Trinity McNicol, Bailey Carthouser, Ivano Bongiovanni and Sasenka Abeysooriya
The purpose of this study is to address the generalised lack of guidance on ethical treatment of corporate (e.g. non-research) data in higher education institutions, by focusing…
Abstract
Purpose
The purpose of this study is to address the generalised lack of guidance on ethical treatment of corporate (e.g. non-research) data in higher education institutions, by focusing on the case of the University of Queensland (Brisbane, Australia). No actionable framework is currently available in the country to govern the ethical usage of corporate data. As such, this research takes a stakeholder-centred approach to data ethics; the lived experience of the stakeholders involved coupled with a theory-based ethical framework allowed the authors build to build a framework to guide ethical data practice.
Design/methodology/approach
Adopting a revised canonical action research approach focused on intervention on the context, the authors conducted a review of the literature on ethical usage of data in higher education institutions; administered one survey to university students (n = 168); and facilitated three workshops with professional staff (two) and students (one).
Findings
Collected data highlighted how, among other themes, the role and ethical importance of transparency was the dominant claim among all stakeholder groups. Findings helped the authors develop an Enhanced Enterprise Data Ethics Framework (EEDEF) emphasising transparency and stakeholder-centricity.
Practical implications
Legislation is the driver to regulate the use of corporate data in higher education; however, this can be problematic because legislation is retrospective, lacks normativity and offers scarce directions for cases that do not exactly follow within the legislative mandate. In light of these regulatory limitations, the authors’ EEDEF offers operators guidance on how to ethically manage corporate data in the higher education environment.
Originality/value
This study fills gaps in praxis and theory; that is the lack of literature and guiding ethical frameworks to inform data practice in higher education. This research fosters a more ethical data management by virtue of genuine and authentic engagement with stakeholders and emphasises the importance of strategic decision-making and maturity of data culture in the higher education sector.
Details
Keywords
Ivano Bongiovanni, Karen Renaud, Humphrey Brydon, Renette Blignaut and Angelo Cavallo
Boards of Directors and other organisational leaders make decisions about the information security governance systems to implement in their companies. The increasing number of…
Abstract
Purpose
Boards of Directors and other organisational leaders make decisions about the information security governance systems to implement in their companies. The increasing number of cyber-breaches targeting businesses makes this activity inescapable. Recently, researchers have published comprehensive lists of recommended cyber measures, specifically to inform organisational boards. However, the young cybersecurity industry has still to confirm and refine these guidelines. As a starting point, it would be helpful for organisational leaders to know what other organisations are doing in terms of using these guidelines. In an ideal world, bespoke surveys would be developed to gauge adherence to guidelines, but this is not always feasible. What we often do have is data from existing cybersecurity surveys. The authors argue that such data could be repurposed to quantify adherence to existing information security guidelines, and this paper aims to propose, and test, an original methodology to do so.
Design/methodology/approach
The authors propose a quantification mechanism to measure the degree of adherence to a set of published information security governance recommendations and guidelines targeted at organisational leaders. The authors test their quantification mechanism using a data set collected in a survey of 156 Italian companies on information security and privacy.
Findings
The evaluation of the proposed mechanism appears to align with findings in the literature, indicating the validity of the present approach. An analysis of how different industries rank in terms of their adherence to the selected set of recommendations and guidelines confirms the usability of our repurposed data set to measure adherence.
Originality/value
To the best of the authors’ knowledge, a quantification mechanism as the one proposed in this study has never been proposed, and tested, in the literature. It suggests a way to repurpose survey data to determine the extent to which companies are implementing measures recommended by published cybersecurity guidelines. This way, the proposed mechanism responds to increasing calls for the adoption of research practices that minimise waste of resources and enhance research sustainability.
Details
Keywords
Ivano Bongiovanni, Karen Renaud and George Cairns
To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.
Abstract
Purpose
To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.
Design/methodology/approach
The authors gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. They conducted interviews with key stakeholders in Australian universities in order to validate these links.
Findings
The authors’ investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.
Research limitations/implications
There is a need to acknowledge the different roles played by actors within the university and the relevance of information security to IC-related preservation.
Practical implications
Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.
Originality/value
This is one of the first studies to explore the connections between data and information security and the three core components of IC's knowledge security in the university context.
Details
Keywords
Karen Renaud and Suzanne Prior
The purpose of this paper is to scope the field of child-related online harms and to produce a resource pack to communicate all the different dimensions of this domain to teachers…
Abstract
Purpose
The purpose of this paper is to scope the field of child-related online harms and to produce a resource pack to communicate all the different dimensions of this domain to teachers and carers.
Design/methodology/approach
With children increasingly operating as independent agents online, their teachers and carers need to understand the risks of their new playground and the range of risk management strategies they can deploy. Carers and teachers play a prominent role in applying the three M’s: mentoring the child, mitigating harms using a variety of technologies (where possible) and monitoring the child’s online activities to ensure their cybersecurity and cybersafety. In this space, the core concepts of “cybersafety” and “cybersecurity” are substantively different and this should be acknowledged for the full range of counter-measures to be appreciated. Evidence of core concept conflation emerged, confirming the need for a resource pack to improve comprehension. A carefully crafted resource pack was developed to convey knowledge of risky behaviors for three age groups and mapped to the appropriate “three M’s” to be used as counter-measures.
Findings
The investigation revealed key concept conflation, and then identified a wide range of harms and countermeasures. The resource pack brings clarity to this domain for all stakeholders.
Research limitations/implications
The number of people who were involved in the empirical investigation was limited to those living in Scotland and Nigeria, but it is unlikely that the situation is different elsewhere because the internet is global and children’s risky behaviors are likely to be similar across the globe.
Originality/value
Others have investigated this domain, but no one, to the authors’ knowledge, has come up with the “Three M’s” formulation and a visualization-based resource pack that can inform educators and carers in terms of actions they can take to address the harms.