Sie befinden sich hier: Aktuelles > PR-Infos > 002
Unlocking the workplace – for the first time survey decodes psychological modes of operation and correlations of IT security
Proven by in-depth psychological pilot study „Unlocking the workplace“: A one hundred percent secure environment is not bearable for employees


Cologne/Munich, December 2006. „The dream of every IT security officer is a perfectly safe company – and a leak-proof network. But just as a new building with state-of-the-art architecture will still go mouldy if it is not aired regularly, an allegedly secure IT system will surely develop mental excrescences after a little while.” This is how Dietmar Pokoyski abstracts the 64 pages of the first in-depth psychological security study “Unlocking the Workplace – The secret logic of IT security in companies” during a press conference held at the SYSTEMS exhibition in Munich.

On his search for answers to questions of IT security’s psychological modes of operation, the CEO of Cologne based communication agency known_sense and initiator of the study was joined by <kes> – the magazine for information security, EnBW Energie Baden-Württemberg, Deutscher Sparkassenverlag, nextsolutions and Pallas. Hewlett-Packard sponsored the English version of the study.

“Although our clients seem to be perfectly aware of IT security being a crucial part of their business life, our day-to-day experience shows that security measures … or simply don’t work”, says Dr. Kurt Brand, CEO of Pallas GmbH, a company offering IT services. “Being a partner in this study our major goal was to thoroughly explore the psychological criteria by which security awareness is eventually determined.”

Ever since information technology has entered modern day-to-day business life, error and negligence among their own employees are considered to be the most significant risk areas for the companies’ IT systems. The causes of these phenomena, frequently summarized under the key phrase “mistakes”, have never been seriously investigated to date.

Robert Kaltenböck, department manager IT-Consulting of the IT systems house division of Deutscher Sparkassenverlag who extensively supports the savings banks and landesbanks in IT security management, web based IT security training, business continuity management/ emergency precautions and mobile security, says: "Our savings banks generally work with very sensitive data. Thus, IT reliability and security are our nuts and bolts and primal factors of our success. Those cognitions helping us to implement current customer needs and market demands in our solutions are therefore highly relevant for us."

What, then, are the subliminal factors that constantly threaten to annul allegedly safe IT systems? In summer 2006, a team of acknowledged psychologists conducted in-depth interviews of 2 hours time each based on morphological market and media research, asking employees about their perception of IT security and corporate culture.

The results were remarkable: Companies which allow less to come in as well as to get out minimize their own chances of development as well as their employees’. Increasingly factual work affected by technological innovations which constantly allows less individuality, less human impact, is seen to be inanimate and boring.

IT Security enabling corporate culture
Something else has been made evident by the study: IT security influences corporate culture crucially. Although its protective function is regarded as being positive and necessary, quite often this protection turns into a system of constraint that excludes the employees’ identity and individual ideas: “At work I don’t keep anything personal on the PC, because I assume that the IT people can see through everything”, a participant of the study remarks.
The exposure to IT security and its immediate experience become a question of trust in the company and are thus inextricably connected to the company’s self-conception. Only a few existing corporate cultures allow individuality; work, especially computer-based work, becomes factual – a feeling even emphasized by IT security requirements. Unlocking action – “Sometimes I open up stuff, like ’13 rules for the soul’ – with images. Just so I feel better” – becomes an unconscious liberation from corporate culture in general and IT security in particular. As the study reveals: The lesser the room for individuality, the higher the risk of any reverse action and successive uncontrolled outbreak of unlocking actions.

Soul outwits itself

Pokoyski describes this psychological dimension as follows: „The soul cleverly outwits itself. Like a Brasilian soccer player it easily dribbles around the obstacles of the rational.” During the course of the study, its experts have discovered and defined the phenomenon of factual sealing (protection against in- and extruders) as opposed to human revealing: In the same line as the employees are in constant threat of a decreasing human work experience well-known mistakes increase which literally unlock a company’s employees as well as the companies themselves.

Still, this unlocking of the workplace has a positive effect after all, as the employees can assure themselves of their own identity. In unlocking their IT environment they start their process of human revealing just to increase their own productivity. Thus, employees and companies can become allies in the same good cause: to effectively strengthen the reliability and security of their IT operations.

In order to reach this goal, the study encourages companies to immunize themselves by accepting and even promoting this process of human revealing and their employees’ emotional and sometimes even peculiar qualities. Corporate culture must allow outbreaks and control them as well as possible. In this context, good and vital awareness campaigns which affect the unconscious become more important than open threats or seemingly endless IT trainings. The company’s own vaccine becomes crucial in strengthening the own immune system in order to eventually stay virus-free – without the sustainable weakening of the foundation: the employees.

Setting a human factor

„IT Security has to be charged with human input and create contents of identification in order to optimize awareness campaigns which have become rather factual. IT security needs a story. Protagonists. Has to woo itself. The employees are ready to fight – you just have to let them”, Dietmar Pokoyski advises security decision makers. Pokoyski: “Then the defense will be working. Then IT security will not just be part of the corporate culture, it will, however, be one of its formative factors.”

The first executives have been enthusiastically reacting to the results of the study. Wolfgang Reibenspies, IuK security manager and authorized IuK Security executive at EnBW, feels himself confirmed by the notion that IT security has to be part of the corporate culture and adds “that we can only change IT security if we reach out for the people and pick them up wherever they are. Even if the security manager can never be the company’s most popular person, he can still convey the following: Those who fully understand the value of information, data and system components for the company’s continuance and its market position – management- as well as user-wise – can appreciate their employees’ needs and protect their actions. This study has an ideal timing. Its conclusions should be implemented in EnBW’s workflow as I regard them as being extraordinarily important.” He says the study offers “a great deal of things to think about.”

The study costs € 380,00 and can be ordered from <kes> or known_sense
(English version as PDF). In 2007, the study will be expanded to further security topics.

For more information, the management summary of the study and (additional) pictures please contact known_sense.


DSV-Gruppe (Deutscher Sparkassenverlag)

The Deutscher Sparkassenverlag (DSV) has worked in tandem with the savings banks of the German Savings Banks Financial Group for more than 70 years and forms, with subsidiaries and affiliated companies, the DSV Group. As a professional, comprehensive service provider, we deploy a broad range of expertise in the media and financial services sector: our offering spans books, magazines, forms, advertising campaigns, software solutions, banking equipment and electronic payment cards. Alongside traditional publishing, we specialise in electronic media that include electronic forms, learning software and information services such as database research. An additional focus is the creation and marketing of digital content and services for members of the German Savings Banks Financial Group and their corporate customers.Our watchword is: innovative and solutions-driven. To fully satisfy the savings banks’ special needs, the Group develops one-stop, theme-driven marketing solutions for its customers that include all relevant products and services. With 1,660 staff and annual sales of around € 713 million, the DSV Group is among the ten leading publishing houses in Germany.

EnBW - Energie Baden-Württemberg
With some five million customers, EnBW Energie Baden-Württemberg AG with its headquarters in Karlsruhe is the third largest energy company in Germany. In 2005, EnBW generated annual sales of approx. ? 10,769.3 million with around 17,800 employees. The core activities focus on the segments electricity, gas as well as energy and environmental services. EnBW has a federal organisation structure, the bodies of the group holding the directors’ and officers’ liability.

<kes> - the magazine for information security

<kes> was founded in 1985. Being the official organ of the Federal Office for Information Security (BSI) it is the most important professional journal for IT security topics. The journal is published every two months by SecuMedia Publishers (as well as WIK – the magazine for business security), a publishing house which also organizes the IT-Security Area and the IT-Security Forum at the SYSTEMS exhibition.

known_sense

known_sense, a Cologne based agency, is a full service provider for all kinds of communication projects – i. a. connecting the topics security and games. In doing so, known_sense develops at the same time awareness campaigns for companies from the financial resp. energy sector as well as new products for publishing companies for games such as ASS Altenburg, Cartamundi, Mattel or Disney. Qualitative market research, consulting and coaching – especially for IT companies – top off the portfolio. In 2004, known_sense produced the well-known security awareness classic “Virus Card Game”, a card game about viruses and worms. In 2005, the agency received an award for an exemplary contribution to information security at the NRW-Security Award. In 2006 known_sense has founded the security expert community “Wolves & Goats” and the security awareness magazine “Olé”.

nextsolutions
The marketing and technology consultants are experts in security awareness. Their core competence is the establishment of active security cultures within companies. Marcus Beyer, owner of the company, is editor-in-chief of the professional online journals Securitymanager.de, VoIPmagazin.de and KlinikITmanager.de.

Pallas
Pallas GmbH, located in Brühl, is a provider of professional and comprehensive internet security at fixed rental prices. The company develops secure solutions fort he internet based knowledge exchange, e-learning and web communication and interaction. The product ‘Managed Security Service’, a firewall blocking hackers, viruses, spam and unwanted content and offering intrusion detection and strong authentication, was the winner of the 2003 ASP Award. In 2005, Pallas received an award for an exemplary contribution to information security at the NRW-Security Award.

Please download pictures here:

picture cover (JPG, 300 dpi, 0,2 MB)
... download
picture „psychology of the IT security“ (JPG, 300 dpi, 0,5 MB)
... download
contact: known_sense
Dietmar Pokoyski
Kaiser-Wilhelm-Ring 30-32
D-50672 Köln
Fon +49 221 91277778
sense@known-sense.de
www.known-sense.de

 



known_sense | Alle Rechte vorbehalten