Information Technology Reference
In-Depth Information
communication medium to users, pragmatic analysis would uncover the true intentions of the var-
ious GUI components used by HCI systems.
At the social layer, the organization would be required to determine the social impact of imple-
menting pertinent CIA and RITE design issues shown in Table 13.2. Determining the social impact
of the various design issues would certainly signify the level of importance for each issue and
would provide organizational goals that would govern operation and policy formation. For exam-
ple, social layer analysis might determine the social impact of a poor security reputation, thus
highlighting the real importance of various design issues or specific company policies. As another
example, social layer analysis might discover that restricting data access to various individuals in
an organization has a negative impact on employee morale. Hence, this negative impact would be
measured against the underlying purpose of these restrictions to determine if access policies should
be revised.
Policy Formation
As shown in Table 13.3, CIA and RITE design issues both require formation and upkeep of poli-
cies that govern the various design issues shown in Table 13.2. Additionally, Table 13.2 illustrates
that the formation and upkeep of these policies need to be analyzed at both the technical and
human levels of the semiotic ladder.
At the technical level, policy formation should be analyzed at the physical, empiric, and
syntactic layers. At the physical layer, the organization needs to consider where the actual storage
of policies will be located and who should be able to access these policies. Obviously, poli-
cies that should be made available to all members of an organization should be warehoused in
a location that is easy to access. At the empiric and syntactic layers, the organization would
be required to examine the efficiency of any policies. Policies should be written in a concise
manner, carefully considering the language used, so that all employees are capable of under-
standing the major issues without having to sift through redundant and inefficiently structured
documents.
At the human level, policy formation should be rigorously analyzed at the semantic, pragmatic,
and social layers. At the semantic layer, the meanings, propositions, truth, and denotations of
policies must be analyzed. Additionally, semantic analysis would require policy validation proce-
dures to be implemented that would examine policy effectiveness in terms of reaching goals. At
the pragmatic layer, the real intentions of any policies must be uncovered. And at the social layer,
the cultural norms, beliefs, expectations, functions, commitments, law, culture, contracts, values,
shared models of reality, and attitudes that policy formation seeks to address or change need to be
thoroughly examined.
CONCLUSIONS
This paper thoroughly discusses semiotic concepts along with research that applies the semiotic
paradigm to various IS-related issues. The discussion on semiotics was presented to argue that
semiotics does indeed provide a rich means to interpret security in the context of HCI. This paper
then uses principles of CIA and RITE to uncover actual security issues that pertain to HCI that
require a more extensive and detailed analysis. These issues are then analyzed from a semiotic
perspective to propose a general framework (Table 13.3) for discovering and interpreting the
deep-rooted human and technical issues that deal with security in the context of HCI. We propose
that analyzing security in the context of HCI from the semiotic perspective transcends existing
Search WWH ::




Custom Search