***** The Visible Employee: Using Workplace Monitoring and Surveillance to Protect Information Assets—Without Compromising Employee Privacy or Trust. By Jeffrey M. Stanton and Kathryn R. Stam; published by Information Today, Inc., www.infotoday.com (Web); 353 pages; $24.95.
This book looks at the human element in IT security, aiming to help companies strike a balance between protecting themselves against insider threats and respecting employees’ privacy.
Authors Jeffrey M. Stanton and Kathryn R. Stam, a psychologist and an anthropologist, respectively, both of whom specialize in IT management issues, spent four years researching their work by surveying IT managers and rank-and-file workers. The good news: They found that most employees want to do the right thing in an institutional context. “In our research we met many people—employees, managers, and information technologists—who apparently conducted their everyday work lives consistently with this vision of wider integrity,” they write.
Stanton and Stam have determined that employers should build internal IT security on “one overriding goal: creating an organizational environment that promotes organizational integrity in the use and treatment of information.” That integrity, they say, involves maintaining “an appropriate equilibrium between personal achievement and group well-being.”
Their advice: a transparent IT security policy based on consultation and communication, “involving the user community in monitoring and compliance.” Stanton and Stam leave it to the reader to assess the practicality of this approach.
As academics, the authors acknowledge that to date “the topic of insider integrity has received little attention by either academic researchers or managerial practitioners.” They even offer their text as “a work in progress” rather than a series of “immutable truths.” In other words, there are severe limitations imposed on this book by its exclusive reliance on social science methodology and research.
The book has an extensive bibliography as well as an appendix connecting each of its main topics to recommended readings. It also has appendices providing discussion questions, dealing with employee security-related behavior, outlining interview protocols, and covering password policy.
Stanton and Stam offer a fresh look at the psychology at play in workplace IT security, and their research may help senior security managers stay abreast of what rank-and-file employees are thinking. The Visible Employee is a potentially enriching read for IT and general security managers, if not a must-read for those with an interest in information protection.
Reviewer: Colin D. Pearce holds a Ph.D. in Political Science from the University of Toronto, is past president of the South Carolina Political Science Association, and is the director of the Security Studies Program at the University of South Carolina Beaufort.