Abstract
The motivation of the current paper is the search for responses about decision making in both context, computer and non-computer scenarios, thus whether no difference shall be found, the large behavioural literature on non-computer decision making can be used to interpret security issues. The effort is then devoted to identify organisational theoretical domains in order to approach the security problems. In particular it is identified a set of organisational literature contribution to emerging forms of organisations and behaviours with respect to the human factor and security problems [1–5]. While many authors propose a top-down view of organisational/policy-directed security the proposition of this paper is a bottom-up analysis, addressed to the end-user as a member of the organisation and moreover of its culture. As the results of the work, a threefold set of theoretical frameworks has been identified, leading to a robust conceptual base: the “Contingency Model of Strategic Risk Taking” of Baird [2]; the “Strategic modeling technique for information security risk assessment” of Misra [4], and a major contribution of Ciborra’s work [3, 6, 7].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adams, A. and Blandford, A. (2005). Bridging the gap between organizational and user per-spectives of security in the clinical domain. International Journal of Human-Computer Studies, 63, 175-202.
Baird, I. S. and Thomas, H. (1985). Toward a contingency model of strategic risk taking. Academy of Management Review, 10(2), 230-245.
Ciborra, C. (2004). The Labyrints of Information, Oxford University Press, Oxford, UK.
Misra, S. C., Kumar, V., and Kumar, U. (2007). A Strategic modeling technique for informa-tion security risk assessment. Information Management & Computer Security, 15(1), 64-77.
Orlikowski, W. J. (2000). Using technology and constituting structures: A practice lens for studying technology in organizations. Organization Science, 11(4), 404-428.
Ciborra, C. (1993). Teams Markets and Systems, Cambridge University Press, Cambridge, UK.
Ciborra, C. (2000). From Control to Drift, Oxford University Press, Oxford, UK.
Dourish, P., Grinter, R. E., Delgado de la Flor, J., and Joseph, M. (2004). Security in the wild: User strategies for managing security as an everyday, practical problem. Personal Ubiquitous Computing, 8(6), 391-401.
Sasse, M. A., Brostoff, S., and Weirich, D. (2001). Transforming the ‘weakest link’ - a human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3),122-131
Jensen, C., Potts, C., and Jensen, C. (2005). Privacy practices of Internet users: Self-reports versus observed behaviour. International Journal of Human-Computer Studies, 63, 203-227
Mitnick, K. D. (2003). The Art of Deception, Wiley, New York
Schneier, B. (2006). Beyond Fear, Thinking Sensibly About Security in an Uncertain World, Wiley, NY
Karat, C.-M. (1989). Iterative usability testing of a security application. Proceedings of the Human Factors Society, Denver, Colorado, 273-277.
Karat, J., Karat, C.-M., Brodie, C., and Feng, J. (2005). Privacy in information technology: Designing to enable privacy policy management in organizations. International Journal of Human-Computer Studies, 63, 153-174.
Roth, V., Straub, T., and Richter, K. (2005). Security and usability engineering with particular attention to electronic mail. International Journal of Human-Computer Studies, 63, 51-63.
Anderson, R. (2001), Security Engineering: A comprehensive Guide to Building Dependable Distributed Systems, Wiley, New York.
Anderson, R. (1993). Why cryptosystems fail. Conference on Computer and Communications Security, Proceedings of the 1st ACM Conference on Computer and communications security, 215-227.
Anderson, R. (2001). Why information security is hard: An economic perspective. Seven-teenth Computer Security Application Conference, 358-365.
Gallino, L. (1984). Mente, comportamento e intelligenza artificiale, Comunit à , Milano.
Baskerville, R. (1993). Research notes: Research directions in information systems security. International Journal of Information Management, 7(3), 385-387.
Baskerville, R. (1995). The Second Order Security Dilemma, Information Technology and Changes in Organizational Work. Chapman and Hall, London.
Hardee, J. B., Mayhorn, C. B., and West, R. T. (2006). To download or not to download: An examination of computer decision making, interactions. Special Issue on HCI & Security, May-June, 32-37.
Hardee, J. B., Mayhorn, C. B., and West, R. T. (2001). You downloaded WHAT? Computer-based security decisions. 50th Annual Meeting of the Human Factors and Ergonomics Society. Santa Monica, CA.
March, J. G. and Simon, H. A. (1958). Organizations. Wiley, New York, NY
Dhamija, R.(2006). Why phishing works. Proceedings of CHI, Montreal, Quebec, Canada, 581-590
Schultz, E. E., Proctor, R. W., Lien, M. C., and Salvendy, G. (2001). Usability and security: An appraisal of security issues in information security methods. Computers and Security, 20(7),620-634
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2008 Physica-Verlag Heidelberg
About this paper
Cite this paper
Cavallari, M. (2008). Human–Computer Interaction and Systems Security: An Organisational Appraisal. In: Interdisciplinary Aspects of Information Systems Studies. Physica-Verlag HD. https://doi.org/10.1007/978-3-7908-2010-2_32
Download citation
DOI: https://doi.org/10.1007/978-3-7908-2010-2_32
Publisher Name: Physica-Verlag HD
Print ISBN: 978-3-7908-2009-6
Online ISBN: 978-3-7908-2010-2
eBook Packages: Business and EconomicsBusiness and Management (R0)