Three Essays on Collective Privacy and Information Security

Memarian Esfahani, Sara

07 1900

In Essay 1, we seek to expand the insights on an individual's decision to share group content. Social networking sites (SNS) have become a ubiquitous means of socializing in the digital age. Using a survey, we collected data from 520 respondents with corporate work experience to test our research model. Our analysis highlights the complex interplay between individual and group factors that shape users' risk-benefit analysis of sharing group content on social networking sites. Furthermore, the results of this study have important implications for social networking site design and policy, particularly with regard to providing granular control over the privacy settings of group content and clear and concise information about the potential risks and benefits of sharing group content. Essay 2 aims to extend the knowledge of information security policy (ISP) compliance. Using a comprehensive approach, we extended the perspective of control mechanisms in the context of ISPs. It is evident that maintaining information security is an important concern for organizations of all sizes and industries. Organizations can establish policies and procedures to regulate and ensure compliance with information security policies, and various control mechanisms can be employed to ensure compliance. Among these control mechanisms, enforcement, punishment, evaluation, and recognition have been identified as important factors that influence information security policy compliance. In Essay 3, we delve deep into the current digital era and the reality of individuals becoming particularly vulnerable to privacy breaches. In the third essay, we offer a thorough examination of existing literature to gain insight into the disparities between users' stated privacy concerns and their actual information-sharing behavior. Our analysis reveals that, in addition to technological and environmental factors, cultural and personal differences significantly contribute to the paradoxical behavior observed among individuals. Utilizing the S-O-R (stimulus-organism-response) framework, we emphasize the necessity of examining the intricate interplay between technological aspects, individual attributes, and environmental factors in order better to understand the complexities of individuals' privacy decision-making processes. By addressing these factors and their interactions, we can develop more effective strategies to improve individuals' privacy awareness, decision-making, and overall online experiences. This will ultimately create more secure and privacy-respecting digital communities for users with various characteristics.

Group Privacy

Group Content Sharing

Information Security

Security Policy Compliance

Privacy Paradox

Psychology, Behavioral

Sociology, Theory and Methods

Psychology, Experimental

Renewable portfolio standards in the USA: experience and compliance with targets

Bespalova, Olga Gennadyevna

January 1900

Master of Arts / Department of Economics / Tracy M. Turner / Economic growth requires growth of energy consumption. In the second half of the twentieth century energy consumption began to outgrow its production and the United States. Consequently, we observe growing dependence of the U.S. economy on energy imports which is causing political and economic insecurity; increasing pollution and depletion of natural resources. One way to alleviate these problems is to encourage renewable electricity production. Because the electric power industry is the largest consumer of energy sources, including renewable energy, it has become one of the most frequent subjects of the regulatory policies and financial incentives aiming to stimulate renewable electricity production. One of the most promoted renewable energy policies in this industry is a renewable portfolio standard (RPS), which requires electric utilities and other retail electric providers to supply a specified amount of electricity sales from renewable energy sources. Currently 29 states and District of Columbia have the RPSs, while 7 states have goals; but only about two third of those with the RPS have certain targets to meet. To my best knowledge, there are no studies analyzing compliance with the RPSs targets or the role of penalty mechanism in the RPS design on meeting its goal. In my Master Thesis I estimate which states are in compliance with their individual RPSs goals and analyze which factors affect the probability of compliance, with the focus on the role of penalty size, and controlling for complimentary policies promoting renewable energy production. I use a fixed effects linear probability model and state level data. Results indicate that including a penalty in the RPS design significantly increases the probability that states will comply with their goals.

Renewable Portfolio Standard (RPS)

Renewable energy

Policy compliance

Penalty

Electric utilities

Electric power industry

Economics (0501)

Environmental economics (0438)

Public Policy and Social Welfare (0630)

政策利害關係人對廉政政策順服與政治信任感關聯性之研究-以環保署業務往來之廠商為例 / Policy stakeholder’s policy compliance and political trust: a case study of the environmental protection administration in Taiwan

楊華興

Unknown Date

本研究以Easton政治支持理論架構，探討不同人口背景與政治態度的政策利害關係人之政策順服影響因素，並就政策執行監測觀點，將順服變數，分從政策認知、政策環境、執行成效滿意度、利害關係人之行為配合度等面向加以剖析，再檢視不同個人對政策順服的差異與其政治信任感有無關連，以獲得理論上驗證。 廉政政策的執行評估或評價，廠商較一般民眾認知更為成熟，對「廉政倫理規範」相關事務的理解能力相對熟悉，故選擇以廠商（即本文政策利害關係人）為研究對象。依照首揭研究目的，假設「認知」與「環境壓力」兩個因素為影響個人對於廉政政策滿意度與行為傾向的主要因素，即個人對於廉政政策所持為正向認知，其所處政策環境會迫使自己遵守廉政政策規範，有助於廉政政策滿意度的提升與行為上的順服。反之，個人對於廉政政策所持為負向認知，且所處政策環境會促使自己規避廉政政策規範者，將使個人不滿意現行政策施行的效果，致滿意度降低與行為上的不順服。 研究結果發現，政策利害關係人的政黨認同對廉政政策順服有影響，其原因可能由於個人的背景不同，使得生活經驗就有所不同，所以形塑每個人的政策認知深度、支持態度、政策滿意度及行動參與意向等表現不同，因此使政策利害關係人在「廉政政策順服」量表的表現強弱也有所差異。此外，在政治信任感方面，與以往的研究結果對照，可以發現政治信任感也是呈現低度水準，並與性別、教育程度、業務類別、政黨認同、所得收入等變項顯著相關。若從廉政政策順服與政治信任感之關聯性探討，發現廉政政策順服與政治信任感呈顯著相關，其中廉政政策順服構面之「環境壓力」、「滿意度」、「行為傾向」等變項的相關程度較高。 最後，本文探求廉政政策執行及成效評估等有關廉政政策推動策略的建議，期能提供作為政策執行的重要參考。 關鍵字：政策利害關係人、政策順服、政策執行、政治信任感、廉政倫理規範 / Based on David Easton's framework of political-system support theory, this study discussed the factors that influence policy compliance of policy stakeholders with different background and political attitudes. From the point of view of policy monitoring , it analyzed the variables affecting compliance from the aspects of policy cognition, policy environment, satisfaction of implementation effectiveness, and cooperation degree of policy stakeholders. Furthermore, it examined the correlations between policy compliance and political trust of each individual in order to get the verification of theory. When it comes to the evaluation and appraisal of the implementation of the anticorruption policy, vendors are ,compared to the general public, more familiar to the affairs concerning Ethics Direction for Civil Servants. This study has selected vendors (i.e. the policy stakeholders) as the research objects. According to the study goal, the "cognition" and the "environmental pressure" were assumed to be two main factors affecting individual satisfaction and behavioral orientation toward the anticorruption policy. When an individual holds a positive cognition toward the anticorruption policy, the policy environment will force the individual to comply with the policy. The satisfaction toward the policy and the behavioral compliance will be fostered. On the contrary, if an individual holds a negative cognition toward the policy, and the policy environment will discourage the individual to comply with the provisions of the anticorruption policy. The individual will not satisfy with the implementing results of the current policy. It will impede the satisfaction and lower the behavioral compliance. The study found that the party identification of the policy stakeholders would influence their compliance to the anticorruption policy. The reason might be that different backgrounds make different life experiences. This molds individual into different level of policy cognition, attitude of support, policy satisfaction and participation orientation, and in turn makes different representation on scale of compliance of the anticorruption policy. In addition, the political trust, when compared to previous studies, was found to be at a low level, and significantly related to gender, education level, job category, party identification and income level. When exploring from the correlation between the anticorruption policy and the political trust, the study found a significant correlation between them. Among variables of anticorruption policy dimension, "environmental pressure," "degree of satisfaction" and "behavioral orientation" have high levels of correlation with political trust. Lastly, this study has explored suggestions to the implementation and evaluation of strategies related to the promotion of anticorruption policy in hope to serve as an important reference to the policy implementation. Key word：policy stakeholder, policy compliance, policy implementation, Political Trust, Ethics Direction for Civil Servants

政策順服

政治信任感

廉政倫理規範

policy compliance

Political Trust

Ethics Direction for Civil Servants

Addressing ambiguity within information security policies in higher education to improve compliance

Buthelezi, Mokateko Portia

06 1900

Information security (InfoSec) policies are widely used by institutions as a form of InfoSec control measure to protect their information assets. InfoSec policies are commonly documented in natural language, which is prone to ambiguity and misinterpretation, thereby making it hard, if not impossible, for users to comply with. These misinterpretations may lead the students or staff members to wrongfully execute the required actions, thereby making institutions vulnerable to InfoSec attacks. According to the literature review conducted in this work, InfoSec policy documents are often not followed or complied with; and the key issues facing InfoSec policy compliance include the lack of management support for InfoSec, organisational cultures of non-compliance, intentional and unintentional policy violation by employees (the insider threat), lack of policy awareness and training as well as the policy being unclear or ambiguous. This study is set in the higher education context and explores the extent to which the non-compliance problem is embedded within the policy documents themselves being affected by ambiguity. A qualitative method with a case study research strategy was followed in the research, in the form of an inductive approach with a cross-sectional time horizon, whereby a selection case of relevant institutional InfoSec policies were analysed. The data was collected in the form of academic literature and InfoSec policies of higher education institutions to derive themes for data analysis. A qualitative content analysis was performed on the policies, which identified ambiguity problems in the data. The findings indicated the presence of ambiguity within the policy documents, making it possible to misinterpret some of the policy statements. Formal methods were explored as a possible solution to the policy ambiguity. A framework was then proposed to address ambiguity and improve on the clarity of the semantics of policy statements. The framework can be used by policy writers in paying attention to the presence of ambiguity in their policies and address these when drafting or revising their policy documents. / School of Computing

Formal methods

Policy ambiguity

Usable security

Policy clarity

Policy human aspects

Security policy compliance

507.12

Information policy

Compliance

Ambiguity

Science -- Study and teaching (Higher)

Clarifying roles and responsibilities in information security : A case study of policy implementation in high-stakes environments

Alndawi, Tara

January 2024

In information security, the success of security policies is critically dependent on their implementation in organizations. This thesis explores the gap between formal definitions and the actual implementation of security policies, focusing on roles within a Swedish defense company. Using a qualitative research approach, this study employs semi-structured interviews to gather in-depth insights from individuals directly involved in security management, with the aim of uncovering the real-world complexities and challenges faced in policy implementation. This study identifies several core issues that affect policy implementation: ambiguity in role definitions, inconsistencies in policy communication at different organizational levels, and the frequent need for individuals to adapt policies to practical and situational needs. These factors contribute to the risk of security breaches by creating conditions in which policies are misunderstood or incorrectly applied. The findings highlight a significant discrepancy between how policies are intended to function and how they are implemented in daily operations, revealing a critical vulnerability in organizational security frameworks. This thesis contributes to the existing body of knowledge by mapping the landscape of security policy implementation within the context of the highly regulated defense industry. The results provide empirical evidence that improves the understanding of the interaction between policy, practice and the human element in security regimes with the aim of improving clarity and reducing the incidence of human error in security practices.

Practical policy application

policy compliance

security policy gaps

role clarity

role ambiguity

information security management

Swedish defense industry

Information Systems, Social aspects

Interfaces entre produção de saúde e coordenação do cuidado: perspectiva da psicodinâmica do trabalho na compreensão do trabalhar de médicos inseridos em um hospital universitário - São Paulo, Brasil / Interfaces between health production and coordination of care: perspective of psychodynamics of work in the understanding about the work of doctors inserted at a university hospital - São Paulo, Brazil

Barros, Juliana de Oliveira

17 February 2016

INTRODUÇÃO: Com base no referencial teórico da Psicodinâmica do Trabalho, compreende-se que a construção da subjetividade e, consequentemente, da identidade e da saúde mental dos sujeitos adultos têm no trabalho lugar central. OBJETIVO: Evidenciar componentes da organização do trabalho que possam favorecer a produção da saúde, a construção e o fortalecimento da identidade de sujeitos singulares e coletivos profissionais, a partir da compreensão de uma situação especifica de trabalho. METODOLOGIA: Trata-se de estudo de caso de caráter exploratório. Foi desenvolvido com um grupo de médicos inseridos no Hospital Universitário da Universidade de São Paulo, cujo trabalhar é atravessado pela coordenação de equipes e/ ou ações de cuidado. Realizou-se 14 entrevistas semi-estruturadas entre os meses de setembro de 2013 e abril de 2014, organizadas em duas fases. Da primeira, participaram sete médicos que ocupavam cargos de gestão. Puderam auxiliar na compreensão do organograma geral da instituição, do fluxo e da organização do trabalho médico. Da segunda fase, participaram sete médicos que, além de assistentes, atuavam como chefes de plantão. Pela importância das ações desenvolvidas por estes profissionais na dinâmica hospitalar e pela disponibilidade em participar do estudo, constituíram-se como a população alvo do mesmo. Adotou-se a postura fenomenológico hermenêutica para interpretação dos achados. Caracterizou-se o trabalhar e a identidade profissional desses sujeitos a partir de quatro eixos: conteúdo do trabalho; recursos disponíveis para realização das atividades previstas; trajetória para chegada nessa função e; experiências de sofrimento e prazer no trabalho. RESULTADOS: Semanalmente, por 12 horas consecutivas, os médicos chefes de plantão respondem por questões administrativas, representando a diretoria do hospital frente aos trabalhadores e usuários do serviço. Baseados em aspectos técnicos, nas regras institucionais e do trabalho tomam, simultaneamente, decisões clínicas no que se refere à possibilidade de acolhimento do conjunto de sujeitos que procura o hospital. Objetivam, ao máximo, manter a regularidade e a continuidade do funcionamento institucional e melhorar a resolutividade do atendimento prestado. Todos os recursos materiais e humanos da instituição são aliados quando das tomadas de decisão, mesmo se feitas de forma individual. Foram convidados pela diretoria do hospital a desempenharem essa função, a partir da identificação de certas características pessoais e profissionais. Dentre todas as atividades desenvolvidas, ocupar-se da gestão regulatória dos leitos hospitalares frequentemente os coloca diante de situações de impotência. DISCUSSÃO: Os chefes de plantão são profissionais que transitam entre o fazer clínico e a coordenação de situações e pessoas. Evidencia-se a importância do julgamento de utilidade técnica e social emitido, sobretudo, por aqueles que compõem a base da linha hierárquica organizacional, ao terem sua autoridade fundada nas competências profissionais e na qualidade das arbitragens que realizam. O reconhecimento, enquanto retribuição de natureza simbólica, parece impulsionar a construção de soluções criativas face às dificuldades encontradas no trabalho. Ressalta ainda o lugar do outro no movimento de conquista da própria identidade. Encontram-se diante de um cenário no qual, além de serem beneficiários, fomentam processos de cooperação a partir do modo como fazem a gestão. Os anos de trabalho compartilhado entre as mesmas equipes e a ética do cuidado em saúde, parecem sustentar esta dinâmica. CONCLUSÕES: Compreende-se que a cooperação e o reconhecimento são aspectos importantes quando se trata da produção da saúde mental e da prevenção de situações de adoecimento no trabalho. São ainda decisivos para a conquista da emancipação pela via do trabalho. Entender as condições que tornam possível a existência deles no seio das instituições é fundamental para aqueles que desejam aliar a produção de bens ou serviços à produção da saúde dos trabalhadores / INTRODUCTION: Based on the theoretical framework of work psychodynamics, it is understood that the construction of subjectivity and, hence, the identity and mental health of adult subjects have in the work its central point. PURPOSE: To highlight components of work organization which may support the health production, the building and strengthening of the identity of specific individuals and collective professionals based on an understanding of a specific work situation. METHODS: It is an exploratory case study. It was conducted with a group of doctors inserted in the University Hospital of University of São Paulo and whose work is crossed by coordination of teams and/or care actions. Fourteen semi-structured interviews taken between September 2013 and April 2014, which were organized into two phases. In the first one, seven manager doctors participated. They helped in the understanding of the general chart organizational of the institution, the flow and organization of medical work. In the second phase participated seven professionals who were doctors assistants and also duty chefs. Due to the importance of the actions developed by these professionals in the hospital and their availability to participate in the study, they were constituted as the target population of it. It was adopted the phenomenological-hermeneutic approach to the interpretation of the findings. The work and the professional identity of these subjects were characterized according to four areas: content of the work; resources available to carry out the planned activities; trajectory for arrival in this role and; experiences of suffering and pleasure at work. RESULTS: Weekly, for 12 consecutive hours, the doctors on duty chiefs are responsible for administrative matters and representing the board of the hospital face workers and service users. Based on the technical aspects, institutional and work rules, they make clinical decisions regarding the possibility of receiving and hosting subjects who seeks the hospital. They aim, as much as possible, to maintain the regularity and continuity of organizational efficiency and improve the resoluteness of care given. All the material and human resources of the institution are allied when the decisions have to be made, even if it is individually. They were invited by the hospital board to play this role, based in the identification of certain personal and professional characteristics. Among all the activities, to be in charge of the regulatory management of hospital beds often sets them against situations of powerlessness. DISCUSSION: The duty chefs are professionals who move between clinical work and coordination of situations and people. It highlights the importance of the judgment of technical and social utility, mainly by those who compose the organizational basis of organizational hierarchy, by having their authority founded on professional skills and quality of referrals that they do. The recognition as retribution in symbolic way, appears to boost the construction of creative solutions to face the difficulties encountered at work. We also emphasize the place of the other in the movement of achieve their own identity. They are in a scenario in which, besides being beneficiaries, also foster cooperation processes from the way they do the management. The years of work shared between the same teams and the ethics of health care, appear to sustain this dynamic. CONCLUSIONS: It is understood that cooperation and recognition are important aspects when it comes to mental health production and preventing disease situations at work. They are still decisive for the achievement of emancipation through work. Understanding the conditions that make possible their existence within the institutions is essential for those who wish to combine the production of goods or services to the production of health workers

Diretores médicos

Gestão em saúde

Health facilities

Health management

Human resources

Instituições de saúde

Mental health

Occupational health

Physician executives

Policy compliance

Política de cooperação

Psicodinâmica

Psychodynamic

Recursos humanos

Saúde do trabalhador

Saúde mental

Trabalho

Work

科技演進與政策變遷下的失落標的團體-個人綜合所得稅申報系統個案分析 / The Lost Target Groups Under Scientific and Technological Evolution and Policy Change- A Case Study of Personal Income Tax-filing Systems

張家菁, Chang, Chia-Ching

Unknown Date

電子化政府是現代政府知識經濟時代發展之趨勢。政府的服務能力可以藉由電腦、網路的使用而大大提升；然而，在我國各種朝向電子化政府的政策中，網路報稅堪稱為時間較長且涵蓋範圍較完整的計畫之ㄧ，自1997年開始試辦到現在已有九年，在這樣的長年實施之中，卻仍存近百萬的二維條碼申報系統使用家戶；在現階段的進程上是否只需多加過渡的步驟便可成功邁向稅務網路化的最終目標。本研究採質、量混合研究法。採行先問卷發放，探究民眾不願意跟隨政策而改變報稅工具的原因；再以質化訪談專家學者，交叉詰問提出標的團體在科技進步與政策變遷的過程中，是否能夠不被遺落在後，在政府帶領下提出解決之道。 綜合而言，無論是自量化或是質化的訪談之中發現，民眾不願意順服的因素不外乎政府使用錯誤的對策來因應政策問題；如對於民眾的慣性使用未加以重視民眾，以及當民眾已不信任政府之作為時，卻又強制性地施加壓力，引發民眾產生在適應上的困難；政府忽略了在二維的過程下可以提供的學習階梯以使民眾適應。民眾的不願意順服便展現於其對於政府的不信任與堅持其使用方式（二維條碼報稅）之上。正因如此，面對政府的作為無法解決問題，而自然形成在政府做為下不願意改變自我行為的失落標的團體，本研究即是指仍堅持使用二維條碼系統申報個人綜合所得稅者；其同樣必然會發生於現今各項電子化政府政策中。 正因為它的自然發生且面對正變遷中的政策，政府能做的便是建置基礎設施，讓網路報稅政策回歸自然的手來主導它，讓過渡與變遷的機制面對科技的進入，以民眾與政府的雙方面向加以權衡，政府僅是操槳的手，為出現失落標的團體的政策，提供快速演化至下一階段的輔助，增加其順服的條件，並加強誘因的提供上做出與市場相同的行銷動力。 政府保留二維條碼申報制度，不僅為不確定的網路虛擬時代提供具實體性的安全感，又可以是電子化的加速處理。當然這些都是在政策呈現變遷的過程中，所進行的取捨。當民眾要的不再是基於效率與服務的兼具時，報稅手段的思索就不再是一項重點。面對報稅政策的未來，為民眾的需求提供效率的服務應放在第一考量，接著是邁向科技的進程的基礎建設須建置完備，安全機制、人員在訊練等等，才是增進邁向全面網路實質申報的必需手段。 關鍵字：政策變遷、政策演化、政策順服、個人綜合所得稅、二維條碼。

政策變遷

政策演化

政策順服

個人綜合所得稅

二維條碼

policy change

policy evolution

policy compliance

personal income tax-filing systems

two-dimentional bar code

Intrusion detection techniques in wireless local area networks

Gill, Rupinder S.

January 2009

This research investigates wireless intrusion detection techniques for detecting attacks on IEEE 802.11i Robust Secure Networks (RSNs). Despite using a variety of comprehensive preventative security measures, the RSNs remain vulnerable to a number of attacks. Failure of preventative measures to address all RSN vulnerabilities dictates the need for a comprehensive monitoring capability to detect all attacks on RSNs and also to proactively address potential security vulnerabilities by detecting security policy violations in the WLAN. This research proposes novel wireless intrusion detection techniques to address these monitoring requirements and also studies correlation of the generated alarms across wireless intrusion detection system (WIDS) sensors and the detection techniques themselves for greater reliability and robustness. The specific outcomes of this research are: A comprehensive review of the outstanding vulnerabilities and attacks in IEEE 802.11i RSNs. A comprehensive review of the wireless intrusion detection techniques currently available for detecting attacks on RSNs. Identification of the drawbacks and limitations of the currently available wireless intrusion detection techniques in detecting attacks on RSNs. Development of three novel wireless intrusion detection techniques for detecting RSN attacks and security policy violations in RSNs. Development of algorithms for each novel intrusion detection technique to correlate alarms across distributed sensors of a WIDS. Development of an algorithm for automatic attack scenario detection using cross detection technique correlation. Development of an algorithm to automatically assign priority to the detected attack scenario using cross detection technique correlation.

Interfaces entre produção de saúde e coordenação do cuidado: perspectiva da psicodinâmica do trabalho na compreensão do trabalhar de médicos inseridos em um hospital universitário - São Paulo, Brasil / Interfaces between health production and coordination of care: perspective of psychodynamics of work in the understanding about the work of doctors inserted at a university hospital - São Paulo, Brazil

Juliana de Oliveira Barros

17 February 2016

INTRODUÇÃO: Com base no referencial teórico da Psicodinâmica do Trabalho, compreende-se que a construção da subjetividade e, consequentemente, da identidade e da saúde mental dos sujeitos adultos têm no trabalho lugar central. OBJETIVO: Evidenciar componentes da organização do trabalho que possam favorecer a produção da saúde, a construção e o fortalecimento da identidade de sujeitos singulares e coletivos profissionais, a partir da compreensão de uma situação especifica de trabalho. METODOLOGIA: Trata-se de estudo de caso de caráter exploratório. Foi desenvolvido com um grupo de médicos inseridos no Hospital Universitário da Universidade de São Paulo, cujo trabalhar é atravessado pela coordenação de equipes e/ ou ações de cuidado. Realizou-se 14 entrevistas semi-estruturadas entre os meses de setembro de 2013 e abril de 2014, organizadas em duas fases. Da primeira, participaram sete médicos que ocupavam cargos de gestão. Puderam auxiliar na compreensão do organograma geral da instituição, do fluxo e da organização do trabalho médico. Da segunda fase, participaram sete médicos que, além de assistentes, atuavam como chefes de plantão. Pela importância das ações desenvolvidas por estes profissionais na dinâmica hospitalar e pela disponibilidade em participar do estudo, constituíram-se como a população alvo do mesmo. Adotou-se a postura fenomenológico hermenêutica para interpretação dos achados. Caracterizou-se o trabalhar e a identidade profissional desses sujeitos a partir de quatro eixos: conteúdo do trabalho; recursos disponíveis para realização das atividades previstas; trajetória para chegada nessa função e; experiências de sofrimento e prazer no trabalho. RESULTADOS: Semanalmente, por 12 horas consecutivas, os médicos chefes de plantão respondem por questões administrativas, representando a diretoria do hospital frente aos trabalhadores e usuários do serviço. Baseados em aspectos técnicos, nas regras institucionais e do trabalho tomam, simultaneamente, decisões clínicas no que se refere à possibilidade de acolhimento do conjunto de sujeitos que procura o hospital. Objetivam, ao máximo, manter a regularidade e a continuidade do funcionamento institucional e melhorar a resolutividade do atendimento prestado. Todos os recursos materiais e humanos da instituição são aliados quando das tomadas de decisão, mesmo se feitas de forma individual. Foram convidados pela diretoria do hospital a desempenharem essa função, a partir da identificação de certas características pessoais e profissionais. Dentre todas as atividades desenvolvidas, ocupar-se da gestão regulatória dos leitos hospitalares frequentemente os coloca diante de situações de impotência. DISCUSSÃO: Os chefes de plantão são profissionais que transitam entre o fazer clínico e a coordenação de situações e pessoas. Evidencia-se a importância do julgamento de utilidade técnica e social emitido, sobretudo, por aqueles que compõem a base da linha hierárquica organizacional, ao terem sua autoridade fundada nas competências profissionais e na qualidade das arbitragens que realizam. O reconhecimento, enquanto retribuição de natureza simbólica, parece impulsionar a construção de soluções criativas face às dificuldades encontradas no trabalho. Ressalta ainda o lugar do outro no movimento de conquista da própria identidade. Encontram-se diante de um cenário no qual, além de serem beneficiários, fomentam processos de cooperação a partir do modo como fazem a gestão. Os anos de trabalho compartilhado entre as mesmas equipes e a ética do cuidado em saúde, parecem sustentar esta dinâmica. CONCLUSÕES: Compreende-se que a cooperação e o reconhecimento são aspectos importantes quando se trata da produção da saúde mental e da prevenção de situações de adoecimento no trabalho. São ainda decisivos para a conquista da emancipação pela via do trabalho. Entender as condições que tornam possível a existência deles no seio das instituições é fundamental para aqueles que desejam aliar a produção de bens ou serviços à produção da saúde dos trabalhadores / INTRODUCTION: Based on the theoretical framework of work psychodynamics, it is understood that the construction of subjectivity and, hence, the identity and mental health of adult subjects have in the work its central point. PURPOSE: To highlight components of work organization which may support the health production, the building and strengthening of the identity of specific individuals and collective professionals based on an understanding of a specific work situation. METHODS: It is an exploratory case study. It was conducted with a group of doctors inserted in the University Hospital of University of São Paulo and whose work is crossed by coordination of teams and/or care actions. Fourteen semi-structured interviews taken between September 2013 and April 2014, which were organized into two phases. In the first one, seven manager doctors participated. They helped in the understanding of the general chart organizational of the institution, the flow and organization of medical work. In the second phase participated seven professionals who were doctors assistants and also duty chefs. Due to the importance of the actions developed by these professionals in the hospital and their availability to participate in the study, they were constituted as the target population of it. It was adopted the phenomenological-hermeneutic approach to the interpretation of the findings. The work and the professional identity of these subjects were characterized according to four areas: content of the work; resources available to carry out the planned activities; trajectory for arrival in this role and; experiences of suffering and pleasure at work. RESULTS: Weekly, for 12 consecutive hours, the doctors on duty chiefs are responsible for administrative matters and representing the board of the hospital face workers and service users. Based on the technical aspects, institutional and work rules, they make clinical decisions regarding the possibility of receiving and hosting subjects who seeks the hospital. They aim, as much as possible, to maintain the regularity and continuity of organizational efficiency and improve the resoluteness of care given. All the material and human resources of the institution are allied when the decisions have to be made, even if it is individually. They were invited by the hospital board to play this role, based in the identification of certain personal and professional characteristics. Among all the activities, to be in charge of the regulatory management of hospital beds often sets them against situations of powerlessness. DISCUSSION: The duty chefs are professionals who move between clinical work and coordination of situations and people. It highlights the importance of the judgment of technical and social utility, mainly by those who compose the organizational basis of organizational hierarchy, by having their authority founded on professional skills and quality of referrals that they do. The recognition as retribution in symbolic way, appears to boost the construction of creative solutions to face the difficulties encountered at work. We also emphasize the place of the other in the movement of achieve their own identity. They are in a scenario in which, besides being beneficiaries, also foster cooperation processes from the way they do the management. The years of work shared between the same teams and the ethics of health care, appear to sustain this dynamic. CONCLUSIONS: It is understood that cooperation and recognition are important aspects when it comes to mental health production and preventing disease situations at work. They are still decisive for the achievement of emancipation through work. Understanding the conditions that make possible their existence within the institutions is essential for those who wish to combine the production of goods or services to the production of health workers

Diretores médicos

Gestão em saúde

Instituições de saúde

Política de cooperação

Psicodinâmica

Recursos humanos

Saúde do trabalhador

Saúde mental

Trabalho

Health facilities

Health management

Human resources

Mental health

Occupational health

Physician executives

Policy compliance

Psychodynamic

Work

Efterlevnad av policy och informationssäkerhetsarbete : En fallstudie om informationssäkerhetspolicys på småföretag inom vårdbranschen

Ramstedt, Moa, Saxunger, Viktor

January 2022

This thesis examines the information security awareness and compliance to related policies by employees at small companies, and to which degree the company’s policies fulfil requirements according to standards for security policies. A case study was carried out at a small healthcare company by collecting and analysing information security related documents and by conducting interviews with employees. The assessment of the company’s policy documents was made by comparing them to policy requirements established by the ISO 27000 standards. The information security awareness and policy compliance at the company was graded using an information security maturity model with a scale of 0 to 5. The highest degree of policy compliance was found in rules regarding anonymising sensitive information in text-based communication and deleting it when it is no longer needed. Compliance to mail and password routines was identified as the most neglected part of analysed policy documents. The awareness and policy compliance at the company conforms to level 2 of the maturity model. As for the policy documents, they partly or fully fulfilled a majority of the ISO requirements included in the comparison. However, 7 out of 17 requirements were missing completely in the policy documents, and only two out of eight requirement categories were fully fulfilled. The requirement category that the policy documents fulfilled to the highest degree concerned protecting sensitive information during transfer, while the biggest shortage concerned requirements on having documentation establishing a regular control systems and education on information security and policies within the organisation.

information security

IT security

small companies

SMEs

ISO 27000

policy compliance

awareness

informationssäkerhet

IT-säkerhet

småföretag

ISO 27000

policyefterlevnad

medvetenhet

Information Systems, Social aspects