Charles Perrow:
Computer Systems Security as an Organizational Problem

CITP Luncheon Series

Date: Thursday, October 6, 2009
Time: 12:15 – 1:30 pm
Location: 306 Sherrerd Hall
Food and discussion begins at 12:15 pm. Everyone invited.

Many dilemmas of computer security are not so much technological problems as they are problems of organization. Three features of contemporary technology-using organizations, in particular, exacerbate problems of information security: Limited expertise. unclear authority

over software design (so that well meaning initiatives by poorly informed managers subsequently undo security arrangements instituted by better informed staff); and incentive systems that fail to reward attention to security.


Charles Perrow is Professor Emeritus, Yale University, and Visiting Professor, Stanford University Center for International Security and Cooperation. He has been a leading figure in the field of organizational research for more than four decades, and is probably best known among engineers and computer scientists for his 1984 book Normal Accidents: Living with High Risk Technologies, a study of how the way we organize businesses and government enterprises often produces predictable disasters (which are predictably attributed to human error). He has used the framework developed in that book in book-length studies on the AIDS epidemic as an organizational disaster, on the modern economy as a disaster-prone system, and, in 2007, in The Next Catastrophe, Reducing our Vulnerability to Natural, Industrial and Terrorist Disasters (Princeton University Press). His current work on cyber security comes out of his participation in a recent National Academy of Science Panel on software certification. Perrow has been a fellow at the Institute for Advanced Studies and at Princeton’s Shelby Cullom David Center for Historical Studies.