Information security management system is an information system component that is mainly concerned with ensuring the integrity of information system resources which include the technological components and data contained in an information system. The importance of information systems security cannot be overstated owing to the importance that data has been accredited in the operational environment (Brancik 12).
Information in the current environment is more than a tool that organization use in gaining competitive advantage for it plays an important role in determining the opportunities and threats that an organization is faced with in its operations. Recent developments in business environment show that there has been an increase in financial scandals thus there is a more pronounced need for better information security management systems. Understanding these components and the actual implementation of such systems is essential to their practical employment and is the main concern of this paper.
Financial Scandals Fraud and financial mismanagement are some of the most common threats that organizations are faced with in their operations. It is of critical importance that organizations in their operations develop systems that are largely relevant to the nature of their operational environment. Developments in information technology place existing information systems at risk (Brancik 105). The over dependence on technology in the implementation of security systems imply that any change or improvement in technology presents a number of threats (Brancik 153).
Hacking and cracking are considered the greatest threat to information systems and they pose a great threat to financial security of an organization (Whitman and Mattord 89). Hackers are known for their use of advanced systems to get into systems and gain information that could bankrupt organizations. Moreover, cyber crime is one of the greatest risks brought forward by development in information systems in that it is now possible for criminals whose locations cannot be easily determined to actually defraud organizations without necessarily carrying guns and holding hostage workers.
According to the FBI, organizations lose millions of dollars in a year to hackers and crackers who have due to their actions earned a right to be accorded more weight in coming up with information systems (Tipton and Krause 193). It has further been revealed that the threat of viruses, logic bombs and denial of service attacks have the ability to impact on the financial records of an organization in an indirect manner. It is worth noting that accounting is mainly concerned with bookkeeping and maintenance of the financial information on a business entity.
Any threat to an organization’s information system therefore has considerable effect on the accounting system that will be used. Simply, developing records requires information and the threat of hackers, viruses and logic bombs affect the levels of accuracy and therefore integrity that can be attained in preparation of such records. Such information integrity risks also pose a threat of actual fraudulence of an organization. A recent development in information security systems management is the threat brought by social engineering.
Fraudsters have in recent times posed as people in higher authority and sought information regarding organizations (Whitman and Mattord 109). This kind of information conning involves willing provision of information to an entity posing as one in power. Use of such information is often detrimental to organizations and the fact that information has been transferred to an entity that should not be in possession of the information is a dent on the integrity of the information system.
Members of an organization are the key threat to integrity of an information system. Most information systems are developed in a manner that seeks to deal with external threats and rarely address the threats posed by internal entities. Most financial scandals in 2001 were resultant of internal entities especially managers and auditors who knowingly changed information regarding the financial performance of various organizations or used systems of disclosure that did not reveal the actual performance of their respective organizations (Whitman and Mattord 198).
Use of offshore accounts was made possible by poor assessment within such organizations which made it possible for culprits to create and portray a picture of good performance while they were crumbling. Analysis Information security management system is concerned with ensuring the integrity of all resources held by an information system. Its main role is ensuring the enforcement of confidentiality, integrity and the accuracy of an information system. It is thus important that information security management systems be developed in consideration of the nature of security threats that organizations are faced with in their operations.
Moreover, it is upon the information security management system to monitor the nature of threats that an organization’s information is faced with and determine if the strategies the organization employs are relevant to the nature of the threats (Whitman and Mattord 149). Information technology under this consideration is a tool use to enforce information system strategies and has little effect on the levels of efficiency that can be attained rather strategies should be developed in a manner that ensures information management objectives are well addressed.
Most organizations fall prey to the misplaced assumption that information systems should be developed with the latest technologies which include the most sophisticated of firewalls and antispyware. While such approaches may make it easy to deal with threats this goal cannot be attained if the threats are not known and the actual strategies aided by technology are irrelevant to the nature of threats. Using latest antivirus packages does little to prevent the activities of fraudulent managers which affect the integrity of information systems (Brancik 105).
Failure of an information security management system just like the failure of any information system in meeting its objectives can arise in formulation of the system. Understanding the intricate details of an information system and the information needs of an organization are all important in the development of strategies that will be employed by the information security management system. Assumption that threats to information system integrity are only from external entities should never be allowed; in fact assumption on the nature of threats should not be allowed.
Information security management systems are used in ensuring strategic implementation of operational processes and should therefore be developed with a keen eye for accuracy (Whitman and Mattord 102). This can only be attained by objective implementation of IMIS which would ensure actual issues are touched on. Though IMIS is heavily reliant on technology, the people component of the system must never be forgotten. Threats to an information system in most cases originate from the people component of the information systems (Bidgoli 143).
All threats that are not natural or caused by decay of storage material or failure of technological system components for a majority of threats arise from the human component. It is the people that interact with information systems to meet its goals and it is thus imperative that formulation and implementation of IS put this important fact into perspective. Failure in developing systems that put into consideration that organizations are made up of people who present a risk and play an important role in mitigating risks to an information system may lead to IMIS whose implementation is challenged from all angles.
Resistance to information security management system can arise from failure in incorporating the values, attitudes and norms that define members of an organization in the formulation phase. Failure in incorporating organizational culture and thus seeking the appreciation of members of an organization in developing an information security management system is one of the key areas that organizations fail in (Brancik 105).
Others just developed their information systems and fail to incorporate components that will ensure evaluation of the relevance of the security system to the nature of threats in the information environment. Though information security management system seek to evaluate and ensure the security of the information systems, it is important that the IMIS is evaluated regularly to ensure that the strategies it employs are relevant to its objectives of ensuring the integrity, accuracy and confidentiality of the information system.
Conclusion Information systems are critical to organizational operations and should therefore be implemented in a manner that ensures integrity, confidentiality and accuracy. Failure in incorporating and evaluating measures that ensure the integrity, confidentiality and accuracy of information system is a manifestation of failure of IMIS and places information systems in positions where they are gullible to attacks from both internal and external entities.
Cyber crime, hacking and internal fraud can all be blamed on failure of IMIS and it is thus important that each and every information system developed must implement an IMIS in a manner that puts into consideration the true nature of threats, the people component of an IS and IMIS and the fact that both need to be reviewed to ensure they are relevant to changes in the nature of the operational environment. Work Cited Bidgoli, Hossein.
Handbook of information security. New York, NY: John Wiley and Sons, 2006. Brancik, Kenneth. Insider Computer Fraud: An In-depth Framework for Detecting and Defending Against Insider IT Attacks. Boca Raton: CRC Press, 2007. Tipton, Harold and Krause, Micki. Information security management handbook. 5th ed. Boca Raton, FL: CRC Press, 2005. Whitman, Michael and Mattord, Herbert. Principles of Information Security. London: Cengage Learning EMEA, 2008.