Portal de Periódicos da CAPES

A Call to IS Educators to Respond to the Voices of Women in Information Security

2010; Volume: 21; Issue: 2 Linguagem: Inglês

2186-3679

Amy B. Woszczynski, Sherri Shade,

Information Systems Education and Curriculum Development

1. INTRODUCTION In February 2000, in response to a major Internet security breach, President Clinton invited a group of industry and academic information security experts to the White House. Of the 29 invited guests, with titles ranging from Chief Information Security Officer to Chairman and CEO, only one was a woman (Spafford, 2000). Where were all the women information security experts? This meeting seems to indicate that women information security professionals may face similar hurdles as their more general information technology (IT) counterparts. However, there are some bright spots for women in information security. Diana Burke is Chief Information Security Officer (CISO) for Royal Bank of Canada Financial Group. Suzanne Gorman is Managing Director of Corporate Information Security with SIAC Corp. (Women Luminaries, 2004). Similarly, Renee Guttmann, who received the 2008 Compass Award from CSO Magazine and in 2007 was named a of by the Executive Women's Forum, serves as Vice President of Information Security and Privacy at Time Warner (Bhimani et al., 2008). Becky Bace serves as CEO of Infidel, Inc., a network security firm, and was selected as one of the top five most influential women in information security by Information Security Magazine in 2003 (Qualys, 2003). Jane Scott Norris was appointed as the first information security officer of the U.S. Department of State (New Board Members, 2009). Sarah Gordon, senior researcher for Symantec Security Response, was honored with the 2005 Private Solutions Provider Woman of Influence award for information security at the annual Executive Women's Forum. Gordon is well-known for her groundbreaking work on the underlying psychology of virus writers (Symantec Researcher, 2005). Symantec must be doing something right for its women in information security, as this was the third year in a row a woman from Symantec won the award. What do these people have in common? They are part of a small group of visionaries and leaders in the emerging area of information security. They are also women. As opposed to the numerous studies on women in IT in general, little is known about the status of women in information security, a subfield of information technology. Although there are few if any published studies on this specific topic, one study does examine the dark side of security by considering interactions between ethics and gender in the world of hacking and cracking (Adam, 2004). Perhaps the information security area in fact presents new opportunities that may be particularly interesting to women and other underrepresented groups. Or are the previously mentioned women in leadership roles in information security simply anomalies? What are the challenges facing women in the new IT sub-discipline of information security, and what can IS educators do to begin to improve the number of women who choose and remain in information security? This paper is organized as follows: First, a literature review on the general area of women in IT is provided, leading to research questions that are explained within the context of what is already known in the area of women working in IT. Second, a qualitative methodology is described, along with the specific characteristics of this study. A description of the themes emerging from the interviews follows the methodology section. A discussions section highlights the results of the qualitative analysis, focusing on the perceptions of women in information security and how the academic community can help women overcome challenges in pursuing a career in information security. The final section presents some conclusions, along with the limitations of this study and plans for future research. 2. BACKGROUND 2.1 Women in Information Technology In the United States and globally, it is well-established that women comprise a small and decreasing percentage of the IT workforce. Multiple reports show that the percentage of women in IT is low and continues to decline (Hill, 2005; Stross, 2008) and that women are not making inroads into the managerial ranks of IT (Roberts, 2007). …