Rodrigo Werlinger, Kirstie Hawkey and Konstantin Beznosov
The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and…
Abstract
Purpose
The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors.
Design/methodology/approach
The data set consisted of 36 semi‐structured interviews with IT security practitioners from 17 organizations (academic, government, and private). The interviews were analyzed using qualitative description with constant comparison and inductive analysis of the data to identify the challenges that security practitioners face.
Findings
A total of 18 challenges that can affect IT security management within organizations are indentified and described. This analysis is grounded in related work to build an integrated framework of security challenges. The framework illustrates the interplay among human, organizational, and technological factors.
Practical implications
The framework can help organizations identify potential challenges when implementing security standards, and determine if they are using their security resources effectively to address the challenges. It also provides a way to understand the interplay of the different factors, for example, how the culture of the organization and decentralization of IT security trigger security issues that make security management more difficult. Several opportunities for researchers and developers to improve the technology and processes used to support adoption of security policies and standards within organizations are provided.
Originality/value
A comprehensive list of human, organizational, and technological challenges that security experts have to face within their organizations is presented. In addition, these challenges within a framework that illustrates the interplay between factors and the consequences of this interplay for organizations are integrated.
Details
Keywords
Konstantin Beznosov and Olga Beznosova
This paper aims to report on the results of an analysis of the computer security problem space, to suggest the areas with highest potential for making progress in the…
Abstract
Purpose
This paper aims to report on the results of an analysis of the computer security problem space, to suggest the areas with highest potential for making progress in the attacker‐defender game, and to propose questions for future research.
Design/methodology/approach
The decomposition of the attacker‐defender game into technological, human, and social factors enables one to analyze the concentration of public research efforts by defenders. First, representative activities are selected, then each activity is mapped into the technological, human and social (THS) basis. Afterwards, citation databases are used to estimate the relative volume of publications on each selected activity in the science and engineering communities. Finally, drawing on a number of relevant theories in organizational theory, sociology, and political science, avenues for exploring the social dimension by the defenders are discussed.
Findings
The analysis suggests that over 94 percent of the public research in computer security has been concentrated on technological advances. Yet attackers seem to employ more and more human and social factors in their attacks. The social organization of the attackers allows them to achieve the results not possible otherwise, shifting the balance in their favour. It is suggested that the scope of research should be broadened, to involve organizational behavior and structure as well as social capital aspects that are currently not high on computer security research agenda.
Research limitations/implications
The queries limit the search to public content written in the English language only. Since the authors are concerned with the relative (rather than absolute) volume of each activity, it is an open question whether this limitation biases the results.
Practical implications
As the arms race in computer security progresses, social factors may become or already are increasingly important. The side that capitalizes on them sooner may gain the competitive advantage.
Originality/value
A simple method for gauging the focus of research efforts in the computer security community and for considering computer security problem space through the lens of social sciences is developed.
Details
Keywords
Rodrigo Werlinger, Kasia Muldner, Kirstie Hawkey and Konstantin Beznosov
The purpose of this paper is to examine security incident response practices of information technology (IT) security practitioners as a diagnostic work process, including the…
Abstract
Purpose
The purpose of this paper is to examine security incident response practices of information technology (IT) security practitioners as a diagnostic work process, including the preparation phase, detection, and analysis of anomalies.
Design/methodology/approach
The data set consisted of 16 semi‐structured interviews with IT security practitioners from seven organizational types (e.g. academic, government, and private). The interviews were analyzed using qualitative description with constant comparison and inductive analysis of the data to analyze diagnostic work during security incident response.
Findings
The analysis shows that security incident response is a highly collaborative activity, which may involve practitioners developing their own tools to perform specific tasks. The results also show that diagnosis during incident response is complicated by practitioners' need to rely on tacit knowledge, as well as usability issues with security tools.
Research limitations/implications
Owing to the nature of semi‐structured interviews, not all participants discussed security incident response at the same level of detail. More data are required to generalize and refine the findings.
Originality/value
The contribution of the work is twofold. First, using empirical data, the paper analyzes and describes the tasks, skills, strategies, and tools that security practitioners use to diagnose security incidents. The findings enhance the research community's understanding of the diagnostic work during security incident response. Second, the paper identifies opportunities for future research directions related to improving security tools.
Details
Keywords
Abstract
Details
Keywords
Mohan Thite and Ramanathan Iyer
Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information…
Abstract
Purpose
Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information technology (IT)-centric solutions to secure and strengthen their information security ecosystem. Unfortunately, they pay little attention to human resource management (HRM) solutions. This paper aims to address this gap and proposes an actionable human resource (HR)-centric and artificial intelligence (AI)-driven framework.
Design/methodology/approach
The paper highlights the dangers posed by insider threats and presents key findings from a Leximancer-based analysis of a rapid literature review on the role, nature and contribution of HRM for information security, especially in addressing insider threats. The study also discusses the limitations of these solutions and proposes an HR-in-the-loop model, driven by AI and machine learning to mitigate these limitations.
Findings
The paper argues that AI promises to offer many HRM-centric opportunities to fortify the information security architecture if used strategically and intelligently. The HR-in-the-loop model can ensure that the human factors are considered when designing information security solutions. By combining AI and machine learning with human expertise, this model can provide an effective and comprehensive approach to addressing insider threats.
Originality/value
The paper fills the research gap on the critical role of HR in securing and strengthening information security. It makes further contribution in identifying the limitations of HRM solutions in info security and how AI and machine learning can be leveraged to address these limitations to some extent.