Page 2

By CIOinsight  |  Posted 04-30-2005 Print


EUC with HCI: Why It Matters

Coping at the Bad End of the Security U-curve

The best approach to avoid the consequences of excessively secured systems is to not allow yourself to get talked into one in the first place.

That can be difficult—most people view things in a binary way, so, they believe, if no security is bad, more is always better. The simplistic all-or-nothing view doesn't reflect reality.

One technique I've seen work is to insist on the same kind of benefit/cost analysis that most shops insist on for other kinds of projects. What's the actual risk? How likely is the next gadget to decrease attacks, and by how much? The act of discussing a security initiative this way can be enlightening to all involved and help IT make more rational decisions.

If you're convinced you truly need the additional security, a conversation with the advocate of tighter security can still add value.

It can frequently expose a warped sense of perspective that will motivate the advocate to make protecting the system the primary mission, and not just a supporting feature. Once a person has outed herself as one whose world views are skewed by personal anxieties, you have insight into the usefulness of her advocacy.

One technique that always works is to run a pilot project with end users. Get them to keep a diary of experiences and how they believe the changes affect their productivity. More likely than not, you'll get feedback that will help you tweak the design to better avoid the three kinds of staff setbacks.

It's not intuitively obvious that at some point adding security processes and technologies actually degrades safety. It just happens to be true.

Read part 1 of this article to see why the most security conscious companies are often the least secure.


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that cioinsight.com may send you cioinsight offers via email, phone and text message, as well as email offers about other products and services that cioinsight believes may be of interest to you. cioinsight will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit