The paper reports on a survey-based study of Australian computer security professionals' use of and opinions about two types of wireless vulnerability assessment (WNV A): wireless monitoring and penetration testing. An initially surprising finding was how little both types are used, despite the ease with which wireless networks can be attacked, and the lack of clear obstacles to using them.
In the light of aspects of organisational culture, including decision-making style and professional identity, the survey findings become more explicable. Senior management, and even IT staff themselves, may still hold a traditional, 'wired network' view of their organisation. 'Culture' may also explain why lack of time and expertise (rather than lack of financial resources), and senior management's discomfort with the idea of hacking into the network, mean neither wireless monitoring nor penetration testing is regularly used, even though wireless monitoring is fairly well understood.
The paper also explores how aspects of organisational culture may limit the way even WNV A users go about the process, and how a cultural shift could help change users' perception about the risks and rewards of WNV As. This could possibly threaten IT staff's professional identity, however, and this needs further research.