The Security Catalyst

According to many, user education is one of the best methods of ensuring adequate protection of your information assets.  It’s been eternally touted as one of the requirements of a viable information security program.  This article is not about that, though.  It’s about knowing your users/customers.  Yes, Mr. & Ms. Security Professional, your users are also your customers.  You are here to serve them; not vice-versa.

How well do you understand your users?  Are you aware of their needs, habits, and abilities?  Most security professionals understand the technology, but don’t have a clue about their user base.  All security professionals need user awareness training to ensure they understand their customers.

In the June 1, 2007 edition of CIO magazine, Publisher Gary Beach asks the question, “How social are you?” (http://www.cio.com/article/109302)  He references a new report by the Pew Research Center titled, “Typology of Information and Communication Technology Users” (found at http://www.pewinternet.org/pdfs/pip_ict_typology.pdf).  This report classifies Information and Communication Technology (ICT) Users.  Based on its findings, we in security can no longer assume that users are stupid.  From Mr. Beach’s column, “customers (users) are ‘wicked smart.’ They know what they want, they know how to get it, and they’re doing so by leveraging the poser of social networks to reach out to <others>.”

The report’s author, John Horrigan has classified ICT users in America into ten categories based on their ICT assets, actions, and attitudes.  The ten groups that emerge in the typology fit broadly into a “high end,” (31%) “medium users,” (20%) and “low-level adopters” (49%) framework. However, the groups within each broad category have their own particular characteristics, attitudes and usage patterns.

From the Report*,
  - 8% of Americans are deep users of the participatory Web and mobile applications;
  - Another 23% are heavy, pragmatic tech adopters – they use gadgets to keep up with social networks or be productive at work;
  - 10% rely on mobile devices for voice, texting, or entertainment;
  - 10% use information gadgets, but find it a hassle;
  - 49% of Americans only occasionally use modern gadgetry and many others bristle at electronic connectivity.

Do you know where your customers/users fit?  How about you?
You can take their on-line Internet Typology Test (http://www.pewinternet.org/quiz/) to see where you fit in the new typology of ICT users.  Once you know yourself, you can better understand your users/customers.

By understanding your users/customers, you can tailor you security program to fit their needs. The fear of the unknown is often the greatest fear amongst security professionals.  By having a little awareness training of your users, that fear will be lessened.

To paraphrase from Mr. Beach’s column, the big deal is this: As your firm continues to drive a growth-and-innovation agenda, your users and customers ultimately will determine the degree to which you succeed.  So CISOs need to ask themselves, “Is my infrastructure sufficiently robust to encourage and support the use of ICTs while protecting against the biggest and most prevalent risks brought on by these new technologies?”  CISOs should have an understanding and a vision of their users/customers to enable their business’ use of technology while protecting the critical assets.

What do you think?  Is the Pew Report accurate?  Respond either in the comments below on the Security Catalyst forums.

By helping each other, we all become stronger.

* Horrigan, John. A Typology of Information and Communication Technology Users. Pew Internet & American Life Project, May 6, 2007, http://www.pewinternet.org/PPF/r/213/report_display.asp, accessed on May 10.

If you enjoyed this post, make sure you subscribe to my RSS feed!