Information Technology Reference
In-Depth Information
This paper will, however, use the principles of CIA and RITE as a lens to examine and thus
generate general security issues that pertain to HCI. The security issues generated in this section
will then be used along with the discussion in Section 2, to provide the basis for the semiotic
analysis and proposed framework given in Section 4.
Applying the Principle of CIA to Security Issues in the Context of HCI
The principle of CIA refers to examining the issues of confidentiality, integrity, and availability
from the perspective of data security. Dhillon and Backhouse (2000) state that confidentiality refers
to restricting data access to those who are interested and who should be allowed to access such
data. In the context of HCI, confidentiality is no doubt a very important issue. When dealing with
confidentiality from the customer perspective, customers need to feel as if only those who require
access are handling the sensitive data they pass over the Internet. Hence, the question of how this
feeling of confidentiality can be conveyed to the user must be addressed. When dealing with con-
fidentiality from the organizational perspective, organizations need to determine how to give
access only to those permitted to view sensitive data, and how any access policies created will be
implemented, maintained, and most importantly, secured.
Integrity refers to maintaining the values of the data stored and manipulated, such as main-
taining the correct signs and symbols. When dealing with integrity in the context of HCI, there
should be no doubt that organizations must address the question of how data can be maintained
and secured in a consistent fashion. Data integrity is crucial to maintaining customer loyalty. For
example, when dealing with an online banking scheme, what would be the consequences of incor-
rect account balances to both the customer and the organization? However, even if data integrity
is maintained, organizations also need to address their ability to accurately secure the interpreta-
tion of data. Organizations must secure that interpretations of data are consistent with company
rules and policies.
Availability refers to keeping data available when they are needed. When dealing with availabil-
ity in the context of HCI, policies must be implemented that address the question of when data should
be available to both customers and employees. For example, an online banking scenario would cer-
tainly require data to be available to customers twenty-four hours a day, yet the organization must
also determine when various employees should be allowed to access data. Additionally, policies for
handling system failures should be addressed when dealing with the concept of availability.
Applying RITE Principles to Security Issues in the Context of HCI
Dhillon and Backhouse (2000) note that the traditional principles of CIA apply to scenarios where
information is seen as data, yet does not necessarily address the changing organizational context
in which this data is interpreted and used. As a result, it can be argued that for organizations to
meet the changing demands of the future, an organizational subculture needs to be formed that
addresses the issues of responsibility, integrity, trust, and ethicality (RITE).
Responsibility refers not only to accountability for security issues but to handling future new
security developments. In the context of HCI, responsibility would thus require an organization to
determine who is accountable for various security operations and also policy formation that deter-
mines who will be responsible for new security threats that are not necessarily defined in the com-
pany hierarchy or some organizational chart. For example, an online banking Web site would be
subject to new forms of outside threats that could not necessarily be predicted because of the increas-
ing sophistication of hackers. Who in the organization is responsible for handling such threats?
Search WWH ::
Custom Search