Organizational IT Security Theory and Practice: And Never the Twain Shall Meet?

In our effort to increase productivity and enhance communications we have created a modern interconnected business environment that provides opportunities for criminals and vandals to disrupt normal operations. For some, it's a revenue-generating exercise but for others it's a place to vent adolescent frustrations. A multibillion dollar industry has grown out of the need to both prevent and recover from resulting service disruptions, yet these disruptions continue to grow in frequency, impact, and cost 1. To properly address typical organizational security requirements we must first recognize that commonly-accepted mitigation methods can be inadequate, and we must then develop new methods based on an industry-wide paradigm shift in the way we approach technology in the workplace. This paper presents an overview of common information technology security practices, demonstrates how and why they can frequently be ineffective, and finishes with suggestions on how we might better equip ourselves to prevent, and recover from unnecessary disruptions in the future.