What might information security be? This is a question that crops up every time there is a security breach or a failure of existing controls. An understanding of information security demands that the nature of information, the scientific inquiry into its mystical nature and the consequent implications for security are reviewed. In this paper we undertake a socio-philosophical review of what information might be and as an extension, what information security should be. This analysis allows us to consider the possible research directions for the evolving field.

Baker, K. A. (1980), “Organizational Communication,” Retrieved from http://www.au.af.mil/au/awc/awcgate/doe/benchmark/ch13.pdf.

Bates, M.J. (2006), “Fundamental forms of information,” Journal of the American Society for Information Science, 57(8): 1033–1045.

Buckland, M. K. (1991), “Information as Thing,” Journal of the American Society for Information Science, 42(5): 351-360.

Capuro, R. and Hjørland, B. (2004), “The Concept of Information,” Retrieved from http://arizona.openrepository.com/arizona/html/10150/105705/infoconcept.html

Christodorescu, M., Sailer, R. Schales, D. L., Sgandurra, D., and Zamboni, D. (2009), “Cloud Security Is Not (Just) Virtualization Security,” Proceedings of the 2009 ACM workshop on Cloud computing security, New York, NY, USA.

Conway, R. W., Maxwell, W. L., and Morgan, H. L. (1972), "On The Implementation Of Security Measures In Information Systems," Communications Of The ACM, 15(4): 211-220.

Copi, I. M. (1986), “Explanations: Scientific and Unscientific,” in Introduction to Logic, eds. London: Collier Macmillan.

Davies, P. B. (2009), “Neolithic informatics: The nature of information,” International Journal of Information Management, 9(1): 3-14.

Dhillon, G., and Kolwowska E. (2011), “Can a Cloud be Really Secure? A Socratic Dialogue,” in Computers, Privacy, and Data Protection: an Element of Choice, eds. Springer Netherlands.

Dhillon, G. and Backhouse, J. (2000), “Information System Security Management in the New Millennium,” Communications of the ACM, 43(7): 125-128.

Dhillon, G. (2007), “Information Systems Security: Nature and Scope,” Hoboken, NJ: John Wiley & Sons. 

Frické, M. (2009), “The knowledge pyramid: a critique of the DIKW hierarchy,” Journal of Information Science, 35(131): 131-142.

Gartner (2008), “Gartner: Seven cloud-computing security risk”, infoworld.com, 2 July 2008.

Gazendam, H. and Liu, K. (2003), “The Evolution of Organizational Semiotics,” Retrieved from http://www.orgsem.org/papers/00.pdf.

Hjørland, B, (2007), “Information: Objective or Subjective/Situational?” Journal of the American Society for Information Science and Technology, 58(10): 1448-1456.

Hoesing, M. T. (2009), “Virtualization Security Assessment,” Information Security Journal: A Global Perspective, 18(3): 124-130.

International Business Machines Corporation. (1968), “The Considerations Of Data Security In A Computer Environment,” IBM—Data Processing Division.

Kandukuri, B.R., Paturi, V. R., and Rakshit, A. (2009), “Cloud security issues,” IEEE international conference on services computing.

Kemmerer, R. (2003), “Cyber security,” 25th International Conference on Software Engineering, ICSE 2003, IEEE Computer Society.

Markus, M.L. (1983), “Power, Politics, and MIS Implementation,” Communications of the ACM 26(6): 430-444.

Rothschild, E. (1995), “What is security?” Daedalus, 126(2): 53-98.

Rowley, J. (2007), “The wisdom hierarchy: representations of the DIKW hierarchy,” Journal of Information Science, 33(2): 163-180.

Stamper, R. K. (1973), “Information in Business and Administrative Systems,” John Wiley & Sons.

Stamper, R. K. (1985), “Towards a Theory of Information. Information: Mystical Fluid or a Subject for Scientific Enquiry?” The Computer Journal, 28(3): 195-199.

Stamper, R. K., Liu K., Hafkamp, M., and Ades, Y. (2000), “Understanding the roles of signs and norms in organizations a semiotic approach to information systems design,” Behavior and Information Technology, 19(1): 15-27.

Subashini, S. and Kavitha, V. (2011), “A survey on security issues in service delivery models of cloud computing,” Journal of Network and Computer Applications, 34(1): 1-11.

Taxen, L. (2004), “Interactivity and contextuality in organizational semiosis,” Proceedings of the 7th International Workshop on Organizational Semiotics, July, Setúbal, Portugal.

Zhou L. and Haas, Z. J (1999), “Securing Ad Hoc Networks,” IEEE Network Magazine, 13(6): 24-30.