(How) Can Directive (EU) 2019/1937 on whistleblowers be used to build up a security and safety culture in Institutions?
Margit Scholl
Business Computing and Administrative Informatics, Faculty of Business, Computing, and Law Technical University of Applied Sciences, Wildau (TH Wildau), Germany
Abstract: The process of comprehensive digitization and the ease with which many people can be duped are being exploited in criminal attacks. For this reason, there can be no question that a security culture needs to be established in institutions to raise awareness and ensure the commitment of employees. However, virtualization changes our understanding of ethics, and this affects institutions as well as individuals and society. Many institutions have established guidelines in an attempt to make professional ethics and moral conflicts the subject of collaborative reflection and action. But are these viable? This process is now supported by Directive (EU) 2019/1937, which covers the protection of people reporting breaches of EU law. As a common minimum standard, the directive seeks to provide a high level of protection for these individuals, who are popularly known as whistleblowers. The scope of the directive goes far beyond the concerns of an institutional security culture—nevertheless, it applies to this too. The paper sets out to start a proper debate on the digital turn, the building of a security culture, and the dilemmas involved in long lists of regulations, which are no guarantee of commitment. The information security culture in institutions depends on the awareness and expertise of management and employees and relies on continuous communication and ongoing discussions to ensure concrete progress. How can this be achieved? In the attempt to find an answer to this question through extensive literature research, the fundamental importance of the term “ethos” emerged. Since people can change their views and beliefs after identifying and reflecting on inconsistencies, it is also possible for this awareness to be trained through a process of active communication, the participatory exchange of ideas and experience, and interactive learning.
Keywords: Directive (EU) 2019/1937, Protection of Whistleblowers, ISO 37002:2020-08, Safety and Security Culture, Information Security, Competence Development, Learning Processes, Ethos/Ethics/Morality (How) Can Directive (EU) 2019/1937 on whistleblowers be used to build up a security and safety culture in Institutions?
Full_Text   PDF 236 KB   Download:   371  times

