june 6, 2001by: respickius casmir1 doctoral thesis title and author a systemic-holistic approach to...

June 6, 2001 By: Respickius Casmir 1

Doctoral Thesis Title and Author

A Systemic-Holistic Approach to Academic Programmes In IT

Security

PresentedBy

Louise YngströmStockholm University, October 1996


Overview

• Structural Organization

• Methodology & Approach used

• The Systemic-Holistic Model

• Adherence to Research and Reporting Guidelines

• Summary and Conclusion


Structural Organization

• Comprises of 6 Chapters

• Chapter 1: Problem, Idea & Approach

• Chapter 2: Thoughts & Background

• Chapter 3: Systemic-Holistic Model

• Chapter 4: Two Educational Programmes

• Chapter 5: Interdisciplinary & Holistic

• Chapter 6: Suggestions for further studies



The research Problem

• The Thesis attempts to discuss some of the problems associated with how to understand the concept of Security in relation to IT– A problem of language– Confidentiality, Integrity & Availability– Information vs Data– IT Security Criteria, etc



Study Rationale

The reason for undertaking this research was to try and find the best way to address or define the aspects of IT Security Centrally, hence to get rid of the confusions and Misunderstandings in grasping Security. Also to develop an Interdisciplinary IT Security Model



Hypothesis

“The subjective models produced through General Systems Theory and Cybernetics make students understand IT security banking problems, although their practical banking experiences are restricted to being customers”



The students, with theoretical and practical backgrounds from computing, business and libraries, used the concepts of general systems and Cybernetics to transform objective models into subjective models useful also for understanding problems involved with IT Security.



• She used “System” as an epistemological device to describe organisms as wholes, and showed that it could be generalised and applied to wholes of any kind

• Cybernetics is a philosophy and a science concerned with the control or regulation of information flow within and between systems, whether human or machine.


Methodology & Approach used

Action-oriented and explorative approach

• The work included the design, implementation and evaluations of courses and programmes, their content and structure, theory, methodology and approach.

• It is both Qualitative & Quantitative


The Systemic-Holistic Model

• In 1970’s Computer Science and Law took initiative to regulate the development, use, operation, and management of safe and secure IT structures



• Although both areas were driven by the technical developments and the new applications made, developments of regulatory and protective measurements and mechanisms were initially conducted in parallel, rather than interactively, between computer science and law.



The model relies on three main building blocks:

• General Systems Theory including Cybernetics (Ontological & Epistemological)

• Soft System Methodology (Engineering or hard systems thinking & Systemic or Soft systems thinking) - Problems Solved by systematic methods & Systemic methods respectively

• General Living Systems Theory (Ontological entity)



Context Orientation (geographical/space and time bound “system point”

Level of abstraction (Design/architecture, Theory/model, Physical construction

Content subject areas (Technical and Non-technical aspects)

Fig. 1: Overview of the framework and methodology for Security Informatics - the Systemic-Holistic Model

Systemic Module-an epistemological device-meta-science-criteria for control



Information Security

Administrative(Procedural security)

IT Security

ADP(Computer security)

Communications security

Fig. 2: The Definition of Information Security [ITS 1994, p. 7]



An interdisciplinary area encompassing theories and methods for secure handling of information within organizations or technical systems. The area also contains the use of information technology as means for security and safety in social, socio-technical, and technical environments [ITS 1994, p. 14] Security Informatics was defined

as:



Schoderbek defined the concept “System” as

“A set of objects together with relationships between the objects and between their attributes related to each other and to their environment so as to form a whole”

[Schoderbek et al. 1990 p. 13]



Inputs Processes Outputs

Feedback Controls

To Environment and other Systems

System’s boundary

Fig. 3: An open system [Schoderbek et al. 1990 p. 25]


Adherence to Research and Reporting Guidelines

The author has adhered to the research and reporting guidelines in that:

• Clearly defined a problem

• Stated the hypothesis

• Stated the research rationale

• Chapters well organized

• Simple and understandable language


Adherence to Research and Reporting Guidelines

• Defined all key terminology

• Evidence communicated Visually– Tables– Charts– Graphs, and– Figures


Summary and Conclusion

• The Model is based on Cybernetics and general systems theories

• It consists of a framework & epistemology Taken together they are called the “Systemic-Holistic Model.

• When in use, it is called the “Systemic-Holistic Approach”


End of Presentation

Thank you all!

june 6, 2001by: respickius casmir1 doctoral thesis title and author a systemic-holistic approach to...

Documents