Recently there is an increasing technological development in intelligent tutoring systems. This field has become interesting to many researchers. In this paper, we present an intelligent tutoring system for teaching information security. This intelligent tutoring systems target the students enrolled in Advanced Topics in Information Security in the faculty of Engineering and Information Technology at Al-Azhar University in Gaza. Through which the student will be able to study the course and solve related problems. An evaluation (...) of the intelligent tutoring systems was carried out and the results were promising. (shrink)

: Lately there is more attention paid to technological development in intelligent tutoring systems. This field is becoming an interesting topic to many researchers. In this paper, we are presenting an intelligent tutoring system for teaching DES Information Security Algorithm called DES-Tutor. The DES-Tutor target the students enrolled in cryptography course in the department Information Technology in Al-Azhar University in Gaza. Through DES-Tutor the student will be able to study course material and try the exercises of each (...) lesson. An evaluation of the DES-Tutor was carried out and the results were promising. (shrink)

This guide accompanies the following article(s): ‘Full Disclosure of the “Raw Data” of Research on Humans: Citizens’ Rights, Product Manufacturer’s Obligations and the Quality of the Scientific Database.’Philosophy Compass 6/2 (2011): 90–99. doi: 10.1111/j.1747‐9991.2010.00376.x Author’s Introduction Securing consent (and informed consent) from patients and research study participants is a key concern in patient care and research on humans. Yet, the legal doctrines of consent and informed consent differ in their applications. In patient care, the judicial doctrines of consent and informed (...) consent are disclosure doctrines based on the obligation of physicians to inform their patients of the following types of information: the nature of the procedure the physician is recommending in the patent’s care (P), the alternatives to the physician‐recommendation (A), and the risks of procedure and its alternatives (R). In addition, the physician must provide truthful answers to the patient’s questions (Q) to the best of the physician’s abilities. In research on humans, the onus of disclosure by study sponsors and principal investigators is much greater than in patient care precisely because the purpose of research is not patient care. The purpose of research is the identification and development of new generalizable knowledge. Thus, participation in a research study or trial may not benefit the study volunteer at all. In addition, the participant may carry a heavy risk burden in relationship to any testing of a newly designed drug or device as part of their experiences in the research study. Presently, despite the risks borne by the research study participant, the raw data collected from volunteers in research trials are treated by courts as if they were the private property of the study sponsor rather than generally owed to the public as would be expected by an effort like research participation aimed at contributing to the development of generalizable knowledge. This paper reviews the obligations that study sponsors owe to their study participants based on the very definition of research as a systematic activity whose purpose is to develop generalizable knowledge to help all humans. Author Recommends Court cases Canterbury v. Spence, United States Court of Appeals, District of Columbia Circuit 464 F.2d 772 (1972). (Federal appellate decision heard in the District of Columbia, USA) Reibl v. Hughes, 2 S.C.R. 880 (1980). (Supreme Court of Canada) Rogers v. Whitaker, 175 C.L. R. 479 (1992). (High Court of Australia) Sidaway v. Board of Governors of the Bethlem Royal Hospital and the Maudsley Hospital and Others. 1 A.C. 871 (1985) (House of Lords) Canterbury v. Spence is the landmark Federal informed consent case in the United States heard in the District of Columbia. In this case, Judge Spottswood Robinson articulated the reasonable person standard of informed consent. This standard was subsequently adopted by the Supreme Court of Canada (Reibl v. Hughes, 2 S.C.R. 880 (1980)) and the High Court of Australia (Rogers v. Whitaker, 175 C.L. R. 479 (1992)). The House of Lords rejected the reasonable person standard in England in Sidaway v. Board of Governors of the Bethlem Royal Hospital and the Maudsley Hospital and Others. 1 A.C. 871 (1985). Book Mazur, Dennis J. The Science and Ethics of Research on Humans. Baltimore, MD: Johns Hopkins University Press, 2007. This book is a detailed guide for the review of scientific and ethical aspects of research on humans contained in the research study protocols and research informed consent forms which need to be submitted by study sponsors and principal investigators to institutional review boards (IRBs) for IRB review before a research study can receive approval to be conducted within a human study population in those institutions over which the IRB has authority. It also presents basic definitions in the area of research on humans and basic approaches to help conduct a deep review of the underlying scientific and ethical issues that are present within a research study protocol and its accompanying research informed consent form. Report National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research. The Belmont Report: Ethical Guidelines for the Protection of Human Subjects of Research. Washington, DC: DHEW Publications, 1978 (78‐0012). This U.S. National Commission in the Belmont Report argued for the necessity of a reasonable volunteer standard in research on humans in the United States. Arguing that the professional standard and the reasonable person standard of consent and informed consent were insufficient to base a disclosure standard in research on humans, this National Commission developed the reasonable volunteer standard where a study participant is to be approached in research informed consent with that information that a reasonable volunteer would want to know. Online Materials Belmont Report: Syllabus Topics for Lecture and Discussion Week I: Introduction and Overview Readings: Rogers v. Whitaker, 175 C.L.R. 479 (1992). (High Court of Australia) Sidaway v. Board of Governors of the Bethlem Royal Hospital and the Maudsley Hospital and Others. 1 A.C. 871 (1985) (House of Lords) Week II: The Different Standards of Consent and Informed Consent Readings: Canterbury v. Spence, 464 F.2d 772 (1972). (Federal appellate opinion heard in the District of Columbia) Sidaway v. Board of Governors of the Bethlem Royal Hospital and the Maudsley Hospital and Others. 1 A.C. 871 (1985) (House of Lords) Week III: Definition of Research Reading: Mazur, Dennis J. The Science and Ethics of Research on Humans. Baltimore, MD: Johns Hopkins University Press, 2007. (Especially Chapters 2 and 3) Week IV: How to Review a Research Study Protocol and Research Informed Consent Form Reading: Mazur, Dennis J. The Science and Ethics of Research on Humans. Baltimore, MD: Johns Hopkins University Press, 2007. (Especially Chapters 4–6, 10, and 12–14) Week V: Obligations in Research of Humans Versus Patient Care Reading: National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research. The Belmont Report: Ethical Guidelines for the Protection of Human Subjects of Research. Washington, DC: DHEW Publications, 1978 (78‐0012). Focus Questions • How do the judicial doctrines of consent in England and Australia compare to the judicial doctrines of informed consent in the United States and Canada? • How does a professional standard of disclosure differ from a reasonable person standard of disclosure? • What is the definition of research? • How is a research study (study proposal and research informed consent form) reviewed from scientific and ethical bases for considerations of approval by an IRB? • How do the obligations of a study sponsor, a principal investigator, and a research team conducting a research trial on human study participants differ from the obligations of a physician caring for a patient? • Should all raw data of research derived from humans be made available to the public for use in developing generalizable knowledge to help others, or should raw data be considered the private property of the study sponsors (for example, prescription drug manufacturers), who fund the research trials? Seminar/project Idea Draw a timeline of the development of the basic concepts of consent and informed consent in patient care and in patient research. On this timeline, first place the dates of the key court cases in England, the United States, Canada, and Australia on consent and informed consent. Then place the date of the development of the Belmont Report. Why do differences exist between these four countries in terms of the legal requirements of informedness of a patient (in medical care) and a study participant (in medical research)? What roles if any do the concepts of self‐determination and self‐decision have in consent and informed consent in patient care and in informed consent in research on humans among the four countries of interest? What are the realities of research on human participants that require a new standard of informed consent, the reasonable volunteer standard, to be developed beyond the two standards in patient care, the professional standard, and the reasonable person standard? Counterpoint Arguments The following are counterpoint arguments that need to be appreciated to more fully understand the concepts that impact the thesis that ‘raw data’ should be open to the public to allow the opportunity of checking of the results of its associated scientific paper and for further analysis. De‐Identified (Anonymized) Raw Data A current approach to identifying (anonymizinig) raw data is based on the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L.104‐191). HIPAA was enacted by the U.S. Congress in 1996 to keep a person’s medical information private. In a research study, a person’s private medical information can become research data. HIPAA’s Privacy Rule allows a covered entity to de‐identify data by removing all 18 elements that could be used to identify the individual or the individual’s relatives, employers, or household members; these elements are enumerated in the Privacy Rule. The covered entity must also have no actual knowledge that the remaining information could be used alone or in combination with other information to identify the individual who is the subject of the information. Under this method, the identifiers that must be removed are the following: 1 Names. 2 All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP Code, and their equivalent geographical codes, except for the initial three digits of a ZIP Code if, according to the current publicly available data from the Bureau of the Census: 2a. The geographic unit formed by combining all ZIP Codes with the same three initial digits contains more than 20,000 people. 2b. The initial three digits of a ZIP Code for all such geographic units containing 20,000 or fewer people are changed to 000. 3 All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, and date of death, and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older. 4 Telephone numbers. 5 Facsimile numbers. 6 Electronic mail addresses. 7 Social security numbers. 8 Medical record numbers. 9 Health plan beneficiary numbers. 10 Account numbers. 11 Certificate/license numbers. 12 Vehicle identifiers and serial numbers, including license plate numbers. 13 Device identifiers and serial numbers. 14 Web universal resource locators (URLs). 15 Internet protocol (IP) address numbers. 16 Biometric identifiers, including fingerprints and voiceprints. 17 Full‐face photographic images and any comparable images. 18 Any other unique identifying number, characteristic, or code, unless otherwise permitted by the Privacy Rule for re‐identification. Even though ‘raw data’ can be de‐identified (anonymized) so that there is no way to trace back the data to the study participant from which it was drawn, there are still questions whether the ‘de‐identified raw data’ can be given to other researchers or made public without the original study participant’s approval. It may be the case that this approval could be done at the start of any research study where the individual considering study participation would be counseled on what the process of de‐identification consists of and would be asked whether the participant would allow use of the data by other researchers or made available to the public in a de‐identified state. However, there may be questions of the study participants as to whether the data are truly de‐identified and untraceable back to the study participant since the participant would not be able to see the process actually being carried out in detail in all relevant circumstances. Using Raw Data in Context Simply being in possession of raw data is never enough to build on that data from a research perspective. Researchers need to understand the context of the scientific research study in which the data were collected. This research context includes (but is not limited to): (i) the scientific hypothesis of the research study, (ii) the inclusion and exclusion criteria selected by the research designers of the study to determine which study participants were included and which were excluded from the study, (iii) the methods used to collect the data and possibilities of errors in the data collection processes, and (iv) answers to questions regarding whether any data were excluded from the study data and why these data were excluded. Ownership Rights Over Data There are ownership rights over data. Ownership rights include court decision making related to the question which parties are to be considered as the owners of the data. Possible owners here include (but are not limited to) (i) the study sponsor whose only role was to fund that study, (ii) the principal investigator(s) who developed the scientific hypothesis, and (iii) individual study participants through special contracts made by individual participants who negotiate such contracts with study sponsors and principal investigators to share in the ownership of data. Examples of such data are participant sources of unique gene lines or unique cell lines to be used in future research. Objections to Data Sharing Finally, individual researchers may simply object to sharing data. A researcher’s arguments here may be simply stating that he or she has a right to fully analyze the data since the collection of the data was the researchers’ idea in the first place. These researchers may argue that they have the right to mine the data as fully as they can before deciding to make the data open to the public for others to analyze. Works Cited 1 Kaiser, J. ‘Making Clinical Data Widely Available.’Science 322.5899 (10 Oct. 2008): 217–8. 2 de Lusignan, S., J.F. Metsemakers, P. Houwink, V. Gunnarsdottir, and J. van der Lei. ‘Routinely Collected General Practice Data: Goldmines for Research? A Report of the European Federation for Medical Informatics Primary Care Informatics Working Group (EFMI PCIWG) from MIE2006, Maastricht, The Netherlands.’Informatics in Primary Care 14.3 (2006): 203–9. 3 Sim, I. ‘Human Studies Database Project’, CTSA Data Repositories Symposium (17 Oct. 2008). 23 Nov. 2010. 4 Sim, I., C.G. Chute, H. Lehmann, R. Nagarajan, M. Nahm, and R.H. Scheuermann. ‘Keeping Raw Data in Context.’Science 323.5915 (6 Feb. 2009): 713. 5 U.S. Department of Health and Human Services, National Institutes of Health, HIPAA Privacy Rule, Information for Researchers. 13 Nov. 2010. 6 Wilczynski, N.L., R.B. Haynes, and Hedges Team. ‘EMBASE Search Strategies for Identifying Methodologically Sound Diagnostic Studies for Use by Clinicians and Researchers.’BMC Medicine 29.3 (March 2005): 7. (shrink)

Purpose This study aims to ascertain the impact of data collecting awareness on perceived information security concerns and information-sharing behavior on social networking sites. Design/methodology/approach Based on communication privacy management theory, the study forecasted the relationship between information-sharing behavior and awareness of data collecting purposes, data collection tactics and perceived security risk using structural equation modeling analysis and one-way ANOVA. The sample size of 521 young social media users in Vietnam, ages 18 to 34, was (...) made up of 26.7% men and 73.3% women. When constructing the questionnaire survey method with lone source respondents, the individual’s unique awareness and experiences with using online social networks (OSNs) were taken into account. Findings The results of the investigation demonstrate a significant relationship between information-sharing and awareness of data collecting, perceptions of information security threats and behavior. Social media users have used OSN privacy settings and paid attention to the sharing restriction because they are concerned about data harvesting. Research limitations/implications This study was conducted among young Vietnamese social media users, reflecting specific characteristics prevalent in the Vietnamese environment, and hence may be invalid in other nations’ circumstances. Practical implications Social media platform providers should improve user connectivity by implementing transparent privacy policies that allow users to choose how their data are used; have clear privacy statements and specific policies governing the use of social media users’ data that respect users’ consent to use their data; and thoroughly communicate how they collect and use user data while promptly detecting any potential vulnerabilities within their systems. Originality/value The authors ascertain that the material presented in this manuscript will not infringe upon any statutory copyright and that the manuscript will not be submitted elsewhere while under Journal of Information, Communication and Ethics in Society review. (shrink)

The usage of scholarly journal articles in the academe is now gaining attention to cope with the ever dynamic and evolving teaching and learning processes. However, the use implies possible potential usage only because what is measured is the number of views and downloads of the articles. This paper explored how the teacher education faculty and students utilized scholarly journal articles in the teaching and learning of professional education courses. The study also determined the challenges in using these primary sources (...) and documented ways of overcoming them. Data were organized and analyzed using a thematic narrative technique of Riesman as the analytical framework. The inquiry was participated by six faculty and six students from the College of Education at a state university in Northern Mindanao in the first semester of the school year 2019-2020. The necessary protocol was followed, and ethical considerations were secured before the conduct of the study. An informed consent form was presented to each participant before they signed it, signifying that they are not forced to participate in the study. The faculty had a focus group discussion, while the students had a face-to-face interview with the researchers. Emerging themes revealed that scholarly journal articles were utilized by exposing learners to varied writings, enriching course content and learning, exposing them to process learning, preparing learners for classroom engagement, guiding learners to produce outputs, and allowing learners to acquire updates. The inquiry reported challenges in terms of the capability of the learners, interest and perception of learners, and the journal itself and its contents. Documented ways of overcoming these challenges include time management, frequency of use, selection criteria, and checking the author's background. (shrink)

In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe (...) that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime. (shrink)

Nowadays, web-based applications extend to all businesses due to their advantages and easy usability. The most important issue in web-based applications is security. Due to their advantages, most academic journals are now using these applications, with papers being submitted and published through their websites. As these websites are resources for knowledge, information security is primary for maintaining their integrity. In this opinion piece, we point out vulnerabilities in certain websites and introduce the potential for future threats. We (...) intend to present how some journals are vulnerable and what will happen if a journal can be infected by attackers. This opinion is not a technical manual in information security, it is a short inspection that we did to improve the security of academic journals. (shrink)

This article proposes a new definition of information security, the ‘Appropriate Access’ definition. Apart from providing the basic criteria for a definition—correct demarcation and meaning concerning the state of security—it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called ‘soft issues’ of information security and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing (...) possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security—the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security. (shrink)

This doctoral thesis consists of five research papers that address four tangential topics, all of which are relevant for the challenges we are facing in our socio-technical society: information, security, privacy, and anonymity. All topics are approached by similar methods, i.e. with a concern about conceptual and definitional issues. In Paper I—concerning the concept of information and a semantic conception thereof—it is argued that the veridicality thesis is false. In Paper II—concerning information security—it is argued (...) that the current leading definitions suffer from counter-examples, and lack an appropriate conceptual sense. Based on this criticism a new kind of definition is proposed and defended. In Paper III—concerning control definitions of privacy—it is argued that any sensible control-definition of privacy must properly recognize the context as part of the defining criteria. In Paper IV—concerning the concept of privacy—it is argued that privacy is a normative concept and that it is constituted by our social relations. Final, in Paper V—concerning anonymity—it is argued that the threat from deanonymization technology goes beyond harm to anonymity. It is argued that a person who never is deanonymized can still be harmed and what is at stake is an ability to be anonymous. (shrink)

The emergence of social networking is closely related with the new technologies improving user interface experience thus making the interaction between users more natural and intuitive. Before, the first online communities of interest were user lists and asynchronous discussion groups resembling more the form of mass mailings than informal discussions in a cafe or in a classroom. The impact of web 2.0 on scientific practices has become evident in establishing more and more epistemic communities as virtual communities and vice versa. (...) With respect to the role of the paradigm in the constitution and operations of an epistemic community, the framework of values and the ethical reflection of that become its own form of binding and guiding principle of the theoretical action. Thus any individual who joins an online community with the ambition of an epistemic effect must develop the morals and ethics necessary to enable him/her to understand the relevant forms of their theoretical practice. (shrink)

The iSchool movement is an academic endeavor focusing on the information sciences and characterized by a number of features: concern with society-wide information problems, flexibility and adaptability of curricula, repositioning of research towards interdisciplinary and multidisciplinary exchange . Teaching information ethics in an iSchool would seem to be a requisite for students who will have an enormous impact on the information technologies that increasingly permeate our lives. The case for studying ethics in a college of (...) class='Hi'>information science and technology, as opposed to the liberal arts and humanities, has been regarded only marginally, however. In this paper I explore how I developed and delivered an information ethics course, paying attention to student receptivity and learning, course structure and assignments, as well as its connection to the wider curriculum and its efficacy. (shrink)

When thinking about the intersection of care and Christian bioethics, it is helpful to follow closely the account of Ruth, who turned away from security and walked alongside her grieving mother-in-law to Bethlehem. Remembering Ruth may help one to heed Professor Kaveny?s summoning of Christians to remember ?the Order of Widows? and the church?s historic calling to bring ?the almanahinto its center rather than pushing her to its margins.? Disabled, elderly and terminally ill people often seem, at least implicitly, (...) expendable. By hearing the scriptural account of Jesus? steadfast great-grandmother, readers may recall another way. One may read Ruth?s care for Naomi as a performative, prophetic act of faith. Ruth?s faithful resolve, when set next to Orpah?s prudent way, challenges the notion that a bioethic of care is innately feminine, and may further call women and men corporately to participate in a kind of care that is strenuous work. My thanks to Cathleen Kaveny for allowing me to play off the title of her insightful essay. Thanks also to Willie James Jennings, whose 1998 baccalaureate sermon on Ruth inspired and much informed this essay. I wish also to thank Ellen Davis, who taught me to read Hebrew, and to read Ruth. (shrink)

The essence of the security complex is revealed. Approaches to understanding the essence of information security are determined, in particular, as a state of security, as a type of public information legal relations, the direction of information relations within the limits of information legislation, the state of information (information environment of society, information development). The informational component of national security is considered. The institutional landscape of information security (...) is described, which includes supranational international bodies and institutions and transnational corporations, states and their governments, business entities and financial and industrial groups, political parties and civil society organizations, religious organizations, fundamentalist and terrorist groups, individual politicians and public figures, journalists and publicists, bloggers and other persons who collect, process, perceive, store, transform and distribute information through any of the available communication channels. The directions of ensuring information security in modern Ukraine are characterized. The role of information security in ensuring the integrity of the national information space of Ukraine is revealed. It has been proven that with the help of modern information security technologies, it becomes possible to minimize the impact of various threats and risks on the functioning of the information space at the global / regional, national / local levels. (shrink)

Information security can be of high moral value. It can equally be used for immoral purposes and have undesirable consequences. In this paper we suggest that critical theory can facilitate a better understanding of possible ethical issues and can provide support when finding ways of addressing them. The paper argues that critical theory has intrinsic links to ethics and that it is possible to identify concepts frequently used in critical theory to pinpoint ethical concerns. Using the example of (...) UK electronic medical records the paper demonstrates that a critical lens can highlight issues that traditional ethical theories tend to overlook. These are often linked to collective issues such as social and organisational structures, which philosophical ethics with its typical focus on the individual does not tend to emphasise. The paper suggests that this insight can help in developing ways of researching and innovating responsibly in the area of information security. (shrink)

This licentiate thesis consist of two separate research papers which concern two tangential topics – that of semantic information and that of information security. Both topics are approached by similar methods, i.e. with a concern about conceptual and definitional issues. In Paper I – concerning the concept of information, and a semantic conception thereof – the conceptual, and definitional, issues focus on one property, that of truthfulness. It is argued – against the veridicality thesis – that (...) semantic information need not be truthful. In Paper II – concerning information security – it is argued that the current leading definitions (so-called ‘CIA’ definitions, which define information as secure if, and only if, the properties of confidentiality, integrity, and availability are retained) suffer from both actual and possible counter-examples, and lack an appropriate conceptual sense. On the basis of this criticism a new kind of definitions is proposed and argued for. (shrink)

For a better detection in Network information security monitoring system, the author proposes a method based on adaptive depth detection. A deep belief network was designed and implemented, and the intrusion detection system model was combined with a support vector machine. The data set adopts the NSL-KDD network communication data set, and this data set is authoritative in the security field. Redundant cleaning, data type conversion, normalization, and other processing operations are performed on the data set. Using (...) the data conversion method based on the probability mass function probability mass function coding, a standard data set with low redundancy and low dimensionality can be obtained. Research indicates that when the batch size reaches 64, the accuracy of the test set reaches its maximum value. As the batch size increases, the accuracy first increases and then decreases. When the batch size continues to increase, the model will inevitably fall into the local optimal state, resulting in the degradation of the detection performance of the system. In terms of the false alarm rate, the DBN-SVM model is also the highest; however, it is only 10.73%. Under the premise of increasing the detection rate, the false alarm rate is improved; for the overall detection performance of the model, it is within an acceptable range. In terms of accuracy, the DBN-SVM model also scored the highest. The accuracy rate is the ratio of normal and correct classification for intrusion detection. It can explain the detection ability of the model. In summary, the overall detection ability of the DBN-SVM model is the best. The good classification ability to use SVM is proved, and the classification of low-dimensional features is expected to increase the detection rate of the system. (shrink)

Purpose This paper aims to identify organizations’ information security issues and to explore dynamic, organizational culture and contingency theories to develop an implementable framework for information security systems in human service organizations based soundly in theory and practice. Design/methodology/approach The paper includes a critical review of global information security management issues for HSOs and relevant multi-disciplinary organizational theories to address them. Findings Effective information security management can be particularly challenging to HSO because (...) of their use of volunteer staff in a borderless electronic environment. Organizations’ lack of recognition of the need for staff awareness of information security threats and for training in secure work practices, particularly in terms of maintaining clients’ privacy and confidentiality, is a major issue. The dynamic theory of organizational knowledge creation, organizational culture theory and contingency theory were identified as the most suitable theoretical perspectives to address this issue and underpin an effective information security management framework for HSOs. Research limitations/implications The theory-based framework presented here has not been tested in practice. Such testing will be carried out in further research. Originality/value Currently, there is no framework for information security systems in HSOs. The framework developed here provides a foundation on which HSO can build information security systems specific to their needs. (shrink)

Renewed attention to integrating information ethics within graduate library and information science programs has forced LIS educators to ensure that future information professionals - and the users they interact with - participate appropriately and ethically in our contemporary information society. Along with focusing on graduate LIS curricula, information ethics must become infused in multiple and varied educational contexts, ranging from elementary and secondary education, technical degrees and undergraduate programs, public libraries, through popular media, and within (...) the home.Teaching information ethics in these diverse settings and contexts brings numerous challenges and requires new understandings and innovative approaches. In keeping with the 2011 Association for Library and Information Science Education conference theme of "Competitiveness and Innovation," a diverse panel of educators and researchers were convened to foster a discussion in how to best incorporate information ethics education across diverse contexts, and how to develop innovative educational methods to overcome the challenges these contexts inevitably present. This article reports on that panel discussion and offers recommendations towards achieving success in information ethics education. (shrink)

The subject of the study is the socio-cultural threats to the information security of Russian citizens associated with ChatGPT technologies (Chat Generative Pre-trained Transformer, a machine-generated text response generator simulating a dialogue). The object of research − evaluation of the ratio of advantages and threats of generative language models based on "machine learning" in modern (2021-2023) scientific literature (journals HAC K1, K2 and Scopus Q1, Q2). The scientific novelty of the research lies in the culturological approach to the (...) analysis of threats to the security of Russian citizens associated with the use of ChatGPT as one of the technologies of "artificial intelligence". The formulation of the problem of the classical Turing test "to distinguish a person from a machine" is characterized as a scholastic abstraction, instead a more correct and productive approach is proposed: a socio-cultural assessment of the value (based on cultural axiology) of new computer technologies. The starting point of the analysis is the determination of socio-cultural value (or, conversely, damage) as a result of the use of generative language models based on machine learning. Further, the contribution and responsibility of various socio-cultural subjects of its creation and application are revealed − user, creator and developer. The result of the application of the proposed approach is the deconstruction of the discourse of the "philosophy of artificial intelligence" in terms of uncritical translation of developer declarations intended for marketing and attracting financing. Hypertrophied perception, precariously balancing on the edge of utopia and dystopia, is assessed as a risk of incorrect identification and ranking of threats to information security. Assumptions about the hypothetical "superweapon of psychological warfare" mask modern incidents of cross-border leakage of confidential data, the risks of being held accountable for publishing deliberately false information and illegal content as a result of using ChatGPT. National security measures are recommended, including restrictive measures and increasing the general civil culture of information security of users, as well as the orientation of domestic developments of solutions of this type on traditional values, socio-cultural identity and interests of Russian citizens. (shrink)

Relying heavily on Thomas Dunfee's work, this article conducts an in-depth analysis of the relationship between law and business ethics in the context of corporate information security. It debunks the two dominant arguments against corporate investment in information security and explains why socially responsible corporate conduct necessitates strong information security practices. This article argues that companies have ethical obligations to improve information security arising out of a duty to avoid knowingly causing harm (...) to others and, potentially, a duty to exercise unique capabilities for the greater social good and to buttress stable functioning of social institutions. (shrink)

We show how more general knowledge can be built in information security, by the building of knowledge of mechanism clusters, some of which are multifield. By doing this, we address in a novel way the longstanding philosophical problem of how, if at all, we come to have knowledge that is in any way general, when we seem to be confined to particular experiences. We also address the issue of building knowledge of mechanisms by studying an area that is (...) new to the mechanisms literature: the methods of what we shall call mechanism discovery in information security. This domain offers a fascinating novel constellation of challenges for building more general knowledge. Specifically, the building of stable communicable mechanistic knowledge is impeded by the inherent changeability of software, which is deployed by malicious actors constantly changing how their software attacks, and also by an ineliminable secrecy concerning the details of attacks not just by attackers, but also by information security defenders as they protect their methods from both attackers and commercial competitors. We draw out ideas from the work of the mechanists Darden, Craver, and Glennan to yield an approach to how general knowledge of mechanisms can be painstakingly built. We then use three related examples of active research problems from information security to develop philosophical thinking about building general knowledge using mechanisms, and also apply this to develop insights for information security. We show that further study would be instructive both for practitioners and for philosophers. (shrink)

We show how more general knowledge can be built in information security, by the building of knowledge of mechanism clusters, some of which are multifield. By doing this, we address in a novel way the longstanding philosophical problem of how, if at all, we come to have knowledge that is in any way general, when we seem to be confined to particular experiences. We also address the issue of building knowledge of mechanisms by studying an area that is (...) new to the mechanisms literature: the methods of what we shall call mechanism discovery in information security. This domain offers a fascinating novel constellation of challenges for building more general knowledge. Specifically, the building of stable communicable mechanistic knowledge is impeded by the inherent changeability of software, which is deployed by malicious actors constantly changing how their software attacks, and also by an ineliminable secrecy concerning the details of attacks not just by attackers, but also by information security defenders as they protect their methods from both attackers and commercial competitors. We draw out ideas from the work of the mechanists Darden, Craver, and Glennan to yield an approach to how general knowledge of mechanisms can be painstakingly built. We then use three related examples of active research problems from information security to develop philosophical thinking about building general knowledge using mechanisms, and also apply this to develop insights for information security. We show that further study would be instructive both for practitioners and for philosophers. (shrink)

The main purpose of the study is to determine the key aspects of the mechanisms of state management of the exchange of information about cyberattacks, cyber incidents, and information security incidents. The methodology includes a set of theoretical methods. Modern government, on the one hand, must take into account the emergence of such a new weapon as cyber, which can break various information systems, can be used in hybrid wars, influence political events, pose a threat to (...) the national security of any state. As a result of the study, key elements of the mechanisms of state management of the exchange of information about cyberattacks, cyber incidents, and information security incidents were identified. (shrink)

Information security governance has become an elusive goal and a murky concept. This paper problematizes both information security governance and the broader concept of governance. What does it mean to govern information security, or for that matter, anything? Why have information technologies proven difficult to govern? And what assurances can governance provide for the billions of people who rely on information technologies every day? Drawing together several distinct bodies of literature—including multiple strands (...) of governance theory, actor–network theory, and scholarship on sociotechnical regimes—this paper conceptualizes networked action on a spectrum from uncertain governance to governing uncertainty. I advance a twofold argument. First, I argue that networks can better govern uncertainty as they become more able not only to enroll actors in a collective agenda, but also to cut ties with those who seek to undermine that agenda. And second, I argue that the dominant conception of information security governance, which emphasizes governing uncertainty through risk management, in practice devolves to uncertain governance. This is largely because information technologies have evolved toward greater connectedness—and with it, greater vulnerability—creating a regime of insecurity. This evolution is illustrated using the history of the US government’s efforts to govern information security. (shrink)

With the spread of Information and Communication Technologies tools and the Internet, Twenty first century technologies have significantly affected human life, and it has been desired to be obtained continuously. It has become challenging to protect information due to the increase in the methods by which malicious people can get information. As a result, it is crucial to determine people’s awareness levels by revealing the risks and threats to information security. In this context, a study (...) was conducted to show the awareness levels of teachers who come after the family in raising conscious individuals in society. For this purpose, a quantitative research method was adopted for the problem and sub-problems that form the basis of the research. The survey model, one of the research designs used within the framework of the quantitative research method, was used. Information Security Awareness Scale was applied to 394 teachers, and according to the results obtained, it was determined that the information security awareness level of the teachers was moderate. According to the attacks and threats sub-dimension, which includes technical issues, it has been determined that the awareness levels of the teachers are at a medium level. The study results show that female teachers’ information security awareness levels are lower than male teachers. In comparison, the awareness levels of those who received information security awareness training and information technology teachers are higher. (shrink)

The privacy and security rules of the Health Insurance Portability and Accountability Act of 1996 emphasize taking steps for protecting protected health information from unauthorized access and modification. Nonetheless, even organizations highly skilled in data security that comply with regulations and all good practices will suffer and must respond to breaches. This paper reports on a case study in responding to an important breach of the confidentiality and integrity of identifiable patient information of the Kaiser Internet (...) Patient Portal known as. From the perspective of theories about highly reliable organizations, effective health information security programs must respond resiliently to as well as prospectively anticipate security breaches. (shrink)

This article aims at introducing the matrixial theory of Bracha L. Ettinger to the field of academic teaching. As it intends to prove, feminist pedagogy would benefit from a matrix-informed approach to teaching, especially in the times of social distancing imposed by the COVID-19 pandemic. Since of all student groups it is the university students who have been most directly affected by precarity and employment instability, they seem to be in an urgent need of openness, compassion, and understanding; the matrixial (...) theory – as this article demonstrates – responds to this necessity. Bracha L. Ettinger is a psychoanalyst, feminist, artist, and daughter of Holocaust survivors; her matrixial theory, based on the notions of the matrix and subjectivity-as-encounter, is a feminist supplement to psychoanalysis. The article begins with introducing the underpinnings of this psychoanalytical system and outlining its application in various areas, ranging from art history to trauma studies. Subsequently, the research joining Ettinger’s work and pedagogy is analysed; as it is shown, while these studies recognise the pedagogical potential of the matrixial theory, their scope is currently reduced to art-related disciplines. The next part is devoted to selected matrixial concepts that come out as especially relevant in the pedagogical context. What the article offers is a theoretical incentive to reflect on an approach to teaching based on reciprocity, responsibility, and participation despite the limit posed by the computer screen: an approach which – in the times of global precarity – can help define anew the student–teacher partnership. (shrink)

In this article, we put forward a new strategy for teaching the concept of energy. In the first section, we discuss how the concept is currently treated in educational programmes at primary and secondary level (taking the case of France), the learning difficulties that arise as well as the main teaching strategies presented in science education literature. In the second section, we argue that due to the complexity of the concept of energy, rethinking how it is taught should involve teacher (...) training specifically developed for the concept. In our view, Epistemology and the History of Science and Technology (EHST) is the best method for a full understanding of the concept of energy and should thus be included in the teacher training programme. In the third section, we provide a general framework for a teacher training programme on energy, based on the history and epistemology of the concept and structured on the following three questions: ‘What is the origin of the concept of energy?’, ‘What is energy?’ and ‘What purpose does the concept of energy serve?’. (shrink)

Informed consent in medical practice is essential and a global standard that should be sought at all the times doctors interact with patients. Its intensity would vary depending on the invasiveness and risks associated with the anticipated treatment. To our knowledge there has not been any systematic review of consent practices to document best practices and identify areas that need improvement in our setting. The objective of the study was to evaluate the informed consent practices of surgeons at University teaching (...) Hospitals in a low resource setting. (shrink)

The article considers the features of ensuring the economic security of enterprises in the conditions of intensive introduction of information technologies in their activities in the process of forming the digital economy. It is determined that digitalization creates important advantages for enterprises in terms of implementing a long-term strategy for their development, strengthening economic security, and achieving significant competitive advantages in doing business. It is studied that the system of economic security of the enterprise is an (...) organized set of elements of the management infrastructure of the enterprise, which are focused on ensuring stable and effective development of the business entity, neutralization, and elimination of internal and external threats. (shrink)

This study aims to achieve the goal of cultivating and reserving emerging professional talents in social security law, improve the curriculum and mechanism of entrepreneurship education, and improve students’ entrepreneurial willingness and entrepreneurial ability. Deep learning technology is used to study the psychological effects of entrepreneurship education for college students majoring in social security law. Firstly, the concept of entrepreneurial psychology is elaborated and summarized. A related model is designed using the theory of proactive personality and planned behavior (...) through questionnaire survey and regression analysis to explore the relationship between students’ entrepreneurial psychology and entrepreneurial intention. Secondly, an entrepreneurship education method based on deep learning is proposed, and a teaching model of multi-dimensional collaborative entrepreneurship education practice is constructed. On this basis, the deep learning algorithm combines the characteristics of the personalized recommendation algorithm to construct an efficient Problem-Based Learning learning resource recommendation algorithm. Finally, the proposed method is tested. The results show that the Significant value of students who have participated in PBL deep learning courses is less than 0.05, indicating that PBL significantly improves students’ learning ability and the ability to deal with entrepreneurial environments. The results verify the impact of entrepreneurial learning on entrepreneurial intentions. The research on PBL online learning recommendation system shows that the proposed recommendation algorithm is superior to the traditional recommendation algorithm in both roots mean square error value and mean absolute error value on both datasets. The proposed method provides a new idea of reform and innovation to cultivate social security law professionals and the cultivation of the reserve model. (shrink)