The significance of securing as a critical component of information security: An Australian narrative

Mark Burdon, Lizzie Coles-Kemp

Research output: Contribution to journalArticlepeer-review

Abstract

As information security is called upon to operate in increasingly unstable spaces, the role of the information security practitioner becomes ever more complex. Successful information security practice depends on tactics and strategies that situate the need for protection within organisational goals. These tactics and strategies have become progressively important as organisations are disrupted by digital technology. The locus of control is unpredictably distributed across groups within an organisation. Finding consensus about the need for security thus becomes challenging. Information security controls are an important part of the control structure but increasingly they are negotiated controls, making the process of securing as important as the security mechanisms themselves. We employ broader political and social theories of security, most notably Smith (2005), to analyse data from nine semi-structured interviews of Australian information security practitioners. Our findings delineate the interlinking concepts of securing and security. Security is straightforward. It is a state of being secure. Securing, on the other hand, is complex. It is a consensus-seeking, value-engagement process that enables the attainment of security. Through this analysis, we identify processes and techniques of securing tacitly employed by the participants. Central to effective securing practice is a participant’s ability to, ‘get the security message right.’ The message is used to create an agreed value consensus across conflict-ridden environments. We contend that securing is often undervalued and not recognised as a distinct theoretical part of the discipline of information security. However, given the complexity and uncertainty of information security practice, we argue that securing needs to be considered as a critical component of being secure.
Original languageEnglish
Article number101601
Pages (from-to)1-10
Number of pages10
JournalComputers and Security
Volume87
Early online date28 Aug 2019
DOIs
Publication statusPublished - Nov 2019

Cite this