Cognition, Technology & Work

, Volume 13, Issue 2, pp 121–134 | Cite as

Toward understanding distributed cognition in IT security management: the role of cues and norms

  • David Botta
  • Kasia Muldner
  • Kirstie HawkeyEmail author
  • Konstantin Beznosov
Original Research


Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to cooperate with others, and technological complexity. We investigate the organizational processes in ITSM using qualitative analysis of interviews with ITSM practitioners. To account for the distributed nature of ITSM, we utilized and extended a distributed cognition framework that includes as key aspects the themes of cues and norms. We show how ITSM challenges foster under-use of cues and norms, which comprises a type of risk that may result in outcomes that are adverse to the organization’s interests. Throughout, we use scenarios told by our participants to illustrate the various concepts related to cues and norms as well as ITSM breakdowns.


Computer supported cooperative work Cues and norms Distributed cognition Risk Information technology security management Mutual understanding Notifications Transactive memory 



We would like to thank the many generous IT security professionals who participated in our research. This work has been supported by the Canadian NSERC Strategic Partnership Program, grant STPGP 322192-05.


  1. Ackerman MS, Halverson C (2004) Organizational memory as objects, processes, and trajectories: an examination of organizational memory in use. CSCW 13:155–189Google Scholar
  2. Beznosov K, Beznosova O (2007) On the imbalance of the security problem space and its expected consequences. Inf Manage Comput Secur 15(5):420–431Google Scholar
  3. Botta D, Werlinger R, Gagné A, Beznosov K, Iverson L, Fels S, Fisher B (2007) Towards understanding IT security professionals and their tools. In: Proceedings of SOUPS, pp 100–111Google Scholar
  4. Braithwaite V (1998) Communal and exchange trust norms: their value base and relevance to institutional trust. Trust Governance 1:46–74Google Scholar
  5. Busby J, Hibberd R (2006) The role of coordination of organizational artefacts in distributed cognition, and their failure in maritime operations. Trav Hum 69(1):25–48CrossRefGoogle Scholar
  6. Busby JS (2001) Error and distributed cognition in design. Des Stud 22:233–254Google Scholar
  7. Chandrasekaran B (1990) Design problem solving: a task analysis. AI Mag 11(4):59–71Google Scholar
  8. Chebrolua S, Abraham A, Thomas J (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24(4):295–307CrossRefGoogle Scholar
  9. Clark HH (1996) Using language. Cambridge University Press, CambridgeCrossRefGoogle Scholar
  10. Cohen P, Levesque H (1991) Teamwork. Technical report, SRI, Menlo Park, CAGoogle Scholar
  11. Fouquier E (1988) Figures of reception: concepts and rules for a semiotic analysis of mass media reception. Int J Res Mark 4(4):331–348CrossRefGoogle Scholar
  12. Fuchs L, Pernul G (2007) Supporting compliant and secure user handling—a structured approach for in-house idm. In: Proceedings of ARES, pp 374–384Google Scholar
  13. Gagné A, Muldner K, Beznosov K (2008) Identifying differences between security and other IT professionals: a qualitative analysis. In: Proceedings of HAISA, pp 69–80Google Scholar
  14. Garigue R, Stefaniu M (2003) Information security governance reporting. EDPACS 31(6):11–17CrossRefGoogle Scholar
  15. Goel V, Pirolli P (1992) The structure of design problem spaces. Cogn Sci 16(3):395–429CrossRefGoogle Scholar
  16. Goodall JR, Lutters WG, Komlodi A (2004a) I know my network: collaboration and expertise in intrusion detection. In: Proceedings of CSCW, pp 342–345Google Scholar
  17. Goodall JR, Lutters WG, Komlodi A (2004b) The work of intrusion detection: rethinking the role of security analysts. In: Proceedings of AMCIS, pp 1421–1427Google Scholar
  18. Gutwin C, Greenberg S (2000) The mechanics of collaboration: developing low cost us ability evaluation methods for shared workspaces. In: Proceedings of IEEE international workshop on enabling technologies: infrastructure for collaborative enterprises, pp 98–103Google Scholar
  19. Haber EM, Bailey J (2007) Design guidelines for system administration: tools developed through ethnographic field studies. In: Proceedings of CHIMIT, pp 1–9Google Scholar
  20. Hawkey K, Muldner K, Beznosov K (2008) Searching for the Right Fit: balancing IT Security Model Trade-offs. IEEE Internet Comput 12(3):22–30CrossRefGoogle Scholar
  21. Hofer TP, Kerr EA, Hayward RA (2000) What is an error? Eff Clin Pract 3(6):261–269Google Scholar
  22. Hutchins E (1995) Cognition in the wild. MIT Press, CambridgeGoogle Scholar
  23. Kandogan E, Haber EM (2005) Security administration tools and practices. In: Cranor LF, Garfinkel S (eds) Security and usability: designing secure systems that people can use. O’Reilly Media, Inc, Sebastopol, pp 357–378Google Scholar
  24. Kraemer S, Carayon P (2007) Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists. Appl Ergon 38:143–154CrossRefGoogle Scholar
  25. Maglio PP, Kandogan E, Haber E (2003) Distributed cognition and joint activity in collaborative problem solving. In: Proceedings of the conference of the cognitive science societyGoogle Scholar
  26. Polanyi M (1966) The tacit dimension. Doubleday & Company, Inc, Garden CityGoogle Scholar
  27. Poole MS, Seibold DR, McPhee RD (1985) Group decision-making as a structurational process. Q J Speech 71:74–102CrossRefGoogle Scholar
  28. Rockart J, Earl M, Ross J (1996) Eight imperatives for the new IT organization. Sloan Manage Rev 38(1):43–55Google Scholar
  29. Salomon G (1993) Distributed cognitions: psychological and educational considerations. Cambridge University Press, CambridgeGoogle Scholar
  30. Sandelowski M (2000) Whatever happened to qualitative description? Res Nursing Health 23(4):334–340CrossRefGoogle Scholar
  31. Schultz EE (2007) Computer forensics challenges in responding to incidents in real life setting. Comput Fraud Secur 12:12–16CrossRefGoogle Scholar
  32. Siegel DA, Reid B, Dray SM (2006) IT security: protecting organizations in spite of themselves. Interactions 20–27Google Scholar
  33. Simon HA (1973) The structure of ill structured problems. Artif Intell 4(3):181–201CrossRefGoogle Scholar
  34. Straub D, Nance W (1990) Discovering and disciplining computer abuse in organizations: a field study. MIS Q 14(1):45–60CrossRefGoogle Scholar
  35. Suchman L (1983) Office procedure as practical action: models of work and system design. Trans Inf Syst 4(1):320–328CrossRefGoogle Scholar
  36. Wegner DM (1986) Transactive memory: A contemporary analysis of the group mind. In: Mullen B, Goethals GR (eds) Theories of group behaviorGoogle Scholar
  37. Weick K, Sutcliffe K (2001) Managing the unexpected: assuring high performance in an age of complexity. Jossey-Bass, HobokenGoogle Scholar
  38. Werlinger R, Hawkey K, Beznosov K (2009) An integrated view of human, organizational, and technological challenges of IT security management. J Inf Manage Comput Secur 17(1):4–19Google Scholar
  39. Werlinger R, Hawkey K, Botta D, Beznosov K (2009) Security practitioners in context: their activities and interactions with other stakeholders within organizations. Int J Human Comput Stud 1–41Google Scholar
  40. Woods D, Cook R (1999) Perspectives on human error: hindsight biases and local rationality. Handb Appl Cogn 141–71Google Scholar
  41. Zhang J (1998) A distributed representation approach to group problem-solving. J Am Soc Inf Sci 49(9):801–809Google Scholar

Copyright information

© Springer-Verlag London Limited 2010

Authors and Affiliations

  • David Botta
    • 1
  • Kasia Muldner
    • 1
  • Kirstie Hawkey
    • 1
    Email author
  • Konstantin Beznosov
    • 1
  1. 1.University of British ColumbiaVancouverCanada

Personalised recommendations