Information Security and Virtual Teams

Information Security and Virtual Teams

Penny Hart (School of Computing, University of Portsmouth, Portsmouth, UK)
Copyright: © 2017 |Pages: 7
DOI: 10.4018/IJSS.2017070101


This article contends that there are two increasingly important phenomena for organisations: the existence of virtual teams and the realisation that information needs to be protected more effectively. On-line communication methods expose organisations to issues regarding security of their ICT infrastructure, systems and data. At the same time, making possible virtual teams able to be unconstrained in purpose, time or location. While security measures are built into the teams' communication channels and processes, the perceptions, practices and organizational background of team members are equally important to the security of information being exchanged. A socio-technical approach is called for when investigating different perceptions of information security by individual team members, how they negotiate a common understanding for the team and what complexities and practices are introduced in multi-organisation teams. The article sets out issues which may need to be considered and proposes a course of research to increase understanding of the situation.
Article Preview

Information Security And Risk

Access to collections of information in organisations, whether mandated or not, attracts risk which can be categorised in a number of ways. The applicability and severity of security risk depends on the purpose and the aims of the organisation. For organisations with a strong research and development component, for example the pharmaceutical, technological and scientific innovation industries, there is risk to their intellectual property. For organisations whose main interactions are with clients or customers (retailers, government agencies), the risk to user or customer data is paramount, as is the legal requirement to protect such data (Data Protection Act, 1998). Within all organisations, there are vulnerabilities relating to sensitive data, which cause risk to their legal or financial position.

The potential impact on organisation’s ability to function and to maintain its position highlights the importance of information security as an element of corporate governance (von Solms & von Solms, 2004), with the Chief Information Security Officer (CISO) role now part of the executive suite. Many organisations recognise the business case for, and are working towards, fully developed information security policies. In these policies, organisations use technology and processes to enforce information security. Technological aspects include infrastructure layers, firewalls, user authentication and protection. The use of company policies, codes of practice, sanctions, password policies, accreditation to standards (ISO 27001) and employee terms and conditions provide the procedural framework. People involved include the CISO function and dedicated Information Security staff (such as those in secure operating centres and internally employed ethical hackers) - all of whom are employed to maintain information security. An organisation’s other employees should also be included, and trained to recognise that they are also part of the defences.

The human factor introduces vulnerabilities. Technological and procedural protections can be compromised by the people who use them. There is a danger of overreliance on technical solutions and on dedicated information security staff on the part of the organization’s employees (e.g. Furnell and Clarke, 2012; Sadok and Bednar, 2015). The social and behavioural aspects of information security have been attracting greater attention in recent years (Crossler et al., 2013), and this paper goes on to explore some of the issues.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 6: 2 Issues (2019)
Volume 5: 2 Issues (2018)
Volume 4: 2 Issues (2017)
Volume 3: 2 Issues (2016)
Volume 2: 2 Issues (2015)
Volume 1: 2 Issues (2014)
View Complete Journal Contents Listing