Digital Divide: Is It War Between Information Managers And Users?

The digital divide is deep and gaping between security professionals and users. Researchers have studied the differing points of views in an attempt to bridge the great divide. But do prejudices on both sides make the chasm too wide and jagged to seal?

bridgegapA digital divide exists between information security managers and users. IT/IS managers mainly regard users as an information security threat, while users regard themselves as an untapped resource for security work. Research suggests these greatly differing points of view tend to make management approaches to security that do not line up well with the dynamics of the users’ working day.

Different work situations and rationalities may explain the digital divide in organizations. The security professional operates at a distance from the everyday work tasks and vulnerabilities in the company, but put toe to the line in a digital attack when vulnerabilities require crisis management. Users, however, step up to the plate every day as required to keep the company going forward as productive and profitable. For users, it is often a case of feeling like all their rights and privileges are unjustly controlled.

The differences in technical experience, understandings, priorities and approach between managers and users in this field result in management strategies based on the prejudiced view that users are more of a security threat than a resource. Some users, however, are quite technically savvy. On the other hand, to say some users are technically challenged is being kind. The graph below shows both users’ answers as well as security professionals’ answers to the same risk judgment questions, emphasizing the similarities and differences between their views and experience of security practices within a company.

Mean values for judgements of IT-related risks by 151 users and 87 security professionals. Range from 1= no risk to 5 = very high risk.

Mean values for judgements of IT-related risks by 151 users and 87 security professionals. Range from 1= no risk to 5 = very high risk.

Users do the lion’s share of daily work to keep the company going. But if users were allowed more rights and input into security practices, it might help reveal potential holes to be exploited. Security professionals view that as potential danger as there are always a few users who would have no passwords on their computers or are the type to hit reply to all, basically a security professional’s nightmare. Users, on the other hand, seem to think the lack of contact to security professionals at their company makes the security managers remote and secretive. The lack of information sharing and interaction seems to be one of the highest problems that maintain the digital divide.

The average information security professional’s level of authority and paycheck are higher than the authority and monetary reward given to a user in relation to security. In fact, users do not have a say in the security measurements that are put into play behind the scenes and forced down to networked computers. The user therefore is less motivated to volunteer security knowledge that could be a vital resource for the company. Security managers are less than inclined to divulge all the security that is setup due to the possible vulnerabilities that could be discovered and exploited. There are no reasons for the company to change the way this is done, as security is all important.

Different spheres of power within an organization between information security managers and users will not help diminish the great digital divide. Security people tend to think users are losers and dumb to boot. Users think security people are control freaks. These gaping differences undermine instead of enhance the rich diversity of viewpoints and knowledge available to businesses. Maintaining information security is the security professional’s main daily work task. Users have other equally important work tasks like keeping the company going. Unequal distribution of power as well as the lack of interaction must be addressed and previous prejudices must be overcome in order to shut and seal this huge security chasm between information managers and users, both of whom utilize technology within their organization.

Journal Reference: doi:10.1016/j.cose.2009.01.003

Bookmark and Share

Related Posts

  • Biggest Privacy Breaches in 2009
    Your right to privacy is shrinking, but it's happening quietly without much...
    Read More
  • Will Social Networks Opt-Out of the Opt-Out Privacy Model?
    Privacy has been a major issue with all Social Networks. While the networks...
    Read More
  • Online Auctions – Detecting Credit Card Phantom Transactions
    Online auctions open up opportunities for several types of frauds. A partic...
    Read More

September 2, 2009

Category: Security, Technoglogy

Tags: , ,

blog comments powered by Disqus