The significance of securing as a critical component of information security: An Australian narrative. Issue 87 (November 2019)
- Record Type:
- Journal Article
- Title:
- The significance of securing as a critical component of information security: An Australian narrative. Issue 87 (November 2019)
- Main Title:
- The significance of securing as a critical component of information security: An Australian narrative
- Authors:
- Burdon, Mark
Coles-Kemp, Lizzie - Abstract:
- Abstract: As information security is called upon to operate in increasingly unstable spaces, the role of the information security practitioner becomes ever more complex. Successful information security practice depends on tactics and strategies that situate the need for protection within organisational goals. These tactics and strategies have become progressively important as organisations are disrupted by digital technology. The locus of control is unpredictably distributed across groups within an organisation. Finding consensus about the need for security thus becomes challenging. Information security controls are an important part of the control structure but increasingly they are negotiated controls, making the process of securing as important as the security mechanisms themselves. We employ broader political and social theories of security, most notably Smith (2005), to analyse data from nine semi-structured interviews of Australian information security practitioners. Our findings delineate the interlinking concepts of securing and security. Security is straightforward. It is a state of being secure. Securing, on the other hand, is complex. It is a consensus-seeking, value-engagement process that enables the attainment of security. Through this analysis, we identify processes and techniques of securing tacitly employed by the participants. Central to effective securing practice is a participant's ability to, 'get the security message right.' The message is used toAbstract: As information security is called upon to operate in increasingly unstable spaces, the role of the information security practitioner becomes ever more complex. Successful information security practice depends on tactics and strategies that situate the need for protection within organisational goals. These tactics and strategies have become progressively important as organisations are disrupted by digital technology. The locus of control is unpredictably distributed across groups within an organisation. Finding consensus about the need for security thus becomes challenging. Information security controls are an important part of the control structure but increasingly they are negotiated controls, making the process of securing as important as the security mechanisms themselves. We employ broader political and social theories of security, most notably Smith (2005), to analyse data from nine semi-structured interviews of Australian information security practitioners. Our findings delineate the interlinking concepts of securing and security. Security is straightforward. It is a state of being secure. Securing, on the other hand, is complex. It is a consensus-seeking, value-engagement process that enables the attainment of security. Through this analysis, we identify processes and techniques of securing tacitly employed by the participants. Central to effective securing practice is a participant's ability to, 'get the security message right.' The message is used to create an agreed value consensus across conflict-ridden environments. We contend that securing is often undervalued and not recognised as a distinct theoretical part of the discipline of information security. However, given the complexity and uncertainty of information security practice, we argue that securing needs to be considered as a critical component of being secure. … (more)
- Is Part Of:
- Computers & security. Issue 87(2019)
- Journal:
- Computers & security
- Issue:
- Issue 87(2019)
- Issue Display:
- Volume 87, Issue 87 (2019)
- Year:
- 2019
- Volume:
- 87
- Issue:
- 87
- Issue Sort Value:
- 2019-0087-0087-0000
- Page Start:
- Page End:
- Publication Date:
- 2019-11
- Subjects:
- Security studies -- Usable security -- Information security messaging -- Human aspects -- Organisational culture -- Ontological security -- Information security management
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2019.101601 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16313.xml