A Holistic Approach for Enriching Information Security Analysis and Security Policy Formation

Past literature has indicated the need for addressing information security from both the social and technical perspective. However, previous research has lacked in providing any clear direction for how these two perspectives can be brought together in a coherent or holistic manner to analyze information security in an organization. Thus, this paper develops a conceptual framework for identifying, bringing together, and interpreting the deep-rooted social and technical issues that pertain to information systems security. The framework is grounded in semiotics and is validated by the analysis of a specific case study. Findings in this research indicate that the social and technical elements of security can be brought together in a holistic manner via six layers of abstraction where each layer addresses deep-rooted issues that pertain to information security. The output of each layer is then used to inform other layers in a collaborative manner creating a final product that contains elements for enriching security analysis and enhancing security policy formation.