Information Technology Reference
In-Depth Information
by CIA concentrate on how things can be done where both technical and human level considera-
tions must be addressed. Issues generated by RITE concentrate on mostly human considerations that
deal mainly with policy formation. The next section will be devoted to examining these design
issues using the semiotic ladder as a framework for further analysis.
A SEMIOTIC FRAMEWORK FOR ANALYZING SECURITY IN THE
CONTEXT OF HCI
As previously mentioned, the purpose of this paper is to propose a general semiotic framework for
discovering and interpreting the deep-rooted human and technical issues relating to security in the
context of HCI. This section proposes this framework, as shown in Table 13.3, and discusses the
rationale behind this table.
Table 13.3 is a result of analyzing the various design issues shown in Table 13.2 and incorpo-
rating the semiotic principles discussed earlier in this paper. As shown in Table 13.3, CIA and
RITE design issues are related in that they both require extensive human-level analysis. However,
CIA design issues require a deeper technical analysis than RITE design issues. That is, design
issues generated by CIA require an organization to determine the hardware, software, and telecom-
munication equipment needed for authentication, intrusion detection, vigilance, and maintaining
consistent and available data. These technical requirements are illustrated in Table 13.3 at the
physical, empiric, and syntactic layers. As previously mentioned, organizations are typically capable
of determining these technical requirements rather easily. However, analyzing human-level con-
siderations would require a much deeper analysis and is often times overlooked or disregarded.
Human Level Analysis
Conducting a deep-rooted analysis at the human level would require each individual layer to be
thoroughly investigated. At the semantic layer, the organization would be required to validate var-
ious design issues shown in Table 13.2 that pertain to that organization. For example, an organi-
zation would be required to validate whether data is being maintained and secured in a consistent
manner. That is, the organization must periodically determine if data integrity is being preserved
after various security implementations are undertaken. As another example, an organization might
also be required to validate if informal norms and behaviors that come about in the daily operations
are being followed.
To confirm the pertinent issues in Table 13.2, validation procedures would need to be created
and would obviously be organization specific. However, based on the constructivist principle dis-
cussed in Section 2, these validation procedures would probably indicate the need for repair
work to be done. Hence, to ensure semantic meaning to all pertinent parties across the various
design issues in Table 13.2, the organization must be prepared and willing to address repair needs.
For example, if an organization determines that informal norms and behaviors are not being
followed, then perhaps the organization might determine the need for creating additional company
policies. These additional company policies would then serve to formalize or draw attention to the
importance of following informal norms and behaviors that are created in the dynamic workplace.
Additionally, semantic layer analysis would require the organization to determine the mean-
ings, propositions, and denotations required to convey the feeling of security to users. Of course,
how to convey the feeling of security to a user would be specific to each organization and type of
HCI system. For example, organizations might either rely on their reputation or provide docu-
mentation in the form of text or interactive GUI.
Search WWH ::
Custom Search