From Patient to Population

Abstract

Information security is practiced at many levels—sometimes it is close to the end user, and sometimes it is not. Sometimes malware and computer threats are personal, but sometimes they affect an entire population. Sometimes in order to manage a cybersecurity threat, it is necessary to step back and look at data that spans traditional organizational silos; to make connections that would otherwise remain hidden. I propose using the model of public health as a way to understand how to address cybersecurity threats. Just as public health officials have different priorities than a doctor engaged in individual clinical care, information security officials at a university must necessarily be concerned with different priorities than an IT professional at a college or department. Frustration arises when those competing priorities seem to produce conflicting goals. Understanding the differences between these two approaches—and also the points of connection—is necessary to increase the ability for these groups to effectively communicate, and ultimately collaborate.