Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

Information Security: A Technical or Human Domain?

Information Security: A Technical or Human Domain?
View Free PDF
Author(s): Paul Drake (The University of Luton, UK) and Steve Clarke (The University of Luton, UK)
Copyright: 2001
Pages: 5
Source title: Managing Information Technology in a Global Economy
Source Editor(s): Mehdi Khosrow-Pour (Information Resources Management Association, USA)
DOI: 10.4018/978-1-930708-07-5.ch084


The ultimate objective of the research study on which this paper is based, is to develop, pilot, and refine an implementation framework for information security, based on critically normative theory. This framework will then be used to critically evaluate existing information security provisions in organisations, including evaluation against existing standards, using case-based and live organisational settings. The initial part of this study is now complete, and has provided the grounding for achieving the above objectives. This first stage, which is reported within this paper, had the key aim of critically assessing the current status of information security theory and practice from the literature and from empirical evidence. From this, the theoretical constructs that are applicable to an understanding of information security have been determined and are reported. This has led to the consideration of critical theory as a foundation for the domain of information security. An information security framework, based on this work, has been constructed. Over the past ten years there has been increasing interest in the subject of information security (for example: DoD, 1987; Baskerville, 1988; EC, 1991; O’Connor, 1994; Drake, 1998; BSI, 1999a; BSI, 1999b), with particular emphasis on information technology or computer security (for example: Donovan, 1994; Forester, 1994; Langford, 1995; Neumann, 1995; Gollman, 1999). In the early to mid 1990s, a group of representatives from some of the largest organisations in the UK decided to collaborate to formalise matters. They established a committee under the stewardship of the United Kingdom Department of Trade and Industry and the British Standards Institute to create a British Standard (BSI, 1999a; BSI, 1999b). Each of these organisations (and others) had been working to establish frameworks to adequately secure the information systems within their organisations, and the British Standard had the simple aim of standardising these frameworks into a model that could be applied to any organisation.

Body Bottom