Adams, Anne and Blandford, Ann
Bridging the gap between organisational and user perspectives of security in the clinical domain.
International Journal of Human-Computer Studies, 63(1 - 2) pp. 175–202.
An understanding of ‘communities of practice’ can help to make sense of existing security and privacy issues within organisations; the same understanding can be used proactively to help bridge the gap between organisational and end-user perspectives on these matters. Findings from two studies within the health domain reveal contrasting perspectives on the ‘enemy within’ approach to organisational security. Ethnographic evaluations involving in-depth interviews, focus groups and observations with 93 participants (clinical staff, managers, library staff and IT department members) were conducted in two hospitals. All of the data was analysed using the social science methodology ‘grounded theory’. In one hospital, a community and user-centred approach to the development of an organisational privacy and security application produced a new communication medium that improved corporate awareness across the organization. User involvement in the development of this application increased the perceived importance, for the designers, of application usability, quality and aesthetics. However, other initiatives within this organisation produced clashes with informal working practices and communities of practice. Within the second hospital, poor communication from IT about security mechanisms resulted in their misuse by some employees, who viewed them as a socially controlling force. Authentication mechanisms were used to socially exclude users who were formally authorised to access systems but whose access was unacceptable within some local communities of practice. The importance of users’ security awareness and control are reviewed within the context of communities of practice.
Actions (login may be required)