Computational Security Models in Organizations: Bringing a Pedagogical User-Centered Perspective

Abstract:

The security of systems and networks is a multidisciplinary challenge of increasingly importance which has stimulated the development of multiple solutions for an effective response to the requirements that are needed. In pursuing this demand much of the focus of security proposals has focused on ensuring mechanisms that prevent organizations from being attacked from outside their perimeter. However, the evolution of the tasks carried out by the internal organizations collaborators, which demand an increasing degree of use of computational resources and privileged access to multiple sources of information, emerge an increasing concern in the monitoring of the behaviours of the users. In addition to this problem, there is often an ill-defined borderline confusion over what internal workers should be able to do with the resources they have in organizations. The mix between strictly professional use and personal use can be problematic in organization's security context. Define organizations security policies, understand user’ behaviours, act effectively over security incidents and promote users’ organizational security culture, by a pedagogical approach seems to us to be a necessary advance in security frameworks nowadays.