Product details

By continuing to use our site you consent to the use of cookies as described in our privacy policy unless you have disabled them.
You can change your cookie settings at any time but parts of our site will not function correctly without them.
Management article
-
Reference no. CMR242
Published by: University of California, Berkeley
Published in: "California Management Review", 2002

Abstract

Information security is not a technical issue; it is a management issue. It rests on three cornerstones - critical infrastructures, organization, and technology. Although critical infrastructures are beyond the direct control of the organization, balancing them is a critical component of corporate governance. Total security is neither technically feasible nor operationally practicable. Therefore, the organization must determine which information assets must be protected and the degree of protection. As Internet based commerce diffuses through society, there will be decreasing tolerance on the part of customers for losses stemming from perceived or actual cyber vulnerabilities. Only senior management can initiate the plans and policies that address the different aspects of security in a balanced and integrated manner. Leaving security primarily to the IT function will strengthen just one of the cornerstones - namely, technology - and will not yield the intended results. Security lapses are management failures more than technical failures. This article presents an organizational security approach that senior managers can use as a roadmap to initiate security plans and policies and audit their implementation.

About

Abstract

Information security is not a technical issue; it is a management issue. It rests on three cornerstones - critical infrastructures, organization, and technology. Although critical infrastructures are beyond the direct control of the organization, balancing them is a critical component of corporate governance. Total security is neither technically feasible nor operationally practicable. Therefore, the organization must determine which information assets must be protected and the degree of protection. As Internet based commerce diffuses through society, there will be decreasing tolerance on the part of customers for losses stemming from perceived or actual cyber vulnerabilities. Only senior management can initiate the plans and policies that address the different aspects of security in a balanced and integrated manner. Leaving security primarily to the IT function will strengthen just one of the cornerstones - namely, technology - and will not yield the intended results. Security lapses are management failures more than technical failures. This article presents an organizational security approach that senior managers can use as a roadmap to initiate security plans and policies and audit their implementation.

Related