Socio-Technical System vs Classical Information Security

Introduction

In information system implementation planning strategy culture defines all aspects of a business, both internal and external relationships. The socio-technical system (STS) is an approach to “complex organizational work design that recognizes the interaction between people and technology in workplaces” (Akhagar et al., 2015, p. 24). This means that the STS pertains to the integration of the technical and social aspects of the organization process and structure. On the other hand, classical INFOSEC management refers to strategies that can be adopted by an organization to preserve information integrity, confidentiality, and availability (Fitzgerald, 2012).

This paper will delve into a proactive empirical literature review on STS versus classical INFOSEC management by analyzing two recently published journal articles on the topic. The focus of the literature review is to investigate whether business organizations are using the above tools in information security management and the differences in their applicability.

Explicit Evaluation of Peer Review Articles

The articles, Socio-Technical Systems: A Meta-Design Perspective by Fischer and Herrmann and Socio-Technical Systems: From Design Methods to Systems Engineering by Baxter and Sommerville, explore different elements of STS and classical INFOSEC management within the organization setting. As noted by Fischer and Herrmann (2014), the term group process refers to the procedures implemented by members of an organization, who work closely, to come up with viable solutions to common organizational problems such as information security.

Fischer and Herrmann (2014) note that group processes enable leaders to develop interventional measures that they can apply to change the less desirable attributes showcased by integrating the STS as a part of an information management system. For instance, the findings by Fischer & Herrmann (2014) established that the use of the Crystal Report System, which is a DSS, can allow a company to gain a competitive edge over its rivals through solving its existing system problems by driving a faster-informed decision-making process in information security. It is also an affordable and intuitive solution that a company can use to leverage reports, dashboards, presentations, and analytics to gain a competitive advantage (Fischer & Herrmann, 2014).

The DSS may be used by the management of a company in requirement analysis, design, implementation, verification, maintenance, and testing of different levels of technology implementation projects. The computer-based decision support system can ensure quick access to information in an organization.

Baxter and Sommerville (2011) delve into the recent developments in the information security system and how different programs have been designed to ensure that parties involved in information control are cautious when accessing any information security system. The internal and external reporting channels are then cascaded down to the rest of the organizational structures, which is an indication of unity, integration, and internal orientation in line with the security results (Baxter & Sommerville, 2011).

The authors highlight data mining as an example of tools that can be applied in classical INFOSEC management in an organizational setting. Data mining entails the removal of information from bulky databases. Data mining helps companies to focus on relevant information on their data warehouses. A data warehouse is a collection of information that supports business analysis activities. Data mining tools are software that is used in a data warehouse environment. These tools aid in forecasting future behaviors. Examples of these data mining tools are query and reporting tools, artificial intelligence, multidimensional analysis tools, digital dashboards, and statistical tools (Baxter & Sommerville, 2011).

Various types of data can be obtained using data mining. The data depends on the line of business of the entity. Examples of information obtainable from data mining are transaction data, text report and memos, relational data, World Wide Web repositories, information access points, and multimedia data (Baxter & Sommerville, 2011). These types of data retrieved can benefit any organization to plan for a secure database in the future to avoid the occurrence of the same information breach. These tools are useful in day to day running of organizations since they ensure that the information systems automatically update to minimize the risk of unsecured entries in task execution.

This means that organizations should concentrate on developing stringent information security that will protect their information system from access by unauthorized third parties. Also, organizations should introduce information system training in addition to strengthening security lapses. When these strategies are implemented properly, Fischer and Herrmann (2014) note that organizations will be in a position to avoid information security lapses that are common in most business environments. However, the implementation of the above recommendations should be structured within the unique organization environment to incorporate information sharing ethics and collective responsibility.

Conclusion

In summary, the concepts of Socio-Technical Systems and classical INFOSEC management are still in the development stage within organizations, due to the dynamic nature of information management. Reviewing the above concepts, as a way to aid group decision making in organizations, is important for proactive organization security and process management. The two articles established that the above concepts provide an avenue for strategic organization system security administration as part of the organization management culture as discussed in Module 1.

References

Akhagar, B., Saathoff, G., Arabnia, H., Hill, R., Staniforth, A., & Bayerl, P. (2015). Application of big data for national security: A practitioner’s guide to emerging technologies. New York, NY: Elsevier Science Limited. Web.

Baxter, G., & Sommerville, I. (2011). Socio-technical systems: From design methods to systems engineering. Interacting With Computers Journal, 23(1), 4-17. Web.

Fischer, G., & Herrmann, T. (2014). Socio-technical systems: A meta-design perspective. Semantics Journal, 4(5), 1-34. Web.

Fitzgerald, T. (2012). Information security governance simplified: From the boardroom to the keyboard. New York, NY: CRC Press. Web.