Advertisement

The integrity of information systems

  • Ian O. Angell
  • Steve Smithson
Part of the Information Systems Series book series (INSYS)

Abstract

Accidents, mismanagement or negligence, design flaws, deliberate theft, fraud, sabotage, labour strikes, abuse of facilities, disaster, disruption are everywhere [1]. The security hazards implicit in information systems have received enormous publicity in recent years, and far too often they are rationalized away as individual (and correctable?) programming bugs or misunderstanding on the part of management and users. The development, implementation and introduction of more sophisticated IT applications has introduced further, even more complex structure into organizations [2], a structure not of their own making. It has culminated in the old checks and balances being no longer valid or disappearing altogether. When stored in a computer, programs and data can be altered quickly and easily, but they lack any permanent physical existence, so there is a tendency to print out frequent hard copy. There ensues an explosion of traditional paper files reflecting more the transitional nature of the programs and data, rather than referring to their current state on the computer. Computer networks have complicated matters even further, by promoting quick and easy communication, which all too often ‘punches a hole’ through layers of defence. Computers themselves have been used as part of that defence, but data-entry and processing has been concentrated in the hands of people who often deny the need for programmed supervision, and who have the technological means at their disposal to circumvent such regulation anyway.

Keywords

Security Policy Information System Management Security Procedure Company Asset Labour Strike 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Hamilton, P., The Administration of Corporate Security, ICSA, Cambridge, 1987.Google Scholar
  2. 2.
    Pfleeger, C.P., Security in Computing, Prentice-Hall, London, 1989.Google Scholar
  3. 3.
    Baskerville, R., Designing Information Systems Security, Wiley, New York, 1988.Google Scholar
  4. 4.
    Spafford, E.H., ‘The Worm Story: Crisis and Aftermath’, Communications of the ACM, 32(6), 678–688, June 1989.CrossRefGoogle Scholar
  5. 5.
    Hoffman L. (ed.), Rogue Programs: Viruses, Worms and Trojan Horses, Van Nostrand Reinhold, New York, 1990.Google Scholar
  6. 6.
    Law Commission, Working Paper 110 on Computer Misuse, HMSO, London, 1988.Google Scholar
  7. 7.
    Norton, M., ‘Crime on the Cards’, Banking Technology, 25–27, December 1990.Google Scholar
  8. 8.
    Fine L.H., Computer Security, Heinemann, London, 1986.Google Scholar
  9. 9.
    U.S. Department of Defense, Trusted Computer System Evaluation Criteria, DOD 5200.28-STD, Washington, December 1985.Google Scholar
  10. 10.
    Bundesminister des Innern, Information Technology Security Evaluation Criteria, draft release, Bonn, May 1990.Google Scholar
  11. 11.
    Cornwall, H., Hacker’s Handbook HI, Century Hutchinson, London, 1988.Google Scholar

Suggested reading

  1. An excellent analysis of combating computer fraud is to be found in: Krauss L.I. & MacGahan A., Computer Fraud and Countermeasures, Prentice-Hall International, London, 1979.Google Scholar

Copyright information

© I. O. Angell and S. Smithson 1991

Authors and Affiliations

  • Ian O. Angell
    • 1
  • Steve Smithson
    • 1
  1. 1.Department of Information SystemsLondon School of EconomicsUK

Personalised recommendations