Doctoral Thesis Title and Author

1
Doctoral Thesis Title and Author

• A Systemic-Holistic Approach to Academic
  Programmes In IT Security
• Presented
• By
• Louise Yngström
• Stockholm University, October 1996

2
Overview

• Structural Organization
• Methodology Approach used
• The Systemic-Holistic Model
• Adherence to Research and Reporting Guidelines
• Summary and Conclusion

3
Structural Organization

• Comprises of 6 Chapters
• Chapter 1 Problem, Idea Approach
• Chapter 2 Thoughts Background
• Chapter 3 Systemic-Holistic Model
• Chapter 4 Two Educational Programmes
• Chapter 5 Interdisciplinary Holistic
• Chapter 6 Suggestions for further studies

4
Structural Organization

• The research Problem
• The Thesis attempts to discuss some of the
  problems associated with how to understand the
  concept of Security in relation to IT
• A problem of language
• Confidentiality, Integrity Availability
• Information vs Data
• IT Security Criteria, etc

5
Structural Organization

• Study Rationale
• The reason for undertaking this research was to
  try and find the best way to address or define
  the aspects of IT Security Centrally, hence to
  get rid of the confusions and Misunderstandings
  in grasping Security. Also to develop an
  Interdisciplinary IT Security Model

6
Structural Organization

• Hypothesis
• The subjective models produced through General
  Systems Theory and Cybernetics make students
  understand IT security banking problems, although
  their practical banking experiences are
  restricted to being customers

7
Structural Organization

• The students, with theoretical and practical
  backgrounds from computing, business and
  libraries, used the concepts of general systems
  and Cybernetics to transform objective models
  into subjective models useful also for
  understanding problems involved with IT Security.

8
Structural Organization

• She used System as an epistemological device to
  describe organisms as wholes, and showed that it
  could be generalised and applied to wholes of any
  kind
• Cybernetics is a philosophy and a science
  concerned with the control or regulation of
  information flow within and between systems,
  whether human or machine.

9
Methodology Approach used

• Action-oriented and explorative approach
• The work included the design, implementation and
  evaluations of courses and programmes, their
  content and structure, theory, methodology and
  approach.
• It is both Qualitative Quantitative

10
The Systemic-Holistic Model

• In 1970s Computer Science and Law took
  initiative to regulate the development, use,
  operation, and management of safe and secure IT
  structures

11
The Systemic-Holistic Model

• Although both areas were driven by the technical
  developments and the new applications made,
  developments of regulatory and protective
  measurements and mechanisms were initially
  conducted in parallel, rather than interactively,
  between computer science and law.

12
The Systemic-Holistic Model

• The model relies on three main building blocks
• General Systems Theory including Cybernetics
  (Ontological Epistemological)
• Soft System Methodology (Engineering or hard
  systems thinking Systemic or Soft systems
  thinking) - Problems Solved by systematic methods
  Systemic methods respectively
• General Living Systems Theory (Ontological entity)

13
The Systemic-Holistic Model

Systemic Module -an epistemological
device -meta-science -criteria for control
Level of abstraction (Design/architecture,
Theory/model, Physical construction
Context Orientation (geographical/space and time
bound system point
Content subject areas (Technical and
Non-technical aspects)
Fig. 1 Overview of the framework and methodology
for Security Informatics - the Systemic-Holistic
Model
14
The Systemic-Holistic Model

Information Security
Administrative (Procedural security)
IT Security
ADP (Computer security)
Communications security
Fig. 2 The Definition of Information Security
ITS 1994, p. 7
15
The Systemic-Holistic Model

• An interdisciplinary area encompassing theories
  and methods for secure handling of information
  within organizations or technical systems. The
  area also contains the use of information
  technology as means for security and safety in
  social, socio-technical, and technical
  environments ITS 1994, p. 14

Security Informatics was defined as
16
The Systemic-Holistic Model

• Schoderbek defined the concept System as
• A set of objects together with relationships
  between the objects and between their attributes
  related to each other and to their environment so
  as to form a whole
• Schoderbek et al. 1990 p. 13

17
The Systemic-Holistic Model

Inputs
Processes
Outputs
To Environment and other Systems
Feedback Controls
Systems boundary
Fig. 3 An open system Schoderbek et al. 1990 p.
25
18
Adherence to Research and Reporting Guidelines

• The author has adhered to the research and
  reporting guidelines in that
• Clearly defined a problem
• Stated the hypothesis
• Stated the research rationale
• Chapters well organized
• Simple and understandable language

19
Adherence to Research and Reporting Guidelines

• Defined all key terminology
• Evidence communicated Visually
• Tables
• Charts
• Graphs, and
• Figures

20
Summary and Conclusion

• The Model is based on Cybernetics and general
  systems theories
• It consists of a framework epistemology Taken
  together they are called the Systemic-Holistic
  Model.
• When in use, it is called the Systemic-Holistic
  Approach

21
End of Presentation

• Thank you all!