Information Security (IS) concept has been under a
continuous evolvement. Initially, IS was a technical concept as creators of
software and computer systems struggled to make the system more
trustworthy. The fundamental requirement for this purpose was to let the
systems be accessed and operated only by authorized persons. Hence Access
control was the prime focus of the technology. Gradually other
technological measures such as Intrusion detection, malware detection, etc
emerged as a support to the Access Control requirements. Additionally
measures such as Digital Signatures, PKI etc developed. These technical
measures form the first dimension of IS.
As the markets evolved, Cyber Crimes developed, there
was a felt need in the market for regulatory influence and mandate on IS.
This gave raise to legislations such as Computer Abuse Act, CANSPAM Act,
ITA 2000 etc. This wave of first generation legislations were aimed at
penalizing unauthorised access. In the second generation of legislations
such as Data Protection Act, HIPAA, ITA 2008 etc, the legislative focus
started prescribing information security practices as a part of
legislation. This added the second dimension of Information Security and
made IS, a Techno Legal approach.
Time is now ripe to expand the Techno legal concept
further with the recognition that "People" are a key ingredient of
Information Security and managing humans is also part of information
security. Thus the "behavioural Science Aspects" become an essential part
of IS. Under this head we need to study how and why humans are influenced
to follow or resist information security measures, how and why people
develop deviant behaviours leading to data breaches and how human behaviour
can be corrected and directed towards building a "Security Culture".
With the addition of this third dimension, IS practice
now requires a Techno Legal Behavioural Science Approach or TLBS Approach.
Naavi has been the pioneer in India to promote the
Techno Legal Aspects of Information Security and is now leading the current
transformation of the Techno Legal approach of Information Security
Practice to TLBS approach.
Under the new dimension of behavioural Science aspects
of IS, Naavi has added the "Theory of Information Security Motivation" to
discuss how people can be motivated to implement Information Security. He
has opened the debate for discussing if there is a factor such as
"Technology Intoxication" that drives an IT worker towards "Compulsive
Cyber Offence Syndrome".
It is now time for Behavioural Science specialists to
join the IS community and try to find out solutions to Behavioural Science
issues.
The future of IS is becoming more colourful and
exciting...