Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Management Information Systems, 13TH ED.
MANAGING THE DIGITAL FIRM
Kenneth C. Laudon ● Jane P. Laudon
continued
Learning Track 5: Management Challenges of Security and
Control
Information systems security needs organizational and management resources as well as technol-
ogies. Establishing a good framework for security and control requires skillful balancing of risks,
rewards, and the firm’s operational capabilities.
Opportunities
Information system security and control are more crucial than ever. Firms today have oppor-
tunities to create marvellously secure, reliable Web sites and systems that can support their
Management Challenges
ere are many alternative technologies to help firms achieve security and control, but organiza-
tional discipline is required to use these technologies effectively.
DESIGNING SYSTEMS THAT ARE NEITHER OVERCONTROLLED NOR
UNDERCONTROLLED
Although security breaches and damage to information systems still come from organization-
al insiders, security breaches from outside the organization are increasing because firms pursuing
electronic commerce are open to outsiders through the Internet. It is dicult for organizations to
Chapter 8: Securing Information Systems
Chapter 8 Learning Track 5 2
continued
TRAINING EMPLOYEES: SOCIAL ENGINEERING ATTACKS
In 2012 and 2013, the most serious breaches of security have occurred not because of poor tech-
nology, but instead because of poor security policies and employee compliance. Social engineering
is the most common source of IS security lapses in business firms. For instance, in 2010 Google’s
important systems containing its proprietary software was hacked by alleged Chinese hackers
using a simple e-mail spoof message to a Google employee announcing a change in benefit plans
In 2011 RSA systems, the leading provider of dongle-based security to American industry and
defense contractors suffered a massive breach which resulted in the records of 40 million employ-
IMPLEMENTING AN EFFECTIVE SECURITY POLICY
Despite increased awareness of worms, denial of service attacks, and computer crime, far too many
firms do not pay sucient attention to security. Controls and security programs are often treated
as an afterthought rather than incorporated into the design of key business processes and systems.
Chapter 8 Learning Track 5 3
Solution Guidelines
One thing is clear: Security and control must become a more visible and explicit priority and area
of information systems investment, with greater emphasis on the overall organizational plan-
ning process. Coordinating the firm’s security plan with its overall business plan shows that secu-
rity is just as essential to the success of the business as any other business function. Larger firms
may merit a formal security function with a chief security ocer (CSO). To develop sound securi-
ty and controls, users may need to change the way they work. Support and commitment from top
management is required to show that security is indeed a corporate priority and vital to all aspects
of the business.
Security and control will never be a high priority unless there is security awareness throughout the
firm. Security and control should be the responsibility of everyone in the organization. Users may
