Research Notes on Emerging Areas of Conflict in Security

Introduction

Information assets are highly critical to any business and are increasingly becoming basis of survival today’s networked and global economy. In recent years, the developments in information technology and evolution of Internet have introduced newer information security risks such as the risk of service interruptions, breach of confidentiality and integrity of information. Evidently, there is growing importance for information in the economy, life, and development of society, where information security has surely emerged as a key concern for more and more organizations. Not only have security breaches have shown to cause losses to organizations but also have shown to hugely impact ordinary computer users’ well being, such as Identity theft, privacy violation and credit card information breach.

Providing information systems security and assurance has emerged as one of the most interesting as well as complex technological and social challenges. Computing Research Association (CRA, 2003), with support from the US National Science Foundation, recently drafted its Grand Research Challenges in security and assurance, intent on galvanizing the field by focusing attention and stimulating progress on these problems (Smith and Spafford, 2004). In the same spirit, based on extensive literature survey and review of practical information assurance issues, we present five research issues in information assurance area. In the area of information security research, we can find significant contributions from computer scientists, psychologists, socialists, economists, cryptologists, electrical and computer engineers and IS scholars. As a result of the increased attention and importance of this field, there are now several journals and a large number of annual conferences and workshops dedicated to the security aspects of information systems (IS) and computing. However, despite such diversity in the information security research, there are very few research efforts that involve interdisciplinary research, i.e. without limiting the analysis to a particular discipline (e.g., computer science, psychology, economics, business or cryptology).

We present five emerging areas in information security that are poised to bring the tremendous benefits to the information security practice and research. We have selected these five areas based on extensive literature review and emerging trends in information technology and security. This is a theoretical discourse, which considers a number of research issues and paradigms and explores the relevance of some interesting research areas that have far-reaching implications for IS research. This is not intended to be in any way an authoritative reference for the areas discussed in the chapter. Rather it is hoped that the chapter will stimulate a discussion about the five covered research areas and in doing so respond to the call for information security researchers to be more aware of the research methodological options available to them. Another motive for this chapter is to encourage debate among information security researchers as to how to assess the research methodologies available to them to explore the discussed areas. For each area, we have provided background and existing research along side rationale on why this area is becoming important and vital in the field of information security research. The contributions of the chapter are two-fold. First, it introduces five key areas of information security research that are gaining recognition and credibility to significantly aid information security practice. Secondly, the chapter provides discussion on these areas in light of existing and missing research that should stimulate information security researchers with thoughts and inclinations. The chapter is organized as follows: the next section presents five the identified emerging areas in information security research followed by a conclusion section.