Start Date
11-8-2016
Description
Cyber-security studies have traditionally focused on the individual to understand computer-user risk mediation. This study is the first attempt to use social networks of practice to compare how security is perceived by IT and Non-IT professionals, and the extent the perceptions of each are communicated. To investigate the similarities and differences between the two groups, we employed ethnography and trace ethnography to identify and compare each group’s beliefs and concerns. Findings demonstrate significant differences in how IT and Non-IT professionals think about, and communicate cyber security. These differences in cyber security suggests a mismatch about how IT and Non-IT think and talk about cyber-security. This mismatch has consequences for the education of Non-IT professionals. Because each is concerned about different issues, when IT tries to educate Non-IT about cyber-threats, they may be talking past each other. As a result, the cyber-awareness information does not necessarily prompt action by Non-IT professionals.
Recommended Citation
Chang, Hsia-Ching; Squires, Susan; and Wang, Chen-Ya, "Using Trace Ethnography to Compare Perceived Cyber-Threats of IT to Non-IT Professionals" (2016). AMCIS 2016 Proceedings. 9.
https://aisel.aisnet.org/amcis2016/ISSec/Presentations/9
Using Trace Ethnography to Compare Perceived Cyber-Threats of IT to Non-IT Professionals
Cyber-security studies have traditionally focused on the individual to understand computer-user risk mediation. This study is the first attempt to use social networks of practice to compare how security is perceived by IT and Non-IT professionals, and the extent the perceptions of each are communicated. To investigate the similarities and differences between the two groups, we employed ethnography and trace ethnography to identify and compare each group’s beliefs and concerns. Findings demonstrate significant differences in how IT and Non-IT professionals think about, and communicate cyber security. These differences in cyber security suggests a mismatch about how IT and Non-IT think and talk about cyber-security. This mismatch has consequences for the education of Non-IT professionals. Because each is concerned about different issues, when IT tries to educate Non-IT about cyber-threats, they may be talking past each other. As a result, the cyber-awareness information does not necessarily prompt action by Non-IT professionals.