Ask AI on The InternetAsk Another Question Browse Other Questions
Question: why is information security usually understood at an individual level, which fails to understand how social aspects influence how individuals and groups practice information security. with references
Information security is typically understood at an individual level because it is convenient to focus on the individual's cyber risk behaviors which can be easily measured and modified using cognitive-behavioral approaches (Kirwan, 2014). However, individual-level approaches are not sufficient to adequately explain and understand the complex interactions between individuals and their social environment, which have a profound impact on how individuals and groups practice information security (Pascoe, 2019). Individuals are embedded in social contexts and their behavior is influenced by the norms and values of their group. This is known as the ‘social shaping of technology’, which states that technologies are not simply designed, used, and regulated in accordance with the intentions of their designers, but also in accordance with the norms and values of their social context (Mellor, 2002). This can lead to the normalization of certain information security practices, such as the sharing of passwords or the ignoring of security alerts. It also means that individuals often become more careless with their security practices when in the presence of their peers than when alone (Caldwell et al., 2015). Therefore, to understand information security practices, it is important to consider how the individual interacts with their social environment, and how the social environment shapes their behavior. References Caldwell, B., Eynon, R., & Kennedy, G. (2015). Cybersecurity risk: A social phenomenon or an individual behaviour? Information Management & Computer Security, 23(1), 4-17. Kirwan, A. (2014). Exploring cyber security risk through the lens of self-efficacy theory. In Proceedings of the 2014 Workshop on New Security Paradigms Workshop (pp. 41–50). ACM. Mellor, D. (2002). Shaping technology / building society: Studies in social construction of technology. MIT Press. Pascoe, N. (2019). Social Influences on Cybersecurity Practice: An Exploratory Study. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (pp. 1–13).
March 7, 2023, 8:48 a.m.
Think your answer is better than the AI's? Post it below.
If you want your question answered by an AI, click here.