The integrity of information systems
Accidents, mismanagement or negligence, design flaws, deliberate theft, fraud, sabotage, labour strikes, abuse of facilities, disaster, disruption are everywhere . The security hazards implicit in information systems have received enormous publicity in recent years, and far too often they are rationalized away as individual (and correctable?) programming bugs or misunderstanding on the part of management and users. The development, implementation and introduction of more sophisticated IT applications has introduced further, even more complex structure into organizations , a structure not of their own making. It has culminated in the old checks and balances being no longer valid or disappearing altogether. When stored in a computer, programs and data can be altered quickly and easily, but they lack any permanent physical existence, so there is a tendency to print out frequent hard copy. There ensues an explosion of traditional paper files reflecting more the transitional nature of the programs and data, rather than referring to their current state on the computer. Computer networks have complicated matters even further, by promoting quick and easy communication, which all too often ‘punches a hole’ through layers of defence. Computers themselves have been used as part of that defence, but data-entry and processing has been concentrated in the hands of people who often deny the need for programmed supervision, and who have the technological means at their disposal to circumvent such regulation anyway.
KeywordsSecurity Policy Information System Management Security Procedure Company Asset Labour Strike
Unable to display preview. Download preview PDF.
- 1.Hamilton, P., The Administration of Corporate Security, ICSA, Cambridge, 1987.Google Scholar
- 2.Pfleeger, C.P., Security in Computing, Prentice-Hall, London, 1989.Google Scholar
- 3.Baskerville, R., Designing Information Systems Security, Wiley, New York, 1988.Google Scholar
- 5.Hoffman L. (ed.), Rogue Programs: Viruses, Worms and Trojan Horses, Van Nostrand Reinhold, New York, 1990.Google Scholar
- 6.Law Commission, Working Paper 110 on Computer Misuse, HMSO, London, 1988.Google Scholar
- 7.Norton, M., ‘Crime on the Cards’, Banking Technology, 25–27, December 1990.Google Scholar
- 8.Fine L.H., Computer Security, Heinemann, London, 1986.Google Scholar
- 9.U.S. Department of Defense, Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, Washington, December 1985.Google Scholar
- 10.Bundesminister des Innern, Information Technology Security Evaluation Criteria, draft release, Bonn, May 1990.Google Scholar
- 11.Cornwall, H., Hacker’s Handbook HI, Century Hutchinson, London, 1988.Google Scholar
- An excellent analysis of combating computer fraud is to be found in: Krauss L.I. & MacGahan A., Computer Fraud and Countermeasures, Prentice-Hall International, London, 1979.Google Scholar