Cyber Security and User Responsibility: Surprising Normative Differences
By Bradley J. Strawsera, Donald J. Joy, Jr.
Individual cybersecurity responsibility of a computer user is getting to be a bigger issue. If you just buy a personal computer, you have every responsibility to install anti-virus, keep operating system updated for the latest security patches, set up passwords, create backup folder, etc. If one day, there is a data leakage of your own computer, people will start asking you if you have properly taken care of your computer security. It is the same principle applied to physical security, if I lock my possessions in my home, I have a reasonable expectation that they are safe from theft. But even if your house is unlocked with your possessions visible, few would argue that you deserve to be robbed due to the failure to secure your valuables. Bradley J Strawsera and Donald J Joy Jr asked 2 questions:
First, does the average person have the wherewithal to implement adequate or effective computer security?
Second, whatever the cyber-equivalent to the norm of traditional security is, is there a prevailing belief that failing to meet it is a matter of negligence in the cyber case where the equivalent failing would not be considered negligent in the non-cyber case?”
In this research paper, Bradley J Strawsera and Donald J Joy Jr recommend a minimum industry standard that should be in place before we look to each individual end user to be responsible for securing their own data.
- Security solutions should be proportionately affordable to what they are protecting.
- Security solutions should be reasonably easy to employ.
- Use, access, and maintenance of security solutions should provide user convenience without sacrificing security.