Information security is not a technical issue, it is a question of management. It rests on three pillars - the critical infrastructure, organization and technology. Despite the critical infrastructure are beyond the direct control of the organization, balancing them is an important component of corporate governance. Total security is neither technically feasible nor operational capacity. Thus, the organization must determine which information assets need to be protected and the degree of protection. As Internet commerce diffuses through society, will be reduced tolerance by customers for losses arising from actual or perceived vulnerability of cyberspace. Only top management can initiate plans and policies for the various aspects of security in a balanced and integrated manner. Leaving the security primarily IT functions will strengthen only one of the pillars, namely - technology - and will not give the desired results. Safety management failures failures than technical failures. This article presents an organizational approach to security that senior managers can use as a road map to initiate the security plans and policies and audit of their implementation. "Hide
by Amitava Datta, Kevin McCrohan Source: California Management Review 23 pages. Publication Date: 01 Oct 2002. Prod. #: CMR242-PDF-ENG
Related Case Solutions & Analyses:
Employees: The Key Link to Corporate Reputation Management
Microsoft and the Tax Reform Act of 1986
What Happened at Enron
Three Cultures of Management: The Key to Organizational Learning
Mindfulness and Business
Analytics as a Source of Business Innovation
Mastering the Digital Innovation Challenge
Hocol, Spanish Version
Board Process Simulation: BigFish (B) – Directors’ Profiles
Trevor Field and the PlayPump
