ISSN 2348-1196 (print) International Journal of Computer Science and Information Technology Research ISSN 2348-120X (online) Vol. 8, Issue 3, pp: (284-290), Month: July - September 2020, Available at: www.researchpublish.com
ANALYSING THE CURRENT STATE OF INFORMATION SECURITY USING HUMANISTIC SECURITY CEREMONIES: A CASE OF SAUDI ARABIA Norah Alyousif Saudi Aramco, Dhahran, Saudi Arabia
Abstract: Security Ceremonies enrich the concept of computer security by involving humans, as well as those individuals involved in creating security threats, and thus consider humanistic behaviours. Most of the current studies covers technical factors with the absence of human behaviour factor. Therefore, there is a need to better understand security ceremonies from a human perspective. This paper analysed the sociocultural aspects of security ceremonies in order to understand the interactions between humans and technology in regard to security protocols. A qualitative case study with the support of semi-structured interviews with twenty security professionals operating in Saudi Arabia was conducted. The aim is to explore the phenomenon owing to their cultural differences, stances on censorship and lack of knowledge in many aspects of security using different aspects including Human computer interaction (HCI), Informational concerns (IC), Mutual considerations (MC), Operational concerns (OC), and Personal interaction (PI). The findings from this paper has highlighted the importance of additional aspects such as functionality, awareness, human error and the relationship between protocols, technology and human. These aspects of security ceremonies can contribute towards assist Saudi Arabia in understanding the interactions between humans and technology in terms of security protocols. Keywords: Security, Ceremonies, Human, Behaviour, Security Protocols.
I.
INTRODUCTION
Information security is an area of research that has received significant attention within the past decade [1]. In particular, studies pertaining to security ceremonies are on the rise [2]. Security ceremonies go beyond the technicalities of security by involving users, as well as those individuals involved in creating security threats. Internet security software, for example, offers protection against potential online threats, such as malware and spyware. However, a security ceremony would go beyond its technical bounds and consider the human perspective as well, where the human would essentially be the users of the security software and configure it to maximise the protection for their computer or mobile device [3]. However, many existing studies fail to explicitly explore the human aspects of information security, and thus there is a need to better understand security ceremonies from a human perspective [2],[4]. Saudi Arabia is a developing country that is currently facing a host of information security issues [5]. While western countries are starting to become more aware of various information threats, the current state of information security awareness in Saudi Arabia is poor. This owes to the high levels of censorship in the country and its tribal culture, which are potential indicators of a poor information security rating [6]. For the above reasons, the aim of this paper is to understand how security ceremonies can help to understand and examine the current state of information security from the intersection of technical and human perspectives. The main contribution is to develop a model to demonstrate the existing information security problems occurring in Saudi Arabia where information security technologies are emerging, but problematic. This was achieved by conducting an empirical study that aims to gather information regarding security ceremonies from a human perspective, as well as developing a model to help address the existing information security problems in Saudi Arabia by gaining an understanding of existing cultural and human security issues.
Page | 284 Research Publish Journals