Start Date

11-8-2016

Description

Cyber-security studies have traditionally focused on the individual to understand computer-user risk mediation. This study is the first attempt to use social networks of practice to compare how security is perceived by IT and Non-IT professionals, and the extent the perceptions of each are communicated. To investigate the similarities and differences between the two groups, we employed ethnography and trace ethnography to identify and compare each group’s beliefs and concerns. Findings demonstrate significant differences in how IT and Non-IT professionals think about, and communicate cyber security. These differences in cyber security suggests a mismatch about how IT and Non-IT think and talk about cyber-security. This mismatch has consequences for the education of Non-IT professionals. Because each is concerned about different issues, when IT tries to educate Non-IT about cyber-threats, they may be talking past each other. As a result, the cyber-awareness information does not necessarily prompt action by Non-IT professionals.

Share

COinS
 
Aug 11th, 12:00 AM

Using Trace Ethnography to Compare Perceived Cyber-Threats of IT to Non-IT Professionals

Cyber-security studies have traditionally focused on the individual to understand computer-user risk mediation. This study is the first attempt to use social networks of practice to compare how security is perceived by IT and Non-IT professionals, and the extent the perceptions of each are communicated. To investigate the similarities and differences between the two groups, we employed ethnography and trace ethnography to identify and compare each group’s beliefs and concerns. Findings demonstrate significant differences in how IT and Non-IT professionals think about, and communicate cyber security. These differences in cyber security suggests a mismatch about how IT and Non-IT think and talk about cyber-security. This mismatch has consequences for the education of Non-IT professionals. Because each is concerned about different issues, when IT tries to educate Non-IT about cyber-threats, they may be talking past each other. As a result, the cyber-awareness information does not necessarily prompt action by Non-IT professionals.