This is one of the core programmes of CREST’s research. It seeks to understand how we can better develop security as a social practice. It broadens our understanding of the social processes that characterise effective ‘collaborative’ security, giving stakeholders the tools to both elicit better risk information and make better risk decisions. Led by Professor Debi Ashenden at University of Portsmouth.
The technology industry estimates that by 2020 there will be 212 billion sensor-enabled objects and 30 billion of them will be connected to networks. Many of these devices will be responsible for managing physical objects such as buildings and offices. While technology is giving us new ways of living, it is also increasing our attack surface.
In turn this situation gives us an opportunity to question how we can do security differently. The Protective Security work programme starts from the premise that we need to question the nature of security in organisations and to think more creatively about potential solutions. We do this by starting from the premise that we should patch security vulnerabilities with people rather than relying solely on technology.
The Simple Model of Rational Security (SMORS)
A recent industry report suggests that 50% of employees breach security policies and of these 40% believe their actions will go undetected. When asked why they breach security, respondents say it’s because it gets in the way of their jobs.
While employees continue to engage in low level breaches of security policy the consequences to the organisation of these activities are increasing in scale. SMORS uses an experimental approach to expose the limitations of implicit naïve assumptions about how employees act and how they maintain a positive self-concept in spite of their actions.
The Workplace Village
The Workplace Village offers a radical approach to current ideas about Protective Security. It seeks to undermine people’s primary assumption of how security in the organisation works, by moving from individual to group responsibility for security.
Autonomous work groups are groups of employees who are given the ability to manage their own working practices. This research will comprise comparative case studies in organisations where autonomous work groups will be formed and given joint responsibility for how security is implemented.
The Security Dialogues workshop presents a response to the reality of organisational security for people who can deal with complexity. Protective Security is both a social and political activity in an organisation where often the only mature approach is to negotiate an optimal compromise.
This three-day workshop has been designed to enable security practitioners to build effective relationships with employees and manage security dialogues more productively. Through the course of the workshop we support security practitioners to become security facilitators.
Professor Debi Ashenden
University of Portsmouth, UK