Decentralised electricity and its implications for the governance of UK energy security

Allen, John Oakley

January 2014

The GB electricity system is in a state of change, both physically and operationally. The future of the electricity system needs to be low carbon and secure. Current system structures revolve around large-scale centralised generation to deliver this security. This thesis argues that with a broad definition of energy security, which reflects the future needs of the electricity system, a decentralised approach would be more beneficial to deliver these needs. This thesis identifies the governance processes that make up current energy security and evaluates how these might change in a system of decentralised electricity. The research consists of 31 in-depth interviews with key stakeholders of the electricity system from the government, regulatory, market and civil society based actor groups. In addition to this, the research utilised a secondary analysis of consultation responses and Government publications. This thesis uses multi-layer perspective theory to interpret the transition from a centralised to decentralised electricity system. In addition to the multi-layer perspective, an advancement of the governance perspective was also required. This develops the understanding of the changes to the actor relationships rules and the incentives of a decentralised electricity system. This research developed for key findings. Firstly, a decentralised electricity future would introduce a larger number of small investors, who in a centralised system would not exist. The second key point is, the UK Government is responsible for security of supply and their actions are focused on centralised electricity technologies. The third point is that energy security (in its boarder definition) is the responsibility of a network of actors working together. The fourth point is that current energy security is incorrectly dominated by supply meeting demand. The outcome of the research is that a decentralised electricity system would be beneficial to the broader concept of energy security which is used in this thesis.

550

Polycentric security governance : legitimacy, accountability, and the public interest

Berg, Julie

January 2015

This thesis examines how power is constituted in hybrid polycentric systems of security governance. In particular, the thesis explores how legitimacy - as one form of power - is configured in Improvement Districts in South Africa, with a specific focus on three ways by which it is gained: through promoting public participation in decision-making; through transparent and accountable policing nodes; and through the delivery of effective security for the public good. Polycentric systems of security governance are usually composed of a number of policing or security nodes that are independent of each other, but take account of each other in relationships of co-operation or conflict and where no single node dominates all the rest. In other words, some or all of these nodes, may co-ordinate around specific security problems or events in a sustained manner. The functioning of polycentric security governance was explored in Improvement Districts in Cape Town and Johannesburg, as they are an exemplar of polycentricity in the way that they operate. Qualitative field research was employed using a nodal analytical framework and a collective case study approach. In-depth interviewing, participant and direct observation as well as documentary analysis were the primary research methods employed. The findings of the research reveal that polycentricity impacts on legitimacy in a number of ways. Legitimacy may originate from multiple sources and state and non-state policing nodes within polycentric security governance systems may undermine, enhance and/or co-produce democratic participation, accountability and security for the public interest. There are a number of factors or conditions that shape whether polycentric systems of governance are legitimate and how they derive this legitimacy. The main finding of the thesis is that for a polycentric system to be aligned to the public interest, it needs to be motivated by public, peer and political expectations, amongst other things. The findings of the thesis both challenge the normative tendency to associate democratic legitimacy with the state and contribute to the pressing question of how to theoretically account for the empirical reality of polycentric security governance systems.

Public Law

security governance systems

Improvement Districts

Enhancing the governance of information security in developing countries : the case of Zanzibar

Shaaban, Hussein Khamis

January 2014

Organisations in the developing countries need to protect their information assets (IA) in an optimal way. This thesis is based upon the argument that in order to achieve fully effective information security management (ISM) strategy, it is essential to look at information security in a socio-technical context, i.e. the cultural, ethical, moral, legal dimensions, tools, devices and techniques. The motivation for this study originated from the concern of social chaos, which results from ineffective information security practices in organisations in the developing nations. The present strategies were developed for organisations in countries where culture is different to culture of the developing world. Culture has been pointed out as an important factor of human behaviour. This research is trying to enhance information security culture in the context of Zanzibar by integrating both social and technical issues. The theoretical foundation for this research is based on cultural theories and the theory of semiotics. In particular, the study utilised the GLOBE Project (House et al, 2004), Competing Values Framework (Quinn and Cameron; 1983) and Semiotic Framework (Liu, 2000). These studies guide the cultural study and the semiotics study. The research seeks to better understand how culture impact the governance of information security and develop a framework that enhances the governance of information security in non-profit organisations. ISO/IEC 27002 best practices in information security management provided technical guidance in this work. The major findings include lack of benchmarking in the governance of information security. Cultural issues impact the governance of information security. Drawing the evidence from the case study a framework for information security culture was proposed. In addition, a novel process model for information security analysis based on semiotics was developed. The process model and the framework integrated both social and technical issues and could be implemented in any non-profit organisation operating within a societal context with similar cultural feature as Zanzibar. The framework was evaluated using this process model developed in this research. The evaluated framework provides opportunities for future research in this area.

005.8

Strategic framework to minimise information security risks in the UAE

Alkaabi, Ahmed

January 2014

The transition process to ICT (Information and Communication Technology) has had significant influence on different aspects of society. Although the computerisation process has motivated the alignment of different technical and human factors with the expansion process, the technical pace of the transition surpasses the human adaptation to change. Much research on ICT development has shown that ICT security is essentially a political and a managerial act that must not disregard the importance of the relevant cultural characteristics of a society. Information sharing is a necessary action in society to exchange knowledge and to enable and facilitate communication. However, certain information should be shared only with selected parties or even kept private. Information sharing by humans forms the main obstacle to security measure undertaken by organisations to protect their assets. Moreover, certain cultural traits play a major role in thwarting information security measures. Arab culture of the United Arab Emirates is one of those cultures with strong collectivism featuring strong ties among individuals. Sharing sensitive information including passwords of online accounts can be found in some settings in some cultures, but with reason and generally on a small scale. However, this research includes a study on 3 main Gulf Cooperation Council (GCC) countries, namely, Saudi Arabia (KSA), United Arab Emirates (UAE) and Oman, showing that there is similar a significant level of sensitive information sharing among employees in the region. This is proven to highly contribute to compromising user digital authentication, eventually, putting users’ accounts at risk. The research continued by carrying out a comparison between the United Kingdom (UK) and the Gulf Cooperation Council (GCC) countries in terms of attitudes and behaviour towards information sharing. It was evident that there is a significant difference between GCC Arab culture and the UK culture in terms of information sharing. Respondents from the GCC countries were more inclined to share sensitive information with their families and friends than the UK respondents were. However, UK respondents still revealed behaviour in some contexts, which may lead potential threats to the authentication mechanism and consequently to other digital accounts that require a credential pass. It was shown that the lack of awareness and the cultural impact are the main issues for sensitive information sharing among family members and friends in the GCC. The research hence investigated channels and measures of reducing the prevalence of social engineering attacks, such as legislative measures, technological measures, and education and awareness. The found out that cultural change is necessary to remedy sensitive information sharing as a cultural trait. Education and awareness are perhaps the best defence to cultural change and should be designed effectively. Accordingly, the work critically analysed three national cybersecurity strategies of the United Kingdom (UK), the United States (U.S.) and Australia (AUS) in order to identify any information security awareness education designed to educate online users about the risk of sharing sensitive information including passwords. The analysis aimed to assess possible adoption of certain elements, if any, of these strategies by the UAE. The strategies discussed only user awareness to reduce information sharing. However, awareness in itself may not achieve the required result of reducing information sharing among family members and friends. Rather, computer users should be educated about the risks of such behaviour in order to realise and change. As a result, the research conducted an intervention study that proposed a UAE-focused strategy designed to promote information security education for the younger generation to mitigate the risk of sensitive information sharing. The results obtained from the intervention study of school children formed a basis for the information security education framework also proposed in this work.

005.8

Zambia's food system : multiple sites of power and intersecting governances

Abrahams, Caryn N.

January 2010

This thesis contributes to research on agrifood systems in Africa. The research agenda is especially relevant in the context of revived developmental interest in agrifood sectors in Sub-Saharan Africa. Existing scholarship has tended to focus on economic restructuring and the way supermarkets and agribusiness firms increasingly transform African food economies. This thesis is an empirically grounded research endeavour that presents insights about key dynamics in the domestic food system in urban Sub-Saharan Africa, as seen through the case of Lusaka, Zambia. It also challenges existing scholarship by looking at transformations in domestic political economy contexts in Africa that promote the development of agrifood systems. The thesis is concerned with (1) what shapes Lusaka’s urban food system or what the key influencing factors are; (2) the institutions that are critical to the functioning of the urban food system; and (3) whether agribusiness firms and retailers govern economic interaction in Zambia or whether these firms and their economic interaction are governed by other institutions, and/or determined by the domestic political economy context. The thesis considers the changes in Zambia’s food system which point to growth paths that are intentionally pursued to strengthen the domestic economy so that it meets domestic priorities. Unexpectedly, this is not the concern of the state alone, but also of agribusiness firms. Other fascinating contradictions also became apparent in the course of the fieldwork, which looked at large agribusiness in the poultry sector, the Zambian National Farmers’ Union (ZNFU), the South African supermarket, Shoprite, urban markets, market traders and small-scale farmers, between January and November 2007. For instance, contractual arrangements between small-scale farmers and agribusiness firms are common, but the supply chain almost always incorporates intermediary traders; urban markets are formalising at management levels; and the supermarket faces growing pressure by the state to source locally. The methods consisted of in-depth interviews with the ZNFU, firms, farmers, traders, managers of urban markets and supermarkets, and the Ministry of Trade and Commerce. In sum, the thesis argues that urban food systems in Africa can be seen as situated or located in a domestic political economy, influenced by domestic and regional processes, and that they are the result of intersecting forms of governance by different firms and non-firm institutions. In offering a detailed case study of localised food systems in Africa, these findings lend to a robust research agenda on food studies and economic growth in Africa, and are well-placed to contribute to work on food security.

338.1

DEFINING VALUE BASED INFORMATION SECURITY GOVERNANCE OBJECTIVES

Mishra, Sushma

09 December 2008

This research argues that the information security governance objectives should be grounded in the values of organizational members. Research literature in decision sciences suggest that individual values play an important role in developing decision objectives. Information security governance objectives, based on values of the stakeholders, are essential for a comprehensive security control program. The study uses Value Theory as a theoretical basis and value focused thinking as a methodology to develop 23 objectives for information security governance. A case study was conducted to reexamine and interpret the significance of the proposed objectives in an organizational context. The results suggest three emergent dimensions of information security governance for effective control structure in organizations: resource allocation, user involvement and process integrity. The synthesis of data suggests eight principles of information security governance which guides organizations in achieving a comprehensive security environment. We also present a means-end model of ISG which proposes the interrelationships of the developed objectives. Contributions are noted and future research directions suggested.

information security governance

value theory

value focussed approach

internal control

case study

Business

Management Information Systems

Kommuner i interorganisatorisk samverkan : Att säkert och effektivt styra informationssäkerhetsarbete / Municipalities in interorganizational cooperation : Effective and efficient information security governance

Donnerin, Oscar, Mouwafi, Adham

January 2015

Samverkan mellan kommuner är något som varit en aktuell fråga för svenska myndigheter under en längre tid. Mer specifikt har en tydlig ökning identifierats sedan kommunallagen trädde i kraft 1991 och samverkansformen visade sig möta reella politiska behov på ett positivt sätt. Samtidigt har offentliga organisationer de senaste 15 åren gått från att förespråka skyddandet av information till att bli mer öppna och utbyta information över organisatoriska gränser. Denna kvalitativa fallstudie undersöker informationssäkerhet i en interorganisatorisk samverkan mellan svenska kommuner. Teorier som behandlas i uppsatsen är informationssäkerhet, information security governance och samverkan. Studiens syfte är att undersöka utmaningarna med styrning av informationssäkerhetsarbete i en interorganisatorisk samverkan mellan svenska kommuner. Vi ämnar således bidra till forskningen genom att dels förfina befintliga teorier kring de separata ämnesområdena men även utveckla teori där dessa ämnen möts. Vi syftar även till att bidra till praktiken genom att generera värdefull kunskap för de studerade organisationerna men även generalisera resultatet för liknande organisationer. Resultatet visar att vi identifierat ett antal centrala utmaningar där vissa är svårare att hantera än andra. En central utmaning är att det politiska självstyret är tydligt uttalat vilket sätter begräsningar för vad som är möjligt att realisera gemensamt. Vi kan även konstatera att resurser och prioriteringar påverkas av detta. Vi har presenterat ett antal förslag på behov som kan beaktas, både internt i kommunerna men även gemensamt över kommunala gränser. De rekommendationer vi har till kommunerna är att ta ett steg tillbaka gällande samverkan, detta då de ligger på så pass olika nivåer och kan få svårt att skapa en gemensam grund. Kommunerna bör även fokusera på den interna verksamheten och öka säkerhetsmedvetandet för att bli mer redo för att ingå i en samverkan. Uppfylls detta kan de börja fokusera på att anta principer och andra gemensamma aktiviteter som till exempel utbildningar. Detta gör att informationssäkerhetsarbetet går från att vara reaktivt till att bli mer proaktivt. Detta är något som vi anser att både offentliga- och privata organisationer borde sträva mot men även forskare borde ta hänsyn till.

Interorganisatorisk samverkan

informationssäkerhet

informationsutbyte

offentlig sektor

policy

information security governance

säkerhetsmedvetande

Information Systems

Linking Food Security Governance and Changing Food Security Priorities: A Case Study of the Northern Region of Ghana

Adjapong, Frederick Kwaku

10 September 2021

No description available.

Geography

Food security governance

northern Ghana

multi-stakeholder

sustainability

food security

diversified farming

Assessing The Relative Importance of Information Security Governance Processes on Reducing Negative Impacts From Information Security Incidents

Farnian, Adnan

January 2010

Today the extent and value of electronic data is constantly growing. Dealing across the internet depends on how secure consumers believe their personal data are. And therefore, information security becomes essential to any business with any form of web strategy, from simple business-to-consumer, or business-to-business to the use of extranets, e-mail and instants messaging. It matters too any organization that depends on computers for its daily existence. This master thesis has its focus on Information Security Governance. The goal of this thesis was to study different Information Security processes within the five objectives for Information Security Governance in order to identify which processes that organizations should prioritize in order to reduce negative consequences on the data, information and software of a business from security incidents. By surveying IT experts, it was possible to gather their relative opinion regarding the relationship between Information Security Governance processes and security incidents. By studying the five desired objectives for Information Security Governance, Strategic Alignment, Risk Management, Resource Management, Performance Measurement and Value Delivery the result indicated that some processes within Performance Measurements have a difference in relation to other processes. For those processes a conclusion can be made that they are not as important as the processes which they were compared to. A reason for this can be that the processes within performance measurement are different in such a way that they measure an incident after it has actually happened. While other processes within the objectives for ISG are processes which needs to be fulfilled in order to prevent that an incident happens. This could obviously explain why the expert‟s choose to value the processes within performance measurement less important compared to other processes. However, this conclusion cannot be generalized, since the total amount of completed responses where less than expected. More respondents would have made the result more reliable. The majority of the respondents were academicals and their opinion and experience may be different from the IT experts within the industry, which have a better understanding of how it actually works in reality within an organization.

Information Technology

Information Security

Information Security Governance

Elektroteknik och elektronik

[en] A WORLD MADE OF APPS?: ALGORITHMS AND (IN)SECURITY GOVERNANCE IN THE GLOBAL SOUTH / [pt] UM MUNDO DE APLICATIVOS?: ALGORITMOS E A GOVERNANÇA DA (IN)SEGURANÇA NO SUL GLOBAL

LUÍSA CRUZ LOBATO

31 January 2022

[pt] Esse trabalho olha para como os aplicativos enactam a insegurança no/do Sul Global, de modo a compreender a mediação algorítmica da governança da segurança. Aplicativos são manifestações computacionais cujo poder reside em sua proximidade com o usuário final e em seu suposto papel democratizante e empoderante. Ao mesmo tempo, no entanto, esses apps estão embutidos e replicam uma geopolítica do conhecimentocomplicada que não pode ser entendida pelo que caracterizo como formas não monstruosas de teorização de RI, que, intencionalmente ou não, re-enactam a contenção da autoridade dentro das categorias do indivíduo, do estado e do sistema internacional. Em contraste, formas monstruosas de teorização, como aquelas que tentam explicar a política dos artefatos (digitais) e da sociomaterialidade, perturbam as fronteiras disciplinares, suas suposições e representações da política, a fim de expandir e estender o que é compreendido como política e autoridade. Ao engajar-se com uma compreensão da política de ambas na governança de segurança, esta tese argumenta que os aplicativos adicionam camadas de complicação ao nosso entendimento de governança, das quais lidarei com três: simplificação, formalismo e objetividade. Em um segundo impulso argumentativo, a tese sustenta que essas três camadas também são lógicas de computação que dão forma à autoridade de um aplicativo, mas não sem serem significativamente transformadas e reaproveitadas na prática. Na medida em que os aplicativos incorporam de forma decisiva contos sobre políticas democráticas e geopolíticas desiguais do conhecimento, cabe reconhecer que as questões práticas relativas ao seu trabalho de governança atravessam o Sul Global, entendido tanto como uma categoria de pensamento sobre os emaranhados pós-coloniais e as interações atravessadas pelas tecnologias digitais, como um marcador de hierarquias de conhecimento. Esta tese, portanto, fornece uma explicação alternativa para as interações de poder e autoridade que compõem a política de segurança (do Sul) global. Com isso, afasta-se da teorização abstrata para olhar para a governança computacional no chão, ou seja, nos contextos sociopolíticos em que opera, é concebida, criada e adaptada. Ao fazer isso, engaja-se em uma filosofia empírica baseada no uso de métodos etnográficos e no uso antropofágico de conceitos desenvolvidos por estudiosos de RI, filósofos da tecnologia, estudiosos de política digital e STS, e filósofos e sociólogos que pensando poder e desigualdade. O trabalho de campo foi realizado entre 2018 e 2021 com três aplicativos de segurança: Fogo Cruzado, EagleView 2.0, e UN SanctionsApp, e se compõe de uma colagem de métodos, que vão desde observações participantes, entrevistas, walkthroughs em aplicativos e pesquisa bibliográfica. Essa combinação confusa de métodos, objetos e lugares não pode ser vista como desvinculada do impulso conceitual mais amplo da tese, ou seja, mostrar que é na e por meio da autoridade dos aplicativos na governança no/do Sul Global, que podemos começar a abraçar os monstros que têm assustado a política de segurança por tanto tempo. E, ao o fazermos, seremos finalmente capazes de abrir o estudo da autoridade para suas manifestações processuais, transversais e múltiplas, por meio da computação, esta mesma entendida como um conjunto de práticas situadas, adaptáveis e contextuais, que tanto reproduzem como complicam hierarquias de poder e conhecimento. / [en] This work looks at how apps enact insecurity in/of the Global South in order to understand the algorithmic mediation of security governance. Apps are manifestations of computation whose power resides in their proximity with endusers and alleged democratizing and empowering roles. At the same time, however, apps are embedded into and replicate complicated geopolitics of knowledge that cannot be understood by what I characterize as non-monstrous forms of IR theorizing, which, wittingly or not, re-enact the containment of authority within the categories of the individual, the state and the international system. In contrast, monstrous forms of theorizing, such as those which attempt to account for the politics of (digital) artifacts and sociomateriality, disturb disciplinary boundaries, assumptions and representations of politics in order to expand and extend what is encompassed as the political and the authoritative. While engaging with efforts to account for the politics of both in security governance, this thesis argues that apps add layers of complication to our understanding of governance, of which I will be dealing with three: simplification, formalism and objectivity. In a second argumentative thrust, the thesis argues that these three layers are also logics of computation that give form to an app s authority, but not without being significantly transformed and repurposed in practice. To the extent that apps decisively embody both stories of democratic politics and unequal geopolitics of knowledge, we must acknowledge that practical questions pertaining to their governance work traverse the Global South, understood both as a category of thought about postcolonial entanglements and interactions traversed by digital technologies and a marker of knowledge hierarchies. This thesis, therefore, provides an alternative account of the interplays of power and authority in global (South) security politics. With this, the work moves away from abstract theorizing to look at computational governance on the ground, that is to say, in the sociopolitical contexts in which they operate, are designed, created and adapted. While doing so, it engages in empirical philosophy grounded on the use of ethnographic methods and an anthropophagic use of concepts developed by IR scholars, philosophers of technology, STS and digital politics scholars and philosophers and sociologists writing about power and inequality. Fieldwork was conducted between 2018 and 2021 with three security apps: Fogo Cruzado, EagleView 2.0, and UN SanctionsApp, and involves a collage of methods, ranging from participant observations, interviews, app walkthroughs and bibliographical research. This messy combination of methods, objects and places cannot be seen as untangled from the broader conceptual thrust of the thesis, namely, that it is in and through the work of apps as authoritative components of governance in/of the Global South, that we can start to embrace the monsters that have been terrifying security politics for so long. And if we do so, we might finally be able to open authority to its processual, transversal, and manifold enactments through computation, itself understood as a situated, adaptable and contextual set of practices, which both reproduce and complicate knowledge hierarchies.

[pt] APPS

[pt] SUL GLOBAL

[pt] GOVERNANCA DA SEGURANCA

[en] APPS

[en] GLOBAL SOUTH

[en] SECURITY GOVERNANCE