Chapter 9 Strategic Implications of Information Security
Chapter 9 examines:
- What is the dominant perception currently of Information Security as a domain?
- How does viewing Information Security strategically affect our perception of the domain?
- How best can we evaluate an Information Security system from a strategic perspective?
- What are the key theoretical considerations which underpin this evaluation?
- What are the issues to be overcome in implementing such as system?
- Definitions can be drawn from the text.. The important issue is that both the US Department of Defense and the British Standard regard Information Security as a set of controls, focused on technology and information, but largely ignoring people.
- This can be answered by a discussion of Figure 9.1.
- Habermas: Systems/Lifeworld and Private/Public Spheres.
Parsons: AGIL functions.
Merton: Manifest and Latent.
- This discussion could be taken in a number of directions, but is really about the way in which rule-based methods are a poor solution to human-centred systems. One method I like to use is to follow, for example, the Local Authority example, and contrast the Lifeworld-biased normative (ought) position with the System-biased (is). A lively discussion always ensues!
- Operational issues are just that--they operationalise a wider set of goals or strategies. A more strategic focus can be demonstrated through discussion of Table 9.1. For example, contrast step 2 with the operational approach of applying the British Standard’s 130 controls.
- Again, there is scope for a number of discussions around this. What the students need to think about from earlier are, for example:
- Planning/emergent views of strategy.
- Hard, soft and critical views of information systems.
- Other theoretical perspectives such as the Burrell and Morgan Grid and Habermas' Theory of Knowledge Constitutive Interests.
- How strategy was applied to other issues in ISSM.
This should give the students the opportunity to apply the model. Allow them thirty minutes to do this, then initiate a discussion on how interrupting lunchtime meetings might be seen as shifting interactions from a lifeworld to a system bias, and the implications of this shift.
The discussion can then be moved on to where this might lead. Maybe the stunting of wider debates in the informal setting of the canteen will affect the organisation’s success; maybe employees will find a new way to meet and discuss…