Trust Economics

An article by Christopher Burgess of Cisco describes the “Social Elements of Security Policy and Messaging”. It is argued that IT security managers must identify the operational requirements of individuals in an organisation, and integrate security controls into the associated processes in a way that does not inhibit the work of employees.
With this, Burgess makes a distinction between various factors that may influence an individual’s security compliance and flexibility requirements within the workplace. These are identified as ’social differences’, and serve to indicate the expectations and concerns that should be addressed when deploying security measures in proximity to specific groups of workers. These social differences are divided into geographical, cultural, generational and functional factors. As an example the article describes needing to “deal with individuals who are entering the workforce having collaborated and communicated openly using social media and other collaborative tools” as a generational concern.
Different groups of employees have different ways of approaching business opportunities. Security managers should attempt to understand the operational requirements of these different groups, and deploy security measures accordingly. By distinguishing between different kinds of social drivers, the behaviour of employees towards security can be (to some extent) anticipated and approached in a structured manner.