About
Publication Information
Subscriptions
Permissions
Advertising
Journal Rankings
Best Article Award
Press Releases
Resources
Access Options
Submission Guidelines
Reviewer Guidelines
Sample Articles
Paper Calls
Contact Us
Submit & Review
Browse
Current Issue
All Issues
Featured
Latest
Topics
Videos
Cases
Subscribe
California Management Review
California Management Review is a premier academic management journal published at UC Berkeley
Search
Article Information
Information Security in a Cyber Economy
Dutta, Amitava , and Kevin F. McCrohan
45
/
1
(
Fall
2002
):
67
-
87
Information security is not a technical issue; it is a management issue. It rests on three cornerstones-critical infrastructures, organization, and technology. While critical infrastructures are beyond the direct control of the organization, balancing them is a critical component of corporate governance. Total security is neither technically feasible nor operationally practicable. Therefore the organization must determine what information assets must be protected and the degree of protection to be provided for them. As Internet-based commerce diffuses through society, there will be decreasing tolerance on the part of customers for losses stemming from perceived or actual cyber vulnerabilities. Only senior management can initiate the plans and policies that address the different aspects of security in a balanced and integrated manner. Leaving security primarily to the IT function will strengthen just one of the cornerstones-namely, technology-and will not yield the intended results. Security lapses are management failures more than technical failures. This article presents an organizational security approach that senior managers can use as a roadmap to initiate security plans and policies and audit their implementation.
