This paper argues for expanded empirical research into end user security within information and communications technology networks. It identifies two core research challenges: defining security needs for specific implementation scenarios and translating those needs into practical technological and cultural mechanisms. Drawing on existing literature, the paper highlights how organizational culture, individual awareness, and user behavior significantly influence the effectiveness of security programs. It also underscores the growing relevance of end user security as more sensitive data is stored and transmitted across organizations of all types. The paper concludes by calling for more systematic, pragmatically applicable research that bridges the gap between concrete security controls and the personal and cultural dimensions of security compliance.
The growth in capabilities and the increasing pervasiveness of information and communications technologies makes security in information networks and systems an issue of increasing importance and complexity across an ever-larger diversity of settings. Many of the hardware and software components of networks can remain consistent across different specific settings, as the type of information being carried across such technologies does not typically impact the type of technology that needs to be utilized. However, one aspect of any information network changes almost entirely from setting to setting and from one implementation scenario to another: the end users.
From the type of information used in a given information system and the sensitivity of that information, to the interfaces end users utilize when accessing the system, to the overall culture of caution and security that exists within the broader organization — many different complexities and concerns affect information technology and network security as they relate to the end user. Though this is not the only aspect of an information network that requires security measures and controls, it is certainly an area of pressing concern and in need of further empirical investigation.
Research is necessary to address the issue of end user security from two different perspectives. First, defining the end user security needs for a given scenario — or developing a concrete methodology for defining these needs in each individual scenario — is a matter of considerable complexity. Second, means of achieving the identified security needs through both technological/practical and personal/cultural mechanisms must be developed and clearly outlined. Previous research has already identified these needs, beginning with issues of morality and attempts to maintain objectivity and practicality while incorporating such elements as morality into a definition of security needs and protocols (Church & Blackwell, 2008).
Identifying and articulating the abstract ends of security measures in the form of moral principles allows for the distillation of practical security goals and needs, which then enables the concrete consideration of specific software and hardware elements that increase security for end user applications without impeding actual use and the necessary processes within the organization (Church & Blackwell, 2008; Goecks et al., 2009; Kulkarni, 2010). Both the definition of initial needs and the translation of those needs into practical actions are complex tasks, and further research to develop more straightforward methods for their achievement is called for in the current literature (Kulkarni, 2010).
Implementing end user security measures while ensuring a continuation of end-user capabilities is only part of the problem faced in this area; ensuring that user-dependent security measures are understood and adhered to complicates the matter still further (Furnell, 2008; D'Arcy et al., 2009; Goecks et al., 2009). End user awareness and understanding have — not surprisingly — been identified as essential to the overall efficacy of network and information system security, and organizational culture appears to have a significant mediating or even controlling influence on the effectiveness of security programs through its transformation of individual mindsets, group behaviors, and collective attentions. Consequently, the interpersonal and psychological aspects of end user security are necessary areas of ongoing study and clarification if truly practical and effective security measures are to be created and adopted (Furnell, 2008; D'Arcy et al., 2009).
Developing a comprehensive and pragmatically applicable understanding of the relationship between the practical and concrete elements of an end user security plan and the abstract, personal, and cultural elements of security success has proven problematic, and will be a central focus of this research. As noted in the broader computer security literature, bridging this gap between technical controls and human behavior remains one of the most persistent challenges in the field.
"Growing importance across all organization types"
"Cited sources supporting the research argument"
You’re 67% through this paper. Sign up to read the remaining 2 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.