Information Technology Reference
In-Depth Information
Table 13.3
Semiotic Framework for Analyzing Security in the Context of HCI
Semiotic
Layer
CIA
RITE
Physical
Hardware needed for authentication,
NA
intrusion detection, vigilance, and
maintaining consistent and available data
Storage of policies
Empiric
Telecommunication equipment needed
NA
for authentication, intrusion detection,
vigilance, and maintaining consistent and
available data
Efficiency and redundancy of policies
Syntactic
Software needed for authentication,
NA
intrusion detection, vigilance, and
maintaining consistent and available data
Language and structure of policies
Semantic
Validation of pertinent CIA design issues; Validation of pertinent RITE design
meanings, propositions, and denotations issues (e.g., validation that informal
required to convey the feeling of security norms and behaviors that come about in
to users (GUI) daily operations are being followed)
Validation, meanings, propositions, truth, and denotations of policies
Pragmatic
Communications, conversations, and
Communications, conversations, and
negotiations required to implement
negotiations required to implement
pertinent CIA design issues; intentions
pertinent RITE design issues (e.g.,
of GUI
communications, conversations, and
negotiations required to define employee
accountability domains)
Intentions of policies
Social
Social impact of implementing pertinent Social impact of implementing pertinent
CIA design issues (e.g., social impact of RITE design issues (e.g., social impact
poor security reputation) of allowing data access to specific
individuals in an organization)
Cultural norms, beliefs, expectations, functions, commitments, law,
culture, contracts, values, shared models of reality, and attitudes that
policy formation seeks to address or change
At the pragmatic layer, the organization would be required to determine the necessary com-
munications, conversations, and negotiations required to maintain pertinent CIA and RITE design
issues, as shown in Table 13.2. For example, pragmatic analysis might uncover the types of com-
munications and negotiations required to determine who in an organization is allowed to access
various types of data. As another example, pragmatic analysis would seek to uncover the com-
munications, conversations, and negotiations required to necessitate employee accountability for
various security operations. In other words, pragmatic analysis might uncover and thus assign
various security domains to specific employees so that questions about who is responsible for
future security threats can be minimized. Additionally, since a GUI would probably be used as the
Search WWH ::
Custom Search