Home| Contact Us| New Journals| Browse Journals| Journal Prices| For Authors|

Print ISSN: 2349-8161
Online ISSN: 2349-817X


  About ISEJ
  Home
Aims & Scope
Editorial Board
Current Issue
Next Issue
Previous Issue
Self-archiving policy
Alert Services
Be a Reviewer
Publisher
Paper Submission
Contact us 		 
  For Authors
  Guidelines for Contributors
Online Submission
Statement of Ethics and Responsibilities
Review Policies
Transfer of Copyright
Archiving Policy
Call for Papers
 
 
RELATED JOURNALS
Journal of Digital Information Management (JDIM)
Journal of Multimedia Processing and Technologies (JMPT)
International Journal of Web Application (IJWA)

 
 
Information Security Education Journal (ISEJ)
 

(How) Can Directive (EU) 2019/1937 on whistleblowers be used to build up a security and safety culture in Institutions?
Margit Scholl
Business Computing and Administrative Informatics, Faculty of Business, Computing, and Law Technical University of Applied Sciences, Wildau (TH Wildau), Germany
Abstract: The process of comprehensive digitization and the ease with which many people can be duped are being exploited in criminal attacks. For this reason, there can be no question that a security culture needs to be established in institutions to raise awareness and ensure the commitment of employees. However, virtualization changes our understanding of ethics, and this affects institutions as well as individuals and society. Many institutions have established guidelines in an attempt to make professional ethics and moral conflicts the subject of collaborative reflection and action. But are these viable? This process is now supported by Directive (EU) 2019/1937, which covers the protection of people reporting breaches of EU law. As a common minimum standard, the directive seeks to provide a high level of protection for these individuals, who are popularly known as whistleblowers. The scope of the directive goes far beyond the concerns of an institutional security culture—nevertheless, it applies to this too. The paper sets out to start a proper debate on the digital turn, the building of a security culture, and the dilemmas involved in long lists of regulations, which are no guarantee of commitment. The information security culture in institutions depends on the awareness and expertise of management and employees and relies on continuous communication and ongoing discussions to ensure concrete progress. How can this be achieved? In the attempt to find an answer to this question through extensive literature research, the fundamental importance of the term “ethos” emerged. Since people can change their views and beliefs after identifying and reflecting on inconsistencies, it is also possible for this awareness to be trained through a process of active communication, the participatory exchange of ideas and experience, and interactive learning.
Keywords: Directive (EU) 2019/1937, Protection of Whistleblowers, ISO 37002:2020-08, Safety and Security Culture, Information Security, Competence Development, Learning Processes, Ethos/Ethics/Morality (How) Can Directive (EU) 2019/1937 on whistleblowers be used to build up a security and safety culture in Institutions?
DOI:https://doi.org/10.6025/isej/2020/7/2/40-57
Full_Text   PDF 236 KB   Download:   354  times
References:

[1] Hauser, C., Hergovits, N., Blumer, H. (2019). Whistleblowing Report 2019. HTW Chur Verlag. Retrieved from: https://www.eqs.com/de/compliance-wissen/white-papers/whistleblowing-report-2019/. Accessed: October 25, 2020
[2] Buchanan, E. A., Zimmer, M. (2018). Internet Research Ethics, The Stanford Encyclopedia of Philosophy (Winter 2018 Edition), Edward N. Zalta (ed.). Retrieved from: https://plato.stanford.edu/archives/win2018/entries/ethics-inter-net-research/. Accessed: October 31, 2020
[3] Schanz, R., Müller-Vorbrüggen, M. (2016). Ethics. In: GPM (ed.). Competence-based project management (PM3), manual for project work, qualification and certification, Volume 2, 8th edition, p. 1091-1103.
[4] Bundesamt für Sicherheit in der Informationstechnik (BSI) (ed.) (2020). Die Lage der IT-Sicherheit in Deutschland 2020. BSI-LB20/509, (September).
[5] Canham, M., Posey C., Bockelman, P. S. (2020). Confronting Information Security’s Elephant, the Unintentional Insider Threat. In: Schmorrow D., Fidopiastis C. (eds) Augmented Cognition. Human Cognition and Behavior. HCII 2020. Lecture Notes in Computer Science, vol 12197. Springer, Cham. https://doi.org/10.1007/978-3-030-50439-7_22
[6] Pohlmann, N. (2016). Zur Entwicklung einer IT-Sicherheitskultur, DuD • Datenschutz und Datensicherheit 1 | 2016, p. 38- 42
[7] Gusy, C. (2010). Sicherheitskultur–Sicherheitspolitik–Sicherheitsrecht. Kritische Vierteljahresschrift für Gesetzgebung und Rechtswissenschaft (KritV), 93 (2) 111-128. Retrieved from: https://www.nomos-elibrary.de/10.5771/2193-7869-2010-2-111/sicherheitskultur-sicherheitspolitik-sicherheitsrecht-jahrgang-93-2010-heft-2, Seite 111–211. Accessed: November 15, 2020
[8] https://www.th-wildau.de/hochschule/akademische-selbstverwaltung/ek/. Accessed: November 2, 2020
[9] Rat für Sozial- und Wirtschaftsdaten (RatSWD) (Ed.) (2017). Forschungsethische Grundsätze und Prüfverfahren in den Sozialund Wirtschaftswissenschaften, RatSWD Output, No. 9 (5), Rat für Sozial- und Wirtschaftsdaten (RatSWD), Berlin, Retrieved from: http://dx.doi.org/10.17620/02671.1 Accessed: January 25, 2021
[10] Horne, J. (2021). The philosophy of research. Retrieved from: https://www.academia.edu/38487203/The_Philosophy_of_Re-search_pdf. Accessed: January 17, 2021
[11] https://www.gpm-ipma.de/fileadmin/user_upload/ueber-uns/Organisation/Ethik-Kodex_der_GPM_deu.pdf. Accessed: October 31, 2020
[12] https://www.gpm-ipma.de/ueber_uns/aktuelles/detail/rueckblick_37_round_table_der_gpm_region_stuttgart.html. Accessed: October 31, 2020
[13] https://gi.de/ueber-uns/organisation/unsere-ethischen-leitlinien (in German), https://gi.de/ethicalguidelines (in English). Accessed: August 31, 2020
[14] https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32019L1937. Accessed: October 25, 2020
[15] https://www.bsi.bund.de/DE/Themen/KRITIS/IT-SiG/it_sig_node.html. Accessed: October 31, 2020
[16] GDPR, REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. Retrieved from: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679. Accessed: October 31, 2020. https://gdpr-info.eu/. Accessed: November 2, 2020
[17] Schweppenhäuser, G. (2019). Design, Philosophie und Medien. Wiesbaden: Springer VS
[18] Spaemann, Weltethos als ‘Projekt’, In: Spaemann, R. (2002). Grenzen: Zur ethischen Dimension des Handelns. Stuttgart: Klett-Cotta
[19] Hähnel, M. (2014). Das Ethos der Ethik: Zur Anthropologie der Tugend. Berlin: Springer VS
[20] Hornbacher, A. (2006). Globale Ethik für eine globale Welt? Ethische Dimensionen interkultureller Begegnung, 24 pages. Retrieved from: DOI: 10.14361/9783839404904-001. Accessed: October 31, 2020
[21] Derian, J. (2005). Imaging terror: logos, pathos and ethos. Third World Quarterly, 26(1), 23-37. Retrieved from: http://196.189.45.87/bitstream/123456789/18301/1/56.pdf#page=34. Accessed: January 10, 2021
[22] Horne, J. (2014). A Philosophy of Learning. Systemics, Cybernetics and Informatics, 12 (3) 103-107
[23] https://www.pmstatusreport.de/fileadmin/user_upload/Ethik_und_Moral_in_der_Projektarbeit.pdf. Accessed: October 28, 2020
[24] Himmer, N. (2019). Philosophische Nachhilfe für Nerds. Frankfurter Allgemeine Zeitung (FAZ online), January 4, 2019. Retrieved from: https://www.faz.net/aktuell/karriere-hochschule/informatik-und-ethik-gehoert-das-zusammen-15971263.html?service=printPreview. Accessed: September 14, 2020
[25] Introna, L. (2020). Phenomenological Approaches to Ethics and Information Technology, The Stanford Encyclopedia of Philosophy (Fall 2017 Edition), Edward N. Zalta (ed.). Retrieved from: https://plato.stanford.edu/archives/fall2017/entries/eth-ics-it-phenomenology/. Accessed: October 31, 2020.
[26] Levina, M., Hasinoff, A. A. (2017). The Silicon Valley ethos: Tech industry products, discourses, and practices. Television & New Media, 18 (6) 489-495.
[27] Warnick, B. (2004). Online ethos: Source credibility in an “authorless” environment. American Behavioral Scientist, 48 (2) 256-265
[28] Suler, J. (1996). The Psychology of Cyberspace World Wide Web. Retrieved from: http://www-usr.rider.edu/~suler/psycyber/psycyber.html. Accessed: January 26, 2021
[29] Nikiporets-Takigawa, G., and Otiutsky, G. (2019, June). On the Typology of the Information Ethos. In: International Conference on Digital Transformation and Global Society. Cham: Springer, p. 177-186
[30] Da Veiga, A., Astakhova, L.V., Botha, A., Herselman, M. (2020). Defining organisational information security culture— Perspectives from academia and industry. Computers & Security, 92, 101713.
[31] Pfaff, H., Hammer, A., Ernstmann, N., Kowalski, C., Ommen, O. (2009). Sicherheitskultur: Definition, Modelle und Gestaltung. Zeitschrift für Evidenz, Fortbildung und Qualität im Gesundheitswesen, 103 (8) 493-497. Retrieved from: https://www.sciencedirect.com/science/article/pii/S1865921709002840. Accessed: October 25, 2020
[32] Scholl, M., and Ehrlich, E. (2020). Information Security Officer: Job profile, necessary qualifications, and awareness raising explained in a practical way. Frankfurt am Main: Buchwelten Verlag
[33] https://alarm.wildau.biz. Under construction. Accessed: November 23, 2020
[34] Winkler, I. (2017). The Human Exploitation Kill Chain (Video), RSA Conference. Retrieved from: https://www.rsaconference. com/events/us17/agenda/sessions/6682-The-Human-Exploitation-Kill-Chain%20RSA. Accessed: May 30, 2017
[35] Beyer, M., Ahmed, S., Doerlemann, K., Arnell, S., Parkin, S., Sasse, A., Passingham, N. (2016). Awareness is only the first step. A framework for progressive engagement of staff in cyber security. Hewlett Packard, Business white paper.
[36] Dark, M.J. (2006). Security Education, Training and Awareness from a Human Performance Technology Point of View, in M. E. Whitman, and H. J. Mattord (eds.), Readings and Cases in Management of Information Security, Course Technology, Mason, p. 86–104
[37] Lange, H.-J., Wendekamm, M., and Endreß, C. (2014). Dimensionen der Sicherheitskultur. Retrieved from: 10.1007/978-3-658-02321-8. Accessed: November 23, 2020
[38] Rauer, V. (2014). Interobjektivität: Sicherheitskultur aus Sicht der Akteur-Netzwerk-Theorie. Univ.-Bibliothek Frankfurt am Main. Republication Working Paper 14 (2013), in: Daase, Offermann, and Rauer (eds.), Sicherheitskultur. Soziale und politi-sche Praktiken der Gefahrenabwehr, Frankfurt/Main: Campus.. Retrieved from: http://www.sicherheitskultur.org/Work-ingPapers/14-Rauer.pdf. Accessed: October 25, 2020
[39] Larsson, A., Teigland, R. (eds.) (2020). The Digital Transformation of Labor, Taylor & Francis.
[40] Koppetsch, C. (2006). Das Ethos der Kreativen. Eine Studie zum Wandel von Arbeit und Identität am Beispiel der Werbeberufe. Konstanz/Köln: Herbert von Halem Verlagsgesellschaft mbH & Co. KG.
[41] https://data.eindhoven.nl/explore/dataset/eindhoven-smart-society-iot-charter/information/. Accessed: January 22, 2021
[42] https://www.gov.uk/government/publications/local-government-ethical-standards-progress-made-against-best-practice recommendations. Accessed: January 23, 2021
[43] https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/923108/Data_Ethics_ Framework_2020.pdf. Accessed: January 23, 2021
[44] Cook, F. L., Jacobs, L. R., Kim, D. (2010). Trusting what you know: Information, knowledge, and confidence in Social Security. The Journal of Politics, 72 (2) 397-412.
[45] TH Wildau (2020). Non-disclosure Agreement. Retrieved from: https://www.th-wildau.de/files/2_Dokumente/Formulare-Antraege/Beschaeftigte/Passwortgeschuetzt/GeheimhaltungsvereinbarungInklBelehrung_Deu-Eng_Fassung_04-2020.docx. Accessed: November 11, 2020
[46] Enste, D., Kürten, L., Suling, L., Orth, A. K. (2020). Digitalisierung und mitarbeiterorientierte Führung: Die Bedeutung der Kontrollüberzeugung für die Personalpolitik, IW-Analysen, No. 135, ISBN 978-3-602-45630-7, Institut der deutschen Wirtschaft (IW), Köln. This Version is available at: http://hdl.handle.net/10419/214160. Accessed: October 25, 2020
[47] Hartmann, D. M., Brentel, H., Rohn, H. (2006). Lern- und Innovationsfähigkeit von Unternehmen und Organisationen. Retrieved from: http://nbn-resolving.de/urn:nbn:de:kobv:109-opus-11415, Wuppertal-Inst. für Klima, Umwelt, Energie. Accessed: November 15, 2020.
[48] Dinev, T., Goo, J., Hu, Q., Nam, K. (2009). User behaviour towards protective information technologies: the role of national cultural differences. Information Systems Journal, 19 (4) 391-412
[49] Horne, Z., Powell, D., Hummel, J. (2015). A single counterexample leads to moral belief revision. Cognitive science, 39 (8) 1950-1964
[50] Furnell, S. M., Clarke, N., Lacey, D. (2010). Understanding and transforming organizational security culture. Information Management & Computer Security. Information Management & Computer Security, 18 (1) 4-13.
[51] Lacey, D. (2009). Managing the Human Factor in Information Security, London: Wiley.
[52] Callaos, N., Horne, J. (2013). Interdisciplinary communication. Journal of Systemics, Cybernetics and Informatics, 11 (9) 23-31. Retrieved from: http://www.iiis.org/Nagib-Callaos/Interdisciplinary-Communication/Interdisciplinary%
20Communication%20-%20Short%20Draft.pdf. Accessed: January 17, 2021
[53] Bergmann, Gustav., Daub, Jürgen., Meurer, Gerd (2006). Metakompetenzen und Kompetenzentwicklung, Teil II: Metakompetenzen und Kompetenzentwicklung in systemisch-relationaler Sicht. Selbstorganisationsmodelle und die Wirklichkeit
von Organisationen, QUEM-report, No. 95/Teil 2, Arbeitsgemeinschaft B etriebliche Weiterbildungsforschung (ABWF), Berlin. This Version is available at: http://hdl.handle.net/10419/105487
[54] Bernien, M. (1997). Anforderungen an eine qualitative und quantitative Darstellung der beruflichen Kompetenzentwicklung. In: Arbeitsgemeinschaft Qualifikations-Entwicklungs-Management (Hrsg.): Kompetenzentwicklung ’97: Berufliche
Weiterbildung in der Transformation – Fakten und Visionen. Münster, New York, München, Berlin 1997, p 17-83
[55] E DIN ISO 37002:2020-08 [ISO / DIS 37002:2020(E)]: Whistleblowing management systems – Guidelines, Text in German and English, August 2020.

Copyright 2013 socio.org.uk