Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms

David Botta ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov

16 August 2010

Abstract: Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to cooperate with others, and technological complexity. We investigate the organizational processes in ITSM using qualitative analysis of interviews with ITSM practitioners. To account for the distributed nature of ITSM, we utilized and extended a distributed cognition framework that includes as key aspects the themes of cues and norms. We show how ITSM challenges foster under-use of cues and norms, which comprises a type of risk that may result in outcomes that are adverse to the organization's interests. Throughout, we use scenarios told by our participants to illustrate the various concepts related to cues and norms as well as ITSM breakdowns.

Keyword(s): computer supported cooperative work ; cues and norms ; distributed cognition ; risk ; information technology security management ; mutual understanding ; notifications ; transactive memory ; usable security
Note: Preprint

Published in: 1. D. Botta, K. Muldner, K. Hawkey, and K. Beznosov, “Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms,” accepted for publication to the International Journal of Cognition, Technology and Work on 16 / Aug / 2010.:

The record appears in these collections:
Refereed Journal Papers
Usable Security

 Record created 2010-10-19, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)