Security Culture

The concepts we use to describe and communicate affects how we think about phenomena. How we think about phenomena affects both research and practice. The project Security Culture has focused on a few concepts central to information security; concepts that are use both in practice and research.

We have mainly analysed five concepts: ‘security’ (specifically: ‘information security’), ‘information’ (specifically: ‘semantic information’), ‘privacy’, ‘anonymity’, and ‘culture’. The focal point of the analyses has been normative, i.e. the central question focuses on finding the best possible definition of these concepts. For example, what is the best way to conceptualise ‘information security’?

To develop new or improved definitions of concepts – such as information, security, privacy, anonymity, and culture – is an important part of creating tools for security research as well as practitioners. For example, we have contributed with a definition of information security that is more suitable for identification and analysis of security risks that are constituted by value conflicts. Such value conflicts include, e.g., security and privacy trade-offs.

This project has focused on conceptual analysis relating to both basic and applied research. We have often attempted to analyse the essence or fundamental nature of the studied concepts. The insights that our analyses bring can – as noted above – be used both in practice and in further research. The latter could lead to further analysis relating to the individual concepts or by promoting a framework intended for broader analysis. A few interesting examples include, e.g.: expanding on the analysis of the concept of information security by investigation whether the concept is part of one coherent security concept (or if there are several different security concepts). Another way to continue the analysis would be to test some of the projects definitions in practice (something that is best done in co-operation with more empirically focused researchers). A third option would be to focus on applied ethical challenges relating to security.

Lundgren B. (2015). The Information Liar Paradox: A Problem for Floridi's RSDI Definition. Philosophy and Technology 28(2): 323-327.

Lundgren, B. (2015). Information Security and Resilience: The Right Definition. Poster Session, Third Deans Forum Workshop on Resilience Engineering, 30 November-1 December, Tokyo University, Tokyo, Japan.

Lundgren, B. (2015). Why semantic information is only meaningful data. Presentation vid Filosofidagarna, Juni 12-14, Linköping University, Linköping, Sverige.

Lundgren, B. (2016). Vad är säker information? En kritisk diskussion. Presentation vid Informationssäkerhetskultur inom och mellan organisationer, 11 mars, MSB, Stockholm, Sverige.

Lundgren, B. (2016). Semantic Information and Information Security: Definitional Issues. Licentiate Thesis in Philosophy. KTH Royal Institute of Technology: Stockholm.

Lundgren, B. (2017). The Definition of Privacy: Privacy as a Relational Concept. Inbjuden presentation vid Turku University, 16 maj, Åbo, Finland..

Lundgren, B. (2017). Conceptualising the Values of Anonymity in the 21st Century and Beyond. IACAP (International Association of Computing and Philosophy), Stanford University, Juni 26-28, Stanford,USA.

Lundgren, B. (2017). Vad är säker information? In Hallberg et al. Informationssäkerhet och Organisationskultur. 2017. Studentliteratur: Lund.

Lundgren, B. (red.) (2017). Hallberg et al. Informationssäkerhets och organisationskultur. Studentlitteratur: Lund.

Lundgren, B. (2017) What is Culture? Presentation vid Filosofidagarna, Augusti 25-27, Uppsala Universitet, Uppsala, Sweden.

Lundgren, B. (accepted) Need Semantic Information be Truthful? Synthese

Lundgren B. (accepted) The Concept of Anonymity: What is really at Stake?. Under contract to be published in Macnish and Galliot, Big Data and the Democratic Process.

Lundgren B, Möller N. (accepted) Defining Information Security Accepted for publication in Science and Engineering Ethics.