Full Program »
Many think that cyber security is a technical problem which needs to be addressed by better products and systems, but few recognize the important role that humans and human organizations play in cyber security. We have been conducting ethnographic fieldwork in an IT security office at a higher-education institution using anthropological fieldwork methods. Three students work as part of the operation team in the IT security office where they are assigned tasks such as handling incident response tickets, firewall management, and maintaining host-based intrusion-detection and anti-malware products. Through this fieldwork we have observed a number of phenomena that influence the effectiveness and efficiency with which cybersecurity incidents are handled, and that may not be specific to this particular organization. Those phenomena will shed light in explaining why some cybersecurity problems are hard to address in practice, what roles humans and organizational structures play in those problems, and where organizational procedures might be inefficient or completely fail due to non-technical facets. We also use our fieldwork as a vehicle to gain insight into the security professionals' "tacit knowledge," (knowledge that is difficult to explain or articulate) and convert it into more explicit knowledge. This tacit knowledge is useful for developing algorithms and tools that can help reduce the human labor involved in security analytics and management. We share our experience gained so far in this tacit knowledge-conversion effort, using well-established anthropological research methods.
Author(s):
Xinming Ou