Information Security (IS) concept has  been under a continuous evolvement. Initially, IS was a technical concept as creators of software and computer systems struggled to make the system more trustworthy. The fundamental requirement for this purpose was to let the systems be accessed and operated only by authorized persons. Hence Access control was the prime focus of the technology. Gradually other technological measures such as Intrusion detection, malware detection, etc emerged as a support to the Access Control requirements. Additionally measures such as Digital Signatures, PKI etc developed. These technical measures form the first dimension of IS.

As the markets evolved, Cyber Crimes developed, there was a felt need in the market for regulatory influence and mandate on IS. This gave raise to legislations such as Computer Abuse Act, CANSPAM Act, ITA 2000 etc. This wave of first generation legislations were aimed at penalizing unauthorised access. In the second generation of legislations such as Data Protection Act, HIPAA, ITA 2008 etc, the legislative focus started prescribing information security practices as a part of legislation. This added the second dimension of Information Security and made IS, a Techno Legal approach.

Time is now ripe to expand the Techno legal concept further with the recognition that “People” are a key ingredient of Information Security and managing humans is also part of information security. Thus the “behavioural Science Aspects” become an essential part of IS. Under this head we need to study how and why humans are influenced to follow or resist information security measures, how and why people develop deviant behaviours leading to data breaches and how human behaviour can be corrected and directed towards building a “Security Culture”.

With the addition of this third dimension, IS practice  now requires a Techno Legal Behavioural Science Approach or TLBS Approach.

Under the new dimension of behavioural Science aspects of IS, we add issues such as the “Theory of Information Security Motivation” to discuss how people can be motivated to implement Information Security. In the same dimension, a debate has also been opened  for discussing if there is a factor such as “Technology Intoxication” that drives an IT worker towards “Compulsive Cyber Offence Syndrome”.

It is now time for Behavioural Science specialists to join the IS community and try to find out solutions to Behavioural Science issues.

The future of IS is becoming more colourful and exciting…

Naavi

November 13, 2009

Related Articles:

Compulsive Cyber Offence Syndrome

Theory of IS Motivation Clarified

Theory of IS Motivation Based on a Behavioural Science Approach

Be Sociable, Share!