Search results
1 – 10 of over 1000Joe Garcia, Russell Shannon, Aaron Jacobson, William Mosca, Michael Burger and Roberto Maldonado
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software…
Abstract
Purpose
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software support activity (SSA), with said paradigm supporting strong traceability and provability concerning the SSA’s output product, known as an operational flight program (OFP). Through a secure development environment (SDE), each critical software development function performed on said OFP during its development has a corresponding record represented on a blockchain.
Design/methodology/approach
An SDE is implemented as a virtual machine or container incorporating software development tools that are modified to support blockchain transactions. Each critical software development function, e.g. editing, compiling, linking, generates a blockchain transaction message with associated information embedded in the output of a said function that, together, can be used to prove integrity and support traceability. An attestation process is used to provide proof that the toolchain containing SDE is not subject to unauthorized modification at the time said critical function is performed.
Findings
Blockchain methods are shown to be a viable approach for supporting exhaustive traceability and strong provability of development system integrity for mission-critical software produced by an NAE SSA for NAE embedded systems software.
Practical implications
A blockchain-based authentication approach that could be implemented at the OFP point-of-load would provide for fine-grain authentication of all OFP software components, with each component or module having its own proof-of-integrity (including the integrity of the used development tools) over its entire development history.
Originality/value
Many SSAs have established control procedures for development such as check-out/check-in. This does not prove the SSA output software is secure. For one thing, a build system does not necessarily enforce procedures in a way that is determinable from the output. Furthermore, the SSA toolchain itself could be attacked. The approach described in this paper enforces security policy and embeds information into the output of every development function that can be cross-referenced to blockchain transaction records for provability and traceability that only trusted tools, free from unauthorized modifications, are used in software development. A key original concept of this approach is that it treats assigned developer time as a transferable digital currency.
Details
Keywords
- Software development
- Blockchain
- Cybersecurity
- Operational flight program
- Secure development environment
- Secure virtual machine
- Zero trust
- Embedded systems
- Mission-critical systems
- OFP
- DevOps
- DevSecOps
- Software support activity
- SSA
- SDE
- Permissioned blockchain
- Cryptocurrency
- Time-limited authorization for developer action
- TADA
- Code signing
- Trusted software guard
- SGX
- Trusted eXecution technology
- TXT
- Trusted platform module
- Self-hosting
- Controlled access blockchain
- CABlock
- Role-based access control
- RBAC
Adrienne Muir, Rachel Spacey, Louise Cooke and Claire Creaser
This paper aims to consider selected results from the Arts and Humanities Research Council (AHRC)-funded “Managing Access to the internet in Public Libraries” (MAIPLE) project…
Abstract
Purpose
This paper aims to consider selected results from the Arts and Humanities Research Council (AHRC)-funded “Managing Access to the internet in Public Libraries” (MAIPLE) project, from 2012-2014. MAIPLE has explored the ways in which public library services manage use of the internet connections that they provide for the public. This included the how public library services balance their legal obligations and the needs of their communities in a public space and the ethical dilemmas that arise.
Design/methodology/approach
The researchers used a mixed-method approach involving a review of the literature, legal analysis, a questionnaire survey and case studies in five public library authorities.
Findings
UK public library services use a range of methods to regulate internet access. The research also confirms previous findings that filtering software is an ubiquitous tool for controlling access to and protecting library users from “inappropriate”, illegal and harmful internet content. There is a general, if sometimes reluctant, acceptance of filtering software as a practical tool by library staff, which seems to contrast with professional codes of ethics and attitudes in other countries. The research indicates that public library internet access will be a valued service for some time to come, but that some aspects of how public library services regulate internet access is currently managed can have socially undesirable consequences, including blocking legitimate sites and preventing users from accessing government services. Education could play a greater part in helping the general population to exercise judgement in selection of materials to view and use. This does not preclude implementing stricter controls to protect children, whilst allowing public libraries to continue providing a social good to those who are unable to otherwise participate in the digital age.
Research limitations/implications
The response to the survey was 39 per cent meaning that findings may not apply across the whole of the UK. The findings of this study are compared with and supplemented by other quantitative sources, but a strength of this study is the depth of understanding afforded by the use of case studies.
Originality/value
This paper provides both a quantitative and qualitative analysis of how internet access is managed in UK public libraries, including how library services fulfil their legal obligations and the ethical implications of how they balance their role in facilitating access to information with their perceived role as a safe and trusted environment for all members of their communities. The findings add to the international discussion on this issue and stimulate debate and policy making in the UK.
Details
Keywords
This paper analyzes how information systems (IS) can serve as tools of neo-colonial control in offshore outsourcing of research and development work. It draws on critical work…
Abstract
Purpose
This paper analyzes how information systems (IS) can serve as tools of neo-colonial control in offshore outsourcing of research and development work. It draws on critical work examining business and knowledge process outsourcing.
Design/methodology/approach
The paper reports an empirical study of how laboratory information management systems (LIMS) shape offshore outsourcing practices involving Western client firms and Indian contract research organizations (CROs) in the pharmaceutical industry. The study adopted a multi-actor perspective, involving interviews with representatives of Western clients, Indian CROs, system validation auditors, and software vendors. The analysis was iterative and interpretative, guided by postcolonial sensitivity to themes of power and control.
Findings
The study found that LIMS act as tools of neo-colonial control at three levels. As Western clients specify particular brands of LIMS, they create a hierarchy among local CROs and impact the development of the local LIMS industry. At inter-organizational level, LIMS shape relationships by allowing remote, real-time and retrospective surveillance of CROs’ work. At individual level, the ability of LIMS to support micro-modularizing of research leads to routinization of scientific discovery, negatively impacting scientists’ work satisfaction.
Originality/value
By examining multiple actors’ perceptions of IS, this paper looks beyond the rhetoric of system efficiency characteristic of most international business research. As it explores dynamics of power and control surrounding IS, it also questions the proposition that outsourcing of high-end work will move emerging economies upstream in the value chain.
Details
Keywords
This study aims to identify European positioning on the use of remote customer onboarding solutions in combating financial crime.
Abstract
Purpose
This study aims to identify European positioning on the use of remote customer onboarding solutions in combating financial crime.
Design/methodology/approach
This study is a desktop research that examines European Banking Authority (EBA) policy statements relating to the use of innovative solutions in combating financial crime.
Findings
Technological advancements in biometric data and software tools provide a unique opportunity to address potential paper customer onboarding process deficiencies. Electronic remote customer onboarding solutions equip credit, financial institutions and investment firms with an alternative FTE cost-saving solution, in their pursuit of revenue generation. Whilst the EBA and Financial Action Task Force have provided approval for the utilisation of innovative solutions and AML technologies in combatting financial crime. Hesitancy remains on the ability of credit and financial institutions to use technological solutions as a “magic solution” in preventing the materialisation of money laundering/terrorist financing related risks. Analysis of policy suggests a gravitation towards the increased use of the aforementioned technologies in the interim.
Originality/value
Capitalisation of European banking authority.
Details
Keywords
The issue of cybersecurity has been cast as the focal point of a fight between two conflicting governance models: the nation-state model of national security and the global…
Abstract
Purpose
The issue of cybersecurity has been cast as the focal point of a fight between two conflicting governance models: the nation-state model of national security and the global governance model of multi-stakeholder collaboration, as seen in forums like IGF, IETF, ICANN, etc. There is a strange disconnect, however, between this supposed fight and the actual control over cybersecurity “on the ground”. This paper aims to reconnect discourse and control via a property rights approach, where control is located first and foremost in ownership.
Design/methodology/approach
This paper first conceptualizes current governance mechanisms through ownership and property rights. These concepts locate control over internet resources. They also help us understand ongoing shifts in control. Such shifts in governance are actually happening, security governance is being patched left and right, but these arrangements bear little resemblance to either the national security model of states or the global model of multi-stakeholder collaboration. With the conceptualization in hand, the paper then presents case studies of governance that have emerged around specific security externalities.
Findings
While not all mechanisms are equally effective, in each of the studied areas, the author found evidence of private actors partially internalizing the externalities, mostly on a voluntary basis and through network governance mechanisms. No one thinks that this is enough, but it is a starting point. Future research is needed to identify how these mechanisms can be extended or supplemented to further improve the governance of cybersecurity.
Originality/value
This paper bridges together the disconnected research communities on governance and (technical) cybersecurity.
Details
Keywords
Rachel Spacey, Louise Cooke, Adrienne Muir and Claire Creaser
The purpose of this paper is to review current knowledge, research and thinking about the difficulties facing public libraries offering internet access to their users in ensuring…
Abstract
Purpose
The purpose of this paper is to review current knowledge, research and thinking about the difficulties facing public libraries offering internet access to their users in ensuring legally compliant and non-offensive use of this facility whilst still adhering to the professional value of freedom of access to information.
Design/methodology/approach
A range of recently published sources (1997-2013) relating to the technical and organisational measures used to manage public internet access primarily in public libraries in the UK with some limited international examples were reviewed and analysed. This work was undertaken as the underpinning research for an AHRC-funded project, MAIPLE (Managing Access to the internet in Public Libraries).
Findings
The provision of public internet access is a well-established component of the role of public libraries, but is seen as a potential problem due to the possibility of misuse, and it appears that simplistic technical solutions have disappointed. Legislation increases the need for more effective solutions that can provide a balance between the need for legal compliance, a welcoming environment for users, and the protection of key freedoms. A range of measures are being adopted worldwide in response to this dilemma.
Originality/value
Research exploring internet access in public libraries and its management in the UK is numerically small and much of it dates back to the start of the twenty-first century. This review presents a comprehensive analysis of the available literature and is of relevance to practitioners and academics in the fields of public librarianship.
Details
Keywords
Teemu Mikael Lappi, Kirsi Aaltonen and Jaakko Kujala
This paper aims to increase the current understanding of the connection between operational level information and communication technology (ICT) projects and national level…
Abstract
Purpose
This paper aims to increase the current understanding of the connection between operational level information and communication technology (ICT) projects and national level digital transformation by researching how project governance structures and practices are applied in an e-government context.
Design/methodology/approach
An elaborative qualitative study through public documentary analysis and empirical multi-case research on Finnish central government is used.
Findings
The study constructs a multi-level governance structure with three main functions and applies this in an empirical setting. The results also describe how different governance practices and processes, focusing on project portfolio management, are applied vertically across different organizational levels to connect the ICT projects with the national digitalization strategy.
Originality/value
This study integrates project governance and portfolio management knowledge into public sector digitalization, thus contributing to project management, e-government and ICT research streams by improving the current understanding on the governance of ICT projects as part of a larger-scale digitalization. This study also highlights perceived gaps between current governance practices and provides implications to managers and practitioners working in the field to address these gaps.
Details
Keywords
Koraljka Golub, Pawel Michal Ziolkowski and Goran Zlodi
The study aims to paint a representative picture of the current state of search interfaces of Swedish online museum collections, focussing on search functionalities with…
Abstract
Purpose
The study aims to paint a representative picture of the current state of search interfaces of Swedish online museum collections, focussing on search functionalities with particular reference to subject searching, as well as the use of controlled vocabularies, with the purpose of identifying which improvements of the search interfaces are needed to ensure high-quality information retrieval for the end user.
Design/methodology/approach
In the first step, a set of 21 search interface criteria was identified, based on related research and current standards in the domain of cultural heritage knowledge organization. Secondly, a complete set of Swedish museums that provide online access to their collections was identified, comprising nine cross-search services and 91 individual museums' websites. These 100 websites were each evaluated against the 21 criteria, between 1 July and 31 August 2020.
Findings
Although many standards and guidelines are in place to ensure quality-controlled subject indexing, which in turn support information retrieval of relevant resources (as individual or full search results), the study shows that they are not broadly implemented, resulting in information retrieval failures for the end user. The study also demonstrates a strong need for the implementation of controlled vocabularies in these museums.
Originality/value
This study is a rare piece of research which examines subject searching in online museums; the 21 search criteria and their use in the analysis of the complete set of online collections of a country represents a considerable and unique contribution to the fields of knowledge organization and information retrieval of cultural heritage. Its particular value lies in showing how the needs of end users, many of which are documented and reflected in international standards and guidelines, should be taken into account in designing search tools for these museums; especially so in subject searching, which is the most complex and yet the most common type of search. Much effort has been invested into digitizing cultural heritage collections, but access to them is hindered by poor search functionality. This study identifies which are the most important aspects to improve.
Details
Keywords
Digital technologies have fundamentally changed organizations, industries, and even the society. Although institutional theory provides rich array of perspectives to both the…
Abstract
Digital technologies have fundamentally changed organizations, industries, and even the society. Although institutional theory provides rich array of perspectives to both the content and dynamics of such changes, research at the intersection of institutional scholarship and digitalization has remained scarce. In this essay, I draw on the institutional logics perspective to elaborate digitalization as involving a new set of interconnected managerial beliefs and norms, organizational practices, and diverse material and social structures that together complement and challenge the established logics in organizations and institutional fields. I draw attention to two central organizing principles in the logic of digitalization: the pursuit of digital omniscience – the efforts to represent and conceive the world through digital data – and digital omnipotence – the efforts to bring activities inside and outside organizations under the control of information systems. I conclude the essay by elaborating how the institutional logics perspective can help understand organization-level efforts to leverage digitalization by incumbent corporations and new digital-native companies.
Details