Search results

This paper aims to present empirical results exemplifying challenges related to information security faced by small and medium enterprises (SMEs). It uses guidelines based on work system theory (WST) to frame the results, thereby illustrating why the mere existence of corporate security policies or general security training often is insufficient for establishing and maintaining information security.

This research was designed to produce a better appreciation and understanding of potential issues or gaps in security practices in SMEs. The research team interviewed 187 employees of 39 SMEs in the UK. All of those employees had access to sensitive information. Gathering information through interviews (instead of formal security documentation) made it possible to assess security practices from employees’ point of view.

Corporate policies that highlight information security are often disconnected from actual work practices and routines and often do not receive high priority in everyday work practices. A vast majority of the interviewed employees are not involved in risk assessment or in the development of security practices. Security practices remain an illusory activity in their real-world contexts.

This paper focuses only on closed-ended questions related to the following topics: awareness of existing security policy; information security practices and management and information security involvement.

The empirical findings show that corporate information security policies in SMEs often are insufficient for maintaining security unless those policies are integrated with visible and recognized work practices in work systems that use or produce sensitive information. The interpretation based on WST provides guidelines for enhancing information system security.

Beyond merely reporting empirical results, this research uses WST to interpret the results in a way that has direct implications for practitioners and for researchers.

The purpose of this paper is to explore a particular philosophical underpinning for Information Systems (IS) research – critical systemic thinking (CST). Drawing upon previous work, the authors highlight the principal features of CST within the tradition of critical research and attempt to relate it to trends in the Italian school of IS research in recent years, as exemplified by the work of Claudio Ciborra but also evident in work by, e.g. Resca, Jacucci and D'Atri.

This is a conceptual paper which explores CST, characterised by a focus on individual uniqueness, and socially‐constructed, individual worldviews as generators of human knowing.

The paper draws on work by Heinz Klein in which he elaborated three constitutive stages in critical research: interpretive, genealogical and constructive. The authors introduce a fourth, reflective stage and discuss five categories of critical research, reflecting different perspectives on emancipation, culminating in emergent expressionism, associated with Ciborra and the Italian school more generally.

This paper discusses approaches to CST and how they might have practical implications in IS development. The distinction between approaches founded in logical empiricism and those founded in hermeneutic dialectics are considered and the development of critical and systems strands are discussed.

The paper addresses CST as an approach to development of information systems. Such approaches enable users to explore their individually unique understandings and create a constructive dialogue with one another, which emancipates and empowers users to own and control their own development processes and hence build more productive and usable systems.

A focus on research which is oriented towards emancipation in the tradition of critical social theory.

The paper draws on extensive theoretical research carried out by the authors over a period of more than ten years in CST and synthesises the practical implications.

During discussions at the ASC 2013 Conference, the authors were stimulated to consider acting, learning and understanding in the context of organizational change, and in particular the relationship between organizational actors and external analysts. The purpose of this paper is to review from a cybernetic perspective how a socio-technical toolbox can help to facilitate organizational change, and to examine issues involved in use of such a toolbox by organizational actors supported by expert analysts.

The paper is conceptual and adopts a critical stance, i.e. to provide support for emancipation of individuals through ownership and control of their own analyses.

Drawing on work by e.g. Bateson, the authors consider organizations as dynamic and complex human activity systems, and how actors can be helped to develop a productive learning “spiral” of acting and reflecting by means of a proposed socio-technical toolbox. Acting and reflecting upon action can be seen to form a “double helix” of learning, leading to richer understandings of contextual dependencies. Engaged actors need support to surface their contextually dependent understandings, individual and collectively and engage in a “dance of change”.

Change is endemic in organizational life. When engaging with change activity that attempts to address complexity (as opposed to complicatedness), contextual experts need to be the key decision takers. This means a redistribution not only of responsibility and action but also decision-taking power.

The paper suggests augmentation of traditional socio-technical methods to address dynamic complexity.

The purpose of this paper is to develop an approach for investigating the impact of surveillance technologies used to facilitate security and its effect upon privacy.

The authors develop a methodology by drawing on an isomorphy of concepts from the discipline of Macroeconomics. This proposal is achieved by considering security and privacy as economic goods, where surveillance is seen as security technologies serving identity (ID) management and privacy is considered as being supported by ID assurance solutions.

Reflecting upon Ashby's Law of Requisite Variety, the authors conclude that surveillance policies will not meet espoused ends and investigate an alternative strategy for policy making.

The result of this exercise suggests that the proposed methodology could be a valuable tool for decision making at a strategic and aggregate level.

The paper extends the current literature on economics of privacy by incorporating methods from macroeconomics.

The purpose of this paper is to present a vision for the future development of Kybernetes under a new editorship.

The new Editors are introduced, the strengths and history of the journal reviewed, and plans for its future development described.

The future of Kybernetes will build on its long and distinguished heritage, noting especially the strengths of interdisplinarity, internationality, and strong links with major cybernetic societies across the world. While maintaining these strengths, the new Editors will seek to develop further the conversations between diverse fields contributing to the journal and to bring a new emphasis to the interdisciplinary study of information, to studies of the social implications of cybernetics and related fields, and to profiles of thinkers in cybernetics, systems and management science.

This is only the second time that there has been a change of editor in the more than 40 years that Kybernetes has been published. The journal (and the whole field of cybernetics and systems) owes the past editors a great debt of thanks for their outstanding work, but the time has come for change. This paper starts to identify new directions under the new Editors.

The purpose of the editorial is to remember Professor Alessandro D'Atri, a pioneering Information Systems Scholar with whom the author collaborated for about 15 years. The main outcome of such collaboration is the conference Ethicomp 1999 in Rome. Following that conference the author has started elaborating a paper “Metaethics and the future of computer ethics” (Marturano) which was widely cited and quoted in the field. Thence the author has discussed its impact in the field and discussed some following papers dealing with similar topics. It emerged that such a paper is still a valid one for its perspectives but still not understood as for most of its ethical suggestions.

The paper is mainly philosophical and critical. It uses mostly critical analysis of papers dealing with the same topics.

The perspectives and the seminal ideas of the author's paper “Metaethics and the future of computer ethics” (Marturano) are still valid and, in some extent, are more fruitful than some following papers covering the same topics.

The value of this guest editorial is in remembering a very valuable and pioneering scholar – Alessandro D'Atri and comparing the author's paper's findings with other similar papers, which results in a better understanding of theoretical problems in the discipline.

If intergovernmental relations are necessary in normal times, it should be even more required to face complex intergovernmental problem (CIP) as the COVID-19 pandemic. However, collaboration between governments depends on institutional rules as well as on political will. To discuss this issue, the analytical model is based on two dimensions: institutional design and political agency. As for the first dimension, since COVID-19 pandemic is considered as a CIP, three aspects are relevant when discussing how federations can organize the coordination between different levels of government: autonomy of subnational governments, mechanisms of coordination, and policy portfolio. As for political agency, the performance of political leadership (national presidents and governors) will be analyzed. The possibility of sharing collective goals across the federation is also a consequence of the political agency that takes place within the institutional systems of each federation. In short, it seeks to analyze the relationship between institutional design and political agency to deal with this CIP in five American federations.