The (Social) Construction of Information Security

Pieters, Wolter

doi:10.1080/01972243.2011.607038

Cited by 19 publications

(9 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Contingency theory also affects the initiation and adoption of change in organizations (Battilana & Casciaro, 2012). In information security, both external and internal forces shape what threatens and how to protect information systems (Pieters, 2011). Intertwined in the threat and protection landscape of information systems are people.…”

Section: Literature Reviewmentioning

confidence: 99%

Applying a Contingency Framework to Digital Forensic Processes in Cloud Based Acquisitions

Barrett¹

2017

JDFSL

View full text Add to dashboard Cite

The change in business models to incorporate a wide variety of cloud computing environments has resulted in the escalation of computer crimes in the areas of security breaches and hacking. Methods to acquire evidence in a cloud computing environment are limited due to the complexity of the cloud environment. Since digital acquisition processes in cloud computing environments are still in the infancy stages, there have been no studies in the application of existing frameworks to this type environment based on traditional forensic processes. This paper describes a qualitative study conducted to develop a robust contingency framework for deciding when to use traditional forensic acquisition practices, when to use modified processes, and when it is necessary to develop new forensic acquisition processes more appropriate to the cloud computing environment. The contingency framework was developed through the evaluation of 20 common forensic procedures by a panel of forensic and cloud computing subject matter experts.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Applying a Contingency Framework to Digital Forensic Processes in Cloud Based Acquisitions

Barrett¹

2017

JDFSL

View full text Add to dashboard Cite

show abstract

“…Nonetheless, despite those studies that focus on CIA as the objective of information security and on how they are achieved in practice, information security in and of itself -the question of what it is ontologically -has remained largely unexamined (cf. Pieters, 2011). In this paper, we examine the ontology of information security to depict what information security is and what it does or, rather, to depict what it is through what it does.…”

Section: Introductionmentioning

confidence: 99%

The Order Machine – The Ontology of Information Security

Vuorinen¹,

Tetri²

2012

JAIS

View full text Add to dashboard Cite

Traditionally, information security has been approached in terms of how to achieve the confidentiality, integrity, and availability of information. In this paper, we seek to ontologically examine information security by using Gilles Deleuze and Félix Guattari's philosophical concepts of machine, coupling, interruption, and territory. Through these concepts, we conceptualize information security as an order-seeking, connection-based, territorial security machine that attempts to subject and harness other actors-from technical devices and physical barriers to employees and various combinations of these actors-to carry out the security machine's protective tasks. The goal of the security machine is to block or interrupt the chaotic forces of the outside and, thus, to maintain the fragile order of information. However, the process of interrupting the outside requires interruption of the inside as well: users and organizations are interrupted daily by the security machine and its practices. Yet this aspect of information security has remained largely unexamined. We argue that the question of what information security does to its subjects-what its effects are-in the protected system should be examined more thoroughly.

show abstract

“…This can be seen as a process of alignment of security policies with organisational norms [11], in which the friction between norms and policies is minimised. In general, security requires minimisation of certain frictions and maximisation of others [14,31], of which policy alignment is a typical instance.…”

Section: Adapting the Technologymentioning

confidence: 99%

Reducing normative conflicts in information security

Pieters

Coles-Kemp

2011

Proceedings of the 2011 New Security Paradigms Workshop

Self Cite

View full text Add to dashboard Cite

Security weaknesses often stem from users trying to comply with social expectations rather than following security procedures. Such normative conflicts between security policies and social norms are therefore undesirable from a security perspective. It has been argued that system developers have a "meta-task responsibility", meaning that they have a moral obligation to enable the users of the system they design to cope adequately with their responsibilities. Depending on the situation, this could mean forcing the user to make an "ethical" choice, by "designing out" conflicts. In this paper, we ask the question to what extent it is possible to detect such potential normative conflicts in the design phase of security-sensitive systems, using qualitative research in combination with so-called system models. We then envision how security design might proactively reduce conflict by (a) designing out conflict where possible in the development of policies and systems, and (b) responding to residual and emergent conflict through organisational processes. The approach proposed in this paper is a so-called subcultural approach, where security policies are designed to be culturally sympathetic. Where normative conflicts either cannot be avoided or emerge later, the organisational processes are used to engage with subcultures to encourage communally-mediated control.

show abstract

The (Social) Construction of Information Security

Cited by 19 publications

References 19 publications

Applying a Contingency Framework to Digital Forensic Processes in Cloud Based Acquisitions

Applying a Contingency Framework to Digital Forensic Processes in Cloud Based Acquisitions

The Order Machine – The Ontology of Information Security

Reducing normative conflicts in information security

Contact Info

Product

Resources

About