Management Chapter 8 Homework Implementing Effective Security Policy Despite Increased Awareness

Unlock access to all the studying documents.

View Full Document

Management Information Systems, 13TH ED.

MANAGING THE DIGITAL FIRM

Kenneth C. Laudon ● Jane P. Laudon

continued

Learning Track 5: Management Challenges of Security and

Control

Information systems security needs organizational and management resources as well as technol–

ogies. Establishing a good framework for security and control requires skillful balancing of risks,

rewards, and the firm’s operational capabilities.

Opportunities

Information system security and control are more crucial than ever. Firms today have oppor–

tunities to create marvellously secure, reliable Web sites and systems that can support their

Management Challenges

ere are many alternative technologies to help firms achieve security and control, but organiza-

tional discipline is required to use these technologies effectively.

DESIGNING SYSTEMS THAT ARE NEITHER OVERCONTROLLED NOR

UNDERCONTROLLED

Although security breaches and damage to information systems still come from organization–

al insiders, security breaches from outside the organization are increasing because firms pursuing

electronic commerce are open to outsiders through the Internet. It is dicult for organizations to

Chapter 8: Securing Information Systems

Chapter 8 Learning Track 5 2

continued

TRAINING EMPLOYEES: SOCIAL ENGINEERING ATTACKS

In 2012 and 2013, the most serious breaches of security have occurred not because of poor tech-

nology, but instead because of poor security policies and employee compliance. Social engineering

is the most common source of IS security lapses in business firms. For instance, in 2010 Google’s

important systems containing its proprietary software was hacked by alleged Chinese hackers

using a simple e-mail spoof message to a Google employee announcing a change in benefit plans

In 2011 RSA systems, the leading provider of dongle-based security to American industry and

defense contractors suffered a massive breach which resulted in the records of 40 million employ–

IMPLEMENTING AN EFFECTIVE SECURITY POLICY

Despite increased awareness of worms, denial of service attacks, and computer crime, far too many

firms do not pay sucient attention to security. Controls and security programs are often treated

as an afterthought rather than incorporated into the design of key business processes and systems.

Chapter 8 Learning Track 5 3

Solution Guidelines

One thing is clear: Security and control must become a more visible and explicit priority and area

of information systems investment, with greater emphasis on the overall organizational plan-

ning process. Coordinating the firm’s security plan with its overall business plan shows that secu-

rity is just as essential to the success of the business as any other business function. Larger firms

may merit a formal security function with a chief security ocer (CSO). To develop sound securi-

ty and controls, users may need to change the way they work. Support and commitment from top

management is required to show that security is indeed a corporate priority and vital to all aspects

of the business.

Security and control will never be a high priority unless there is security awareness throughout the

firm. Security and control should be the responsibility of everyone in the organization. Users may