favor of discovering new natural petroleum deposits and act with effectiveness in truly deep waters without giving up the worldwide best operational security practices. The use of rigid pipes in marine installations have been rising quickly and, thanks to this reality, the many storage and pipe launching forms became study objects and are getting improved. The analysis of steel API X70 characteristics, proving that they are suitable for use in pipes developed to transport gas and petroleum is the theme of this presentation. A tensile test was conducted to determine the base metal's mechanical properties, draining's tension, traction's resistance, elasticity's modulus and maximum tension. An aspect that is concerning too is the metallographic analysis, in order to determine the studied iron's microstructure. Results of analyzes showed that the steel has high resistance, with good capacity for deformation and well defined yield point, concluding suitable for the application in question

Características do aço API X70 utilizado em tubos de transporte de petróleo e gás

Having in mind that petroleum's history presents a huge growth, the exploration and production areas have been receiving lots of investments, in order to attend the increasing demand for gas and petroleum. Looking through that scenario, new technologies have been evolving in favor of discovering new natural petroleum deposits and act with effectiveness in truly deep waters without giving up the worldwide best operational security practices. The use of rigid pipes in marine installations have been rising quickly and, thanks to this reality, the many storage and pipe launching forms became study objects and are getting improved. The analysis of steel API X70 characteristics, proving that they are suitable for use in pipes developed to transport gas and petroleum is the theme of this presentation. A tensile test was conducted to determine the base metal's mechanical properties, draining's tension, traction's resistance, elasticity's modulus and maximum tension. An aspect that is concerning too is the metallographic analysis, in order to determine the studied iron's microstructure. Results of analyzes showed that the steel has high resistance, with good capacity for deformation and well defined yield point, concluding suitable for the application in question

In nome della comunità. Analisi dei testi della sicurezza e del terrorismo

The focus of this dissertation is the relationship between the necessity for protection and the construction of cultural identities. In particular, by cultural identities I mean the representation and construction of communities: national communities, religious communities or local communities. By protection I mean the need for individuals and groups to be reassured about dangers and risks. From an anthropological point of view, the relationship between the need for protection and the formation and construction of collective identities is driven by the defensive function of culture. This was recognized explicitly by Claude Lévi-Strauss and Jurij Lotman. To explore the “protective hypothesis,” it was especially useful to compare the immunitarian paradigm, proposed by Roberto Esposito, with a semiotic approach to the problem. According to Esposito, immunity traces borders, dividing Community from what should be kept outside: the enemies, dangers and chaos, and, in general, whatever is perceived to be a threat to collective and individual life. I recognized two dimensions in the concept of immunity. The first is the logic dimension: every element of a system makes sense because of the network of differential relations in which it is inscribed; the second dimension is the social praxis of division and definition of who. We are (or what is inside the border), and who They are (or what is, and must be kept, outside the border). I tested my hypothesis by analyzing two subject areas in particular: first, the security practices in London after 9/11 and 7/7; and, second, the Spiritual Guide of 9/11 suicide bombers. In both cases, one observes the construction of two entities: We and They. The difference between the two cases is their “model of the world”: in the London case, one finds the political paradigms of security as Sovereignty, Governamentality and Biopolitics. In the Spiritual Guide, one observes a religious model of the Community of God confronting the Community of Evil. From a semiotic point view, the problem is the origin of respective values, the origin of respective moral universes, and the construction of authority. In both cases, I found that emotional dynamics are crucial in the process of forming collective identities and in the process of motivating the involved subjects: specifically, the role of fear and terror is the primary factor, and represents the principal focus of my research.