This chapter looks at information security as a primarily technological domain, and asks what could be added to our understanding if both technology and human activity were seen to be of equal importance. The aim is therefore, to ground the domain both theoretically and practically from a technological and social standpoint. The solution to this dilemma is seen to be located in social theory, various aspects of which deal with both human and technical issues, but do so from the perspective of those involved in the system of concern. The chapter concludes by offering a model for evaluating information security from a social theoretical perspective, and guidelines for implementing the findings.
TopIntroduction
Within this chapter, we first look at the dominant approach to information security (ISec), establishing it as a domain in which technological factors predominate, and insufficient consideration is given to human issues. Building on this foundation, a picture is presented of the complexity of ISec, from which it is argued that the practice ought to pay more attention to the ways in which differing perceptions might give rise to a different ISec practice.
The tensions in ISec are presented as occurring between theory and practice on the one hand, and social and technological on the other. From this position, the question posed becomes: “How can we build an ISec practice which is grounded theoretically, and which addresses both technological and social issues?”
The source of a solution to this dilemma may be found in social theory. Various aspects of social theory deal with both human and technical issues, but do so from the perspective of those involved in the system of concern. Our approach, therefore, has been to build models to evaluate and implement ISec, both based explicitly on theories of social action.