Ðóñ Eng Cn Translate this page:
Nota Bene. Books, journals, publishing technologies.
Please select your language to translate the article


You can just close the window to don't translate
Library
 Your profile
Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Back to contents

Culture and Art
Reference:

Culturology of professional culture of information security

Bylevskiy Pavel Gennadievich

ORCID: 0000-0002-0453-526X

PhD in Philosophy

Associate Professor, Department of Information Culture of Digital Transformation; Department of International Information Security, Moscow State Linguistic University

119034, Russia, Ostozhenka str., 36, office 106

pr-911@yandex.ru
Other publications by this author
 
 

DOI:

10.7256/2454-0625.2023.8.43846

EDN:

VPJECJ

Received:

20-08-2023

Published:

05-09-2023

Abstract: The purpose of the study is to study the potential of a culturological approach to the professional culture of information security in modern conditions. The subject of the study is the socio-cultural aspects of professional competencies in the context of the formation and development of the general civil culture of information security. The object of the study is the previous and ongoing evolution of the professional culture of information security in Russia. The materials used are scientific, research and scientific-practical publications on the research topic in the Russian journals of the list of the Higher Attestation Commission and in the international database Scopus (categories Q1 and Q2) for 2021-2023. The evolutionary and structural-functional methods are applied, the subject of the study is considered from the point of view of the cultural paradigm − the dynamic system model. The novelty of the research lies in the application of the conceptual apparatus and methods of cultural studies to study the professional culture of information security. Previously, the formation and development of an information security culture was considered within the framework of technical scientific disciplines, and then law, management, pedagogy, psychology and linguistics. The result of the study is the identification of socio-cultural factors as components inherent in the professional culture of information security at the present stage. These include traditional values, identity, resistance to manipulation of consciousness, as well as psychological and pedagogical competencies of training non-professionals in information security of employees of organizations and citizens, customers and users of services. The conclusion is made: the culturological approach is highly in demand in information security, which is due to its transformation into a general civil culture, which must include more and more significant socio-cultural aspects.

Keywords:

information security, professional culture of information security, general civil culture of information security, socio-cultural threats, traditional values, cultural identity, social engineering, disinformation, digital sovereignty, technological import-independence
This article is automatically translated. You can find original text of the article here.

Introduction

The formation and development of a national system for the development of information security culture is a necessity caused by the widespread diverse use of computer and telecommunications technologies and the manifestation of new high—level socio-cultural threats. The content of information security, including threats and means of counteraction, which previously had a predominantly technical nature, is increasingly filled with socio-cultural and civil aspects, requiring specialized scientific understanding. Initially, in the 1990s, information security was formed as a technical discipline, gradually including organizational and legal, pedagogical [1], psychological [2] and socio-cultural directions [3], but cultural scientists considered only some of its aspects.

The present study should fill this gap: the use of a cultural paradigm, a dynamic system model of information security is a profile for the development and improvement of the corresponding culture of Russian citizens. The use of evolutionary and structural-functional approaches allows us to determine the specifics, place and role of professional competencies of information security in the general civil culture of information security. Such methodological support makes it possible to professionally develop and apply methods of strengthening counteraction to threats to information security, adapted for different categories of citizens in accordance with their socio-cultural characteristics, interests, habits and behavior.

 1. The evolutionary development of the professional culture of information security

The use of computer and telecommunication technologies, Internet communications has spread to all branches of professional activity and to almost all citizens of Russia. The culture of information security, which was formed in the 1990s as a highly professional one, later grows first to professional specializations in various industries, and then to a mass, general civil scale. A significant confirmation of the evolutionary maturity of this trend is the adoption of the "Concept of formation and development of the culture of information security of citizens of the Russian Federation" (Decree of the Government of the Russian Federation No. 4088-r of December 22, 2022).

The professional culture of information security remains the initial element, the basis and the main determinant for other industries, professions and the general civil sphere [4]. At the same time, professional culture does not remain unchanged, functionally and structurally evolving as an element of an expanding system of an increasing variety of professions and general civil applications requiring information security. In this area, the relationship between professional and mass culture, existing in other professions, types of socio-cultural activities, is manifested. There is an analogy with the interaction of professional art and amateur art: the broadcast of high artistic culture to amateurs is complemented by reverse accumulation, synthesis by professionals of the best achievements of folk art.

Evolutionarily, the culture of information security specialists ceases to be highly professional in the 2000s, functionally extending to almost all industries where computer and telecommunications technologies and Internet communications are beginning to be used; accordingly, there is a need to ensure their security in relation to the content features of the profession. A distinctive feature of this period is the spread of corporate computer network systems, electronic office management and document management. Ensuring information security at this stage is most often not allocated to a separate organizational unit, but refers to the responsibilities of system administrators. The professional culture of information security, previously highly professional and closed, acquires a public character, expands to specialized activities in relation to the peculiarities of different industries.

Technical aspects are structurally supplemented with regulatory and organizational, as well as psychological and pedagogical issues: information security specialists have to formulate its rules, train employees to perform, monitor the results. In order not to turn into a vulnerability that critically increases the risks of damage, employees of organizations who are not professionals in information security should know and be able to comply with its rules in relation to their official duties. The personnel training of such information security specialists for various industries was provided by the introduction of appropriate professional and educational standards, the creation of a specialized training system, the opening of training areas by dozens of organizations of higher and secondary special education. Disciplines related to the formation of a professional culture of information security, taking into account industry specifics, are increasingly being introduced into the training of specialists of various profiles.

The next period of the evolution of the professional culture of information security, from the 2010s to the present, takes place in conditions of universal distribution, widespread and increasingly diverse use of computer and telecommunications technologies, automation of big data analysis and "artificial intelligence" - "digital transformation". The main socio-cultural feature of this period should be recognized as the emergence, development and spread to the general civil scale of mass client (user) services carried out through computer and telecommunications technologies. The success of digital transformation is impossible not only without mass, civil user skills, but also without trust in new services, due to the culture of safety of their use. The issue of "universal education" of citizens was actualized not only for the correct, but also for the safe use of digital equipment and services: understanding of the accompanying current threats, the ability to recognize them and respond correctly.

 2. Corporate and industry specialized culture of information security of employees

As the need for a mass culture of information security manifested itself during the digital transformation, it was necessary to decide: who, how and at the expense of what resources should ensure its effective formation and development, the fulfillment of functional purposes. In the 2000s, the state paid due attention to the professional training of information security specialists for public administration [5] and various industries (energy [6], transport [7], finance [8], medicine, social security, culture, etc.). The need for the development of a specialized professional culture of information security among employees was taken into account organizations that are not specialists in this field [9] in volumes and with content determined by corporate and industry specifics and job responsibilities.

The security culture of Internet services acted as a "team subculture" [10], was provided "according to the corporate principle": only within the organization, not extending to users of services [11]. Information security professionals of organizations had to take care of the safety of corporate values [12], they were not obliged to be responsible for improving the security culture of customers who suffer damage from incidents through their own fault. Ensuring the security of Internet services on the part of the client remained the citizens' own business; the civil culture of personal and public information security was formed mainly spontaneously.

Until the end of the 2000s, desktop personal computers with mains power supply and wired Internet access served as the main user equipment. The main value that attracted computer crime was non-cash electronic funds of customers in remote banking and payment services. Attacks and thefts were carried out mainly with the help of technical means — special malicious software ("bank viruses") and equipment (for example, for "skimming", hidden illegal copying of bank cards). The professional culture of information security, including service personnel, was reduced to the ability to apply technical means of protection, as well as related regulatory and organizational issues. The restriction of the professional culture of information security by the corporate framework and technical aspects protected by the "perimeter" of the organization, including services, remained justified and quite effective as long as the complex of the above conditions remained [13].

Since the 2010s, significant qualitative organizational, technological and large-scale socio-cultural changes have been taking place, which required a significant structural, functional and substantive renewal of the professional culture of information security [14]. A brief formulation of the essence of change can be the concept of universalization, ubiquitous, increasingly diverse, meaningful and continuous use by every citizen of computer and telecommunications solutions and Internet services. Desktop personal computers have been supplemented by massively available mobile devices with autonomous battery power supply, dependent on constant wireless Internet access. Tablets, smartphones, wearable gadgets, smart home appliances and video surveillance systems in public places have turned into a round-the-clock "digital environment" for every citizen, provided with coverage of populated areas of Russia with wireless broadband Internet access.

A parallel interdependent process was the creation of a "new generation" of Internet services and communications, with interactive capabilities (ratings, comments and the creation of their own publications): the press, social networks and blogging platforms, messengers. These opportunities have made the life of every citizen comprehensively "digital", increasing the time of using Internet services, as well as the list and significance of associated values. Big data analysis technologies have made it possible to automate the analysis of a variety of data about citizens, continuously collected in real time. Based on automated analysis of "big user data", Internet services allow manipulating the consciousness [15], actions, behavior and habits of large social groups, and modifying the identities of victims. The duration of using the service, the degree of attention to content, indicators of user engagement and activity have become a commodity for targeted "recommendation" advertising and aggressive marketing [16]. Not only money, many other user values, personal data (a vivid example is medical information [17]) have become attractive targets for intruders.

 3. Professional competencies in the formation of a general civil culture of information security

The reality emerging during the digital transformation, including the surge in the spread of remote services during the mass quarantine of 2020, has updated the threat landscape. There has been a reformatting of Internet crime, its goals and arsenal of tools, meaningfully affecting the functions and structure of the professional culture of information security. The targets of the attackers were not only monetary, but also other significant values of users, including socio-cultural ones. Attacks began to be redirected from the technical means of protecting computer equipment and software to the consciousness of users. At the previous stage, in the 2000s, computer crimes were correlated mainly with burglaries, including the use of technical means. Now, Internet fraud ("telephone", etc.) against individuals and organizations [18], called "social engineering", as well as blackmail, slander, damage to reputation, involvement in destructive, prohibited activities, have become a priority.

Socio-cultural threats have manifested themselves even among information security professionals themselves: models have been developed that include an "internal intruder" ("insider") (see the "Methodology for Assessing Information Security Threats" approved by the FSTEC of Russia on February 5, 2021), automated systems to prevent leaks from outside (DLP — Data Leak Prevention) and identification of a potential attacker among the employees of the organization. From now on, information security professionals have to normalize and train employees not only in organizational and technical, but also in socio-cultural aspects of countering threats, and become specialists in these matters themselves. The previous "corporate-industry" security model of mass Internet services has exhausted itself: since 2018, a sharp increase in damage to customers has been recorded not from technical attacks, but from "social engineering" [19]. The functions of the corporate professional culture of information security of financial organizations have been expanded by preparing and communicating rules to customers, developing their knowledge and skills of safe use of Internet services.

The reason for the emergence of a new set of threats to information security was the crisis of unipolar globalism, the beginning of reformatting international relations, the triggers of which were the coup d'etat in Ukraine in 2014 and the beginning of a special military operation there in February 2022. The established information security landscape included new technological and socio-cultural threats that caused the expansion of functions and structural changes in the profile professional culture (especially military affairs [20] and officer training [21]). The list of potential violators has expanded from international cybercrime to government organizations and corporations of unfriendly countries (including global digital platforms based in the United States).

To counteract the anti-Russian sanctions of unfriendly states, the cessation of high—tech imports, disconnection from Internet services (S.W.I.F.T - banking international monetary settlements, etc.), etc., new areas of activity were created: ensuring Russia's digital sovereignty and independence from imports, protecting Russia's critical infrastructure from cross-border cyberdiversions. The new socio-cultural functions of the professional culture of information security have become countering discrimination of Russian citizens and the official press by global digital platforms, mass telephone fraud, automated fake news and disinformation. The ranking of the importance of these socio-cultural functions has increased to a priority level, which was reflected by the corresponding structural changes in organizations and specialized information security units. Previously, the formation and development of a professional culture of information security was carried out mainly within the framework of technical scientific disciplines; currently, law, management, pedagogy, psychology, linguistics are becoming more and more prominent and important [22], and now cultural studies.

The formation and development of a mass, general civil culture of information security is turning into a public necessity and a new important direction of state policy. Due to new socio-cultural aspects, the professional culture of specialists is being significantly modernized, from now on providing not only information security of state organizations, but also the development of an appropriate civil culture. These updates relate to training in organizations of higher and secondary special education [23], professional retraining and advanced training of teachers, employees of the official press, social advertising.

 Conclusion

The result of the research is to identify the high potential of the conceptual apparatus and methods of cultural studies as a specialized science for understanding the issues and developing methods for the development of professional culture of information security in modern conditions. The evolutionary and structural-functional analysis allowed us to identify the most important factors in the evolution of the professional culture of information security: the universal use of computer and telecommunications technologies (digital transformation) and the deepening crisis of unipolar globalism, which actualized new cross-border technological and socio-cultural threats from unfriendly countries and corporations, including global digital platforms based in the United States.

It is shown that new realities and threats necessitate substantial and structural and functional changes in the professional culture of information security, including both organizational and technical (ensuring digital sovereignty, independence from technological imports) and socio-cultural aspects (countering cross-border fraud and disinformation aimed at destroying traditional values, identity substitution and involvement in extremist anti-state and anti-social activities).

The conclusion is made: new socio-cultural (psychological, pedagogical, etc.) functions of professional competencies acquire priority importance, become the core of the formation and development of a general civil culture of information security, including training of employees of state, commercial and public organizations, customers and users of Internet services. The results obtained can be used for further research and development of methodological materials in the fields of cultural studies and the development of information security culture in Russia.

References
1. Astakhova, L.V., & Utorov, O.R. (2022). Future information security specialist as a subject of educational activity. Bulletin of the Ural Federal District. Security in the Information Sphere, 1(43), 84-89. doi:10.14529/secur220110
2. Golushko, T.K. (2022). Information immunity as a key concept of information and psychological security of the individual. Tambov University review. Series: humanities, 6(27), 1483-1495. doi:10.20310/1810-0201-2022-27-6-1483-1495
3. Alowais, S., Armeen, I., Sharma, P., & Johnston, A. (2023). Cyber Hygiene Practices Across Cultures: A Cross Cultural Study of the US and Saudi Arabia based Information Systems Users. Procedia Computer Science, 219, 744-750. doi:10.1016/j.procs.2023.01.347
4. Bogdanov, D.A. (2021). Professional culture of a specialist in the field of information protection. Izvestiâ Voronežskogo gosudarstvennogo pedagogičeskogo universiteta, 4(293), 27-31. doi:10.47438/2309-7078_2021_4_27
5. Voskresenskaya, O.A., Sladkova, N.M., Gorkovenko, & Yu.L. (2022). Evaluation of the employee's value-motivational attitudes in the field of information security. Social & Labor Research, 1(46), 142-153. doi:10.34022/2658-3712-2022-46-1-142-153
6. Georgiadou, A., Michalitsi-Psarrou, A., & Askounis, D. (2023). A security awareness and competency evaluation in the energy sector. Computers & Security, 129. doi:10.1016/j.cose.2023.103199
7. Yerzhanov, A., Nurzhanova, G., Annenskaya, N., Butova, T., Balova, S., Anzorova, S., Aimakova, G., &  Bissenbayev, B. (2022). Building information security skills among young transport professionals. Transportation Research Procedia, 63, 1481-1488. doi:10.1016/j.trpro.2022.06.159
8. Panshin, B.N., & Karachun, I.A. (2021). Integration of professional and cultural knowledge in the training of specialists in the banking sector. Creative Economy, 12(15), 4625-4642. doi:10.18334/ce.15.12.113893
9. Yushchik, E.V. (2022). Development of information security skills in the formation of information and communication competencies of future specialists in the fishing industry. Pedagogičeskij žurnal, 5-1(12), 477-485. doi:10.34670/AR.2022.68.62.063
10. Sharma, Sh., & Aparicio, E. (2022). Organizational and team culture as antecedents of protection motivation among IT employees. Computers & Security, 120. doi:10.1016/j.cose.2022.102774
11. Ma, X. (2022). IS professionals’ information security behaviors in Chinese IT organizations for information security protection. Information Processing & Management, 1(59). doi:10.1016/j.ipm.2021.102744
12. Ogbanufe, O., Crossler, R., & Biros, D. (2023). The valued coexistence of protection motivation and stewardship in information security behaviors. Computers & Security, 124. doi:10.1016/j.cose.2022.102960
13. Patterson, C., Nurse, J., & Franqueira, V. (2023). Learning from cyber security incidents: A systematic review and future research agenda. Computers & Security, 132. doi:10.1016/j.cose.2023.103309
14. Zhestovsky, A.G., Okolot, D.Ya., & Rudinsky, I.D. (2022). Culture of information security of a marine specialist and conditions of its formation. Pedagogy. Theory & Practice, 1(7), 100-107. doi:10.30853/ped20220010
15. Berdyugin, A.A. (2022). Ensuring the security of natural intelligence in the conditions of cyberspace development. Zaŝita informacii. Insajd, 5(107), 75-81. EDN: DGFLML
16. Bylevskiy, P.G. (2023). User and personal data − risk analysis of knowledge extraction. Information security questions, 1(140), 35-40. doi:10.52190/20732600_2023_1_35
17. Demakov, V.I., Rerke, V.I., Portnaya, Ya.A., & Rakitskiy, V.V. (2021). About ensuring information security in the field of medicine and the relevance of its study in departmental universities. Čelovečeskij kapital, 4(148), 83-89. doi:10.25629/HC.2021.04.07
18. Borisov, V.R. (2021). Information technologies and digitalization as a medium of cyberbullying activity. Innovacionnoe razvitie èkonomiki, 6(66), 69-79. doi:10.51832/2223-79842021669
19. Grassegger, T., & Nedbal, D. (2021). The Role of Employees’ Information Security Awareness on the Intention to Resist Social Engineering. Procedural Computer Science, 181, 59-66. doi:10.1016/j.procs.2021.01.103
20. Kazimirovich, A.M. (2022). The practice of implementing directions for the development of professional orientation to information security among cadets of military institutes. Vestnik of St. Petersburg state university of technology and design. Series 3. Economic, humanitarian and social sciences, 1, 140-145. doi:10.46418/2079-8210_2022_1_25
21. Samedova, Yu.A., Dorokhov, A.N., & Grigorov, S.Yu. (2021). Pedagogical aspects of the formation of critical thinking as a means of information security of future officers in a military university. Modern high technologies, 2, 209-213. doi:10.17513/snt.38520
22. Krasnianskaya, T.M., Tylets, V.G., & Iohvidov, V.V. (2022). Representation of linguistic and psycholinguistic security in language consciousness. Language and Culture, 57, 60-79. doi:10.17223/19996195/57/3
23. Narkhov, D.Yu., Narkhova, E.N., Yarutina, S.A., & Shkurin, D.V. (2021). Socio-cultural potential of students in the aspect of information security and professional training. PNRPU sociology and economics bulletin, 2, 20-34. doi:10.17513/srps.244

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

The author presented his article "Cultural aspects of the professional culture of information security" to the journal "Culture and Art", in which a study of the socio-cultural potential of the virtual space protection system was conducted. The author proceeds in studying this issue from the fact that the use of computer and telecommunication technologies, Internet communications has spread to all branches of professional activity and to almost all citizens of Russia. The culture of information security, which was formed in the 1990s as a highly professional one, evolved initially to professional specializations in various industries, and then to a mass, general civil scale. The relevance of the research is due to the fact that the formation and development of a national system for the development of information security culture in the modern world is a necessity caused by the widespread diverse use of computer and telecommunications technologies and the manifestation of new high-level socio-cultural threats. The content of information security, including threats and means of counteraction, which previously had a predominantly technical character, is increasingly filled with socio-cultural and civil aspects, requiring specialized scientific understanding. The practical significance of the research lies in the fact that the results obtained can be used for further research and development of methodological materials in the fields of cultural studies and the development of information security culture in Russia. After analyzing the scientific validity of the problem, the author comes to the conclusion that initially, in the 1990s, information security was formed as a technical discipline, gradually including organizational, legal, pedagogical, psychological and socio-cultural directions, but was not considered by cultural studies comprehensively. Consequently, the scientific novelty of the research lies in the application of evolutionary and structural-functional approaches, which allows us to determine the specifics, place and role of professional information security competencies in the general civil culture of information security, adapt it for different categories of citizens in accordance with their socio-cultural characteristics, interests, habits and behavior. The purpose of this study is to analyze the socio-cultural aspect of information security. The methodological basis was made up of an integrated approach, including general scientific methods of analysis and synthesis, evolutionary and structural-functional analysis. The author has revealed the high potential of the conceptual apparatus and methods of cultural studies as a specialized science for understanding the problems and developing methods for the development of professional culture of information security in modern conditions. The evolutionary and structural-functional analysis allowed the author to identify the most important factors in the evolution of the professional culture of information security: the universal use of computer and telecommunications technologies (digital transformation) and the deepening crisis of unipolar globalism, which actualized new cross-border technological and socio-cultural threats from unfriendly countries and corporations, including global digital platforms based in the United States. The author shows that new realities and threats necessitate meaningful and structural and functional changes in the professional culture of information security, including both organizational, technical and socio-cultural aspects, namely, countering cross-border fraud and disinformation aimed at destroying traditional values, identity substitution and involvement in extremist anti-state and anti-social activities. The author investigates new socio-cultural (psychological, pedagogical, etc.) functions of professional competencies, which in the modern socio-cultural situation acquire priority importance, become the core of the formation and development of a general civil culture of information security, including training of employees of state, commercial and public organizations, customers and users of Internet services. In conclusion, the author presents a conclusion on the conducted research, which contains all the key provisions of the presented material. It seems that the author in his material touched upon relevant and interesting issues for modern socio-humanitarian knowledge, choosing a topic for analysis, consideration of which in scientific research discourse will entail certain changes in the established approaches and directions of analysis of the problem addressed in the presented article. The results obtained suggest that the study of the socio-cultural aspects of various activities and ways to improve their effectiveness is of undoubted scientific and practical cultural interest and deserves further study. It should be noted that the author has achieved his goal. The material presented in the work has a clear, logically structured structure that contributes to a more complete assimilation of the material. The bibliographic list of the research consists of 23 sources, including foreign ones, which seems sufficient for generalization and analysis of scientific discourse on the studied problem. It should be noted that the article may be of interest to readers and deserves to be published in a reputable scientific publication.
Nota Bene
 
For authors
 
Other
 
Our sites
© 1998 – 2024 Nota Bene. Publishing Technologies. NB-Media Ltd.