Paul David Drake
Communicative action in information security systems: an application of social theory in a technical domain
Drake, Paul David
Authors
Abstract
This thesis is about grounding an increasingly common practice in an established theory where no explicit theory currently exists. The common practice that is the subject of this study is information security. It is commonly held that information security means maintaining the confidentiality, integrity (accuracy) and availability of information.
It seems that a whole industry has built up with tools, techniques and consultants to help organisations achieve a successful information security practice. There is even a British Standard containing around 130 controls, and a management system to guide organisations and practitioners. In the absence of many alternatives this British Standard has grown into something of a requirement for organisations who are concerned about the security of their information.
The British Standard was developed almost entirely through the collaboration of some powerful blue-chip organisations. These organisations compared their practices and found some key areas of commonality. These common areas became the foundation of many information security practices today. Although there has been considerable evolutionary change the fundamentals, and not least the principles of confidentiality, integrity and availability, remain largely the same.
It is argued in this thesis that the absence of a theoretical grounding has left the domain as weak and unable to cope with the rapidly developing area of information security. It is also argued that there was far too little consideration of human issues when the standard was devised and that situation has worsened recently with greater reliance on information security driven by more threats of increasing complexity, and more restrictive controls being implemented to counteract those threats.
This thesis aims to pull human issues into the domain of information security: a domain which is currently dominated by non-social and practical paradigms.
The key contribution of this thesis is therefore to provide a new model around which information security practices can be evaluated. This new model has a strong and established theoretical basis. The theory selected to underpin the new model is in the broad domain of critical social theory.
Citation
Drake, P. D. (2005). Communicative action in information security systems: an application of social theory in a technical domain. (Thesis). University of Hull. Retrieved from https://hull-repository.worktribe.com/output/4212514
Thesis Type | Thesis |
---|---|
Deposit Date | Jun 22, 2012 |
Publicly Available Date | Feb 22, 2023 |
Keywords | Business |
Public URL | https://hull-repository.worktribe.com/output/4212514 |
Additional Information | Business School, The University of Hull |
Award Date | Oct 1, 2005 |
Files
Thesis
(80 Mb)
PDF
Copyright Statement
© 2005 Drake, Paul David. All rights reserved. No part of this publication may be reproduced without the written permission of the copyright holder.
Downloadable Citations
About Repository@Hull
Administrator e-mail: repository@hull.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search