Information Security in a Cyber Economy

by Amitava Dutta, Kevin McCrohan


  PDF
Fall 2002

Volume 45
Issue 1


Full Article Browse Issue

 

Abstract

Information security is not a technical issue; it is a management issue. It rests on three cornerstones-critical infrastructures, organization, and technology. While critical infrastructures are beyond the direct control of the organization, balancing them is a critical component of corporate governance. Total security is neither technically feasible nor operationally practicable. Therefore the organization must determine what information assets must be protected and the degree of protection to be provided for them. As Internet-based commerce diffuses through society, there will be decreasing tolerance on the part of customers for losses stemming from perceived or actual cyber vulnerabilities. Only senior management can initiate the plans and policies that address the different aspects of security in a balanced and integrated manner. Leaving security primarily to the IT function will strengthen just one of the cornerstones-namely, technology-and will not yield the intended results. Security lapses are management failures more than technical failures. This article presents an organizational security approach that senior managers can use as a roadmap to initiate security plans and policies and audit their implementation.

California Management Review

Berkeley-Haas's Premier Management Journal

Published at Berkeley Haas for more than sixty years, California Management Review seeks to share knowledge that challenges convention and shows a better way of doing business.

Learn more
Follow Us