Human-computer interaction and systems security: An organisational appraisal

Abstract

The motivation of the current paper is the search for responses about decision making in both context, computer and non-computer scenarios, thus whether no difference shall be found, the large behavioural literature on non-computer decision making can be used to interpret security issues. The effort is then devoted to identify organisational theoretical domains in order to approach the security problems. In particular it is identified a set of organisational literature contribution to emerging forms of organisations and behaviours with respect to the human factor and security problems [1-5]. While many authors propose a top-down view of organisational/policy-directed security the proposition of this paper is a bottom-up analysis, addressed to the end-user as a member of the organisation and moreover of its culture. As the results of the work, a threefold set of theoretical frameworks has been identified, leading to a robust conceptual base: the Contingency Model of Strategic Risk Taking of Baird [2]; the Strategic modeling technique for information security risk assessment of Misra [4], and a major contribution of Ciborra's work [3, 6, 7]. © 2008 Physica-Verlag Heidelberg.