1 / 8

Keir Dyce Centre for Research in Computer Security & Professor Mary Barrett

Organisational Factors and Australian IT Professionals’ Views of Wireless Network Vulnerability Assessments. Keir Dyce Centre for Research in Computer Security & Professor Mary Barrett School of Management and Marketing. Organisational culture: issues for computer security.

nash
Télécharger la présentation

Keir Dyce Centre for Research in Computer Security & Professor Mary Barrett

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Organisational Factors and Australian IT Professionals’ Views of Wireless Network Vulnerability Assessments Keir Dyce Centre for Research in Computer Security & Professor Mary Barrett School of Management and Marketing

  2. Organisational culture: issues for computer security • Professional Identity • Sub-groups • External and internal influences on culture • Attitudes to risk • Attitudes to surveillance • ALL POTENTIALLY HAVE AN IMPACT ON WLAN SECURITY

  3. Two approaches to wireless network vulnerability assessment • Wireless monitoring (WM) • Penetration testing (PT) • No comprehensive framework for integrating the two approaches in an organisation’s security system

  4. The study • mail-out survey to Information Security Interest Group (ISIG), closed-ended and open-ended questions, frequencies only Topics covered: • 1. the extent of use of WNVAs, (either or both wireless monitoring and penetration testing), • 2. how IT professionals used WNVAs, and • 3. their opinions about the two approaches

  5. Results • Modest response rate (62), but representative of ISIG (total ~400 members) 1 Use of VAs: • Only ten (16 percent) used WM, three (5 percent) used PT. ‘Unnecessary’, ‘lack know-how’. • Org’l culture suggests: ‘Wired view’ of security, senior management discomfort with idea of hacking • Role of dominant culture and sub-cultures

  6. Results (continued) 2 How IT professionals use WNVAs • 10 users; but using either WM or PT or a combination of the two had revealed network vulnerabilities. • Lack of a framework for combining the two. Respondents said this could be helpful to increase know-how. • ‘Planning’ thought to be helpful, but scarcely anyone does this. (Only 1 of the 10 users has researched a framework.)

  7. Results (continued) 3 Possible reasons for IT professionals’ low use of WNVAs • Decision-making style, esp Bounded rationality in response to time constraints • Secrecy may be provoked by time needed to get support from people who don’t understand WNVA techniques, and who are suspicious of surveillance measures, and lack of perceived need. • Could lead to ethical compromises by IT staff.

  8. Conclusions • Organisational culture may help explain why IT professionals typically don’t use either kind of WNVA or even seem to know about them. • ‘Within-culture’ solutions: change security measures and communicate. • ‘Change culture’ solutions: reward new behaviour, use stories, use professional identity.

More Related