Although awareness of the importance of information has been growing rapidly for decades, many organizations still lack an appreciation of the different ways in which people can look at and measure the importance of information security.
The author identifies five views, or “dimensions,” of information security awareness. In the organizational dimension, members of the organization must appreciate the value of information to the organization, and the value of protecting it from destruction or inappropriate disclosure. In the general public dimension, while IT professionals may appreciate the concerns associated with information security, lay users of information may not appreciate the importance of protecting private data and passwords, and of having safeguards against malicious software.
While privacy is also an important concern in the sociopolitical dimension, so too are formal (legal), and informal (ethical), strictures on the use of information. Ethical concerns extend to the ethical dimension, where sharing data is vital to the harmonious functioning of society. Finally, the educational dimension involves the provision of information on how people should use and protect data.
It would be easy to dismiss the author’s points as obvious, but that would be wrong. Effective management of information requires an appreciation of all the reasons for information security, and the author provides a useful, well-written, cogent, and apt framework for organizing the efforts of both managers and IT professionals.