Publication Date

December 2017


Recent publicized security breaches can be used to evaluate information security programs. The processes and procedures that allowed the event to occur can be examined in a case study and then be used to find methods for future mitigation of risk. The Target security breach is used in this study to examine the organization’s information security program using a macro-ergonomic model. This research posits that an information security program should consider the work system design, based in macro-ergonomics, to help mitigate information security risk to the organization and ensure an efficient and effective information security program. Based on a seminal macro-ergonomic model, the Leavitt Diamond Model (1965), an information security model was designed. The Synergistic Security Model can be used to examine relationships between macro-ergonomic information system constructs. The relationships that occur between the structure of the organization (policies, procedures, leadership, etc.), the people, the technology, and the tasks can have an impact on the efficiency and effectiveness of an information security program. For the purpose of examining these relationships, the Synergistic Security Model is divided into triads, consisting of: Triad 1: Information Security Structure- Information Security Technology-People (Information Security Behavior); Triad 2: Information Security Structure-Information Security Tasks-People (Information Security Behavior); Triad 3: Information Security Tasks-Information Security Technology-People (Information Security Behavior); and Triad 4: Information Security Tasks-Information Security Technology-Information Security Structure. This paper will examine the relationships found in the Target data breach, reported in December 2013.