Information Technology Reference
In-Depth Information
Table 13.2
Design Issues for Security in the Context of HCI
C
onfidentiality
I-1.
How can the sense of confidentiality be conveyed to the user?
I-2.
How will an organization determine access policies to sensitive data and
how will these policies be implemented, maintained, and secured?
I
ntegrity
I-3.
How can data be maintained and secured in a consistent manner?
I-4.
How can organizations secure that interpretations of data are consistent
with company rules and policies?
A
vailability
I-5.
How does an organization determine when data should be available to both
customers and employees, and how will these policies be implemented,
maintained, and secured?
I-6.
What types of policies should be created for system failure?
R
esponsibility
I-7.
What types of policies will be created that determine who is accountable for
various security operations?
I-8.
What types of policies will be created that determine who will be
responsible for new security threats that are not necessarily defined in the
company hierarchy or by some organizational chart?
I
ntegrity of Roles
I-9.
What types of policies will be created that determine who in the
organization should be trusted with sensitive data so that inside threats can be
minimized?
T
rust
I-10.
How will policies define appropriate norms and patterns of behavior to
ensure that that all members of an organization can be expected or trusted to
implement these policies?
E
thicality
I-11.
How will organizations convey ethical policies to employees about informal
norms and behaviors that come about in daily operations?
Integrity (integrity of roles) refers to the issues that surround determining who in an organiza-
tion should be given access to sensitive information to minimize inside threats. It is widely known
that most security threats come from inside an organization. In the context of HCI such as online
banking scenarios or sites that require customers to divulge credit card information, the question
then becomes who in this type of organization is deemed to be trusted with sensitive data so that
inside threats can be minimized.
Trust refers to defining the appropriate levels of norms and patterns of behavior that all members
of an organization should be trusted to implement. In the context of HCI, this concept of trust is
paramount because systems are often managed virtually in the absence of close supervision. Hence,
levels of norms and patterns of behavior must be well defined and explained thoroughly in company
policies. Perhaps such policies would also concentrate on conveying strict penalties for violations of
company trust policies that go beyond termination and focus more on criminal penalties.
Ethicality refers to defining ethical practices that should be followed by employees when rules
defining such practices cannot be predetermined due to new and dynamic situations. In the con-
text of HCI, the issue of ethicality is crucial because the business that surrounds HCI-type systems
is ever-changing. Hence ethical policies need to be adequately communicated to the employees.
To a large extent, this can be made possible by formalizing the normative structures.
Summary
Table 13.2 summarizes the various design issues generated in the previous discussion that come from
interpreting IS security in the context of HCI. As shown in Table 13.2, the design issues generated
Search WWH ::
Custom Search