Information System and Security
Buy custom Information System and Security essay
The controlling of the problems within organizations is regarded as an issue that is calling for significant amount of attention from different professions that are attending to the information importance using the organizations. Nevertheless, the fundamental need for the development of a secure information system is still unfulfilled. This may be attributed to the fact that, focus has been directed on the ways of delivery of the information through technology, rather than on the appropriate factors that are related to the processing of that information. As a result, the information sectors have been trapped in the “technology trap” (Trcek, 2005).
According to Warman this technological trap is a situation that happens whenever new technology is introduced into the problematic situations by the technicians within the organization, without considering the implications entailed in such introduction. Though the information system security is currently gaining some levels of attention as an organizational issue, the determination to regulate the negative occurrences has been focused at the protecting the technology framework. This has its roots back to the functionalist orientation of the people who are responsible for the management of the information system security. Due to this, the security professionals have found it difficult to address the social attributes within the organizations. The purpose of the present work is to highlight the subject of the information systems security (Kim, 2010). To resolve the issue of “technological trap” the present work will explore various avenues as outlined below.
The Intellectual Map
In order to have a deeper understanding of the information system and its security, it is inevitable to have a theoretical framework that would significantly assist in classifying and tracing the available information on the topic. According to Morgan, he asserted that it is considerably important to understand the conceptual scope that is forming the basis of the methodological approaches. This will allow the interested parties to cut through the available literature that form the basis of the approaches (Trcek, 2005).
Various approaches to the information system security within organization, currently provides similar level of knowledge as that of the natural science. These approaches are often characterised as analytical and positivism. There are some occasional efforts that consider the subjectivism of the implementations. All theories of organization are founded upon the philosophy of science and on the theories of society (Bragg, 2002).
Therefore, they consider the assumptions about the knowledge to be used along the subjective and objective continuum and the theory related to the form of society on the lines of the regulation and radical transformation continuum. The objective nature of the social knowledge is described as a sociological positivism. This is characterised by the application of the models and approaches that are derived from the study of human affairs. The dimension of subjective is completely opposite the objective stands and it denies the applicability of the models and the approaches of social science such as sociology in the study of information system security (Michael E. Whitman, 2011).
The functionalist paradigm represent a view that is strongly founded in the sociological control and the approaches the subject of information system security from an objectivist perspective. Consequently, it is concerned with the control and the regulation of the affairs of organizations. Traditionally, a functionalist takes the social world to be made up of concrete artefacts (Kim, 2010).
Alongside various other approaches, the contingency theory is also part of paradigm. The contingency theory, as outlined by Woodward, it highlights the relationship between the technical and organizational systems. In her study, she indicated that the organizational effectiveness was the outcome of the match between the structure and situation. The informational system scholars have applied contingency theory aspects in establishing the matches between the organization and its environment. This theory was applied by Ives et al. in the determination of the success of the information system regarding the user satisfaction (Ridgewell, 1994).
Although the contingency theory is still dominating the field of information system, it provides a simplistic approach for the study of the information system security. Organizations and human beings are by far more complex than it is outlined in any single theory. The technical and social design s of Weir, though not exclusively functionalist in nature, they are subjected to the criticism for the same reasons. This is so because functionalists do not put into consideration the organizations as being loose with politics, conflicts and the power. The application of user satisfaction as an indicator of the success of the information system has also been put under severe criticism. This has been as a result of trying to quantify the information system variables without prior understanding of the relationships (Kovacich, 2003).
One of the prominent approaches for the specifying the security of the information systems is the checklist. The checklists are helpful in identifying every conceivable regulation than may be applied. The checklist techniques, though applicable in most cases, they have little conviction where they are used to search for the hypothetical basis in information system security. These approaches indicate where exclusive attention may have been given to the events that are observable without put into consideration the social nature of the problems. They inevitably attract attention onto the details of the process without considering the key function of understanding the substantive queries. Considering that procedures are constantly changing, these approaches offer minimal stability in ensuring security for the information system (Wood, 1987).
Risk analysis approaches
Various risk analysis approaches based on the functionalist paradigm call for biological and mechanical analogies. The approach implies that the negative events may be prevented and the security of the information system may be ensured when countermeasures are implemented and developed in a logical sequential way. Technically all the risk analysis methods prescribe discrete steps. Such methods may be considered to have a linear origin and may be controlled scientifically. The structural risk analysis approach, for instance views the information system in form of data structures, data processing as well as events in the information system. The key principle in assessing risk is to find the correspondence that is between the vulnerability and threat. This approach is based in the concept of systems theory.
Risk analysis as an approach for addressing the security of information system, may be seen as a flagship of the current security management, which has enabled the organizations to justify the cost of the modern information system security as well as to avoid the application of unguaranteed and expensive systems security controls. Most researches of the information system security apply the analysis in various forms. Risk analysis approaches may provide ways of forecasting the financial benefits vis-à-vis the original investments. It is such system management knowledge that laid the foundation of the other security approaches, such as Courtney approach (Kovacich, 2003).
The automated risk analysis approaches, such as CCAT Risk and Management Methodology, which are used in conducting the risk analysis and other related management reviews. The opportunities that are offered by the risk analysis are also the subject of interest for study.
Risk analysis has advantages over the other approaches in that it may be used as a mean toward designing the controls of security. According to Baskerville, he attempted to minimise the significance of the risk analysis by embedding controls in the logical model of the information system. He felt that the optimal approach to the designing and implementation of the security analysis, both for office and field work, would basically be to nest the approach as a component of the already existing, successful, established information systems analysis approach (Sheehan, 1982). He found that the structural security analysis may be carried out in the similar way as the structural systems analysis. In his demonstration, he used DeMacro’s structural systems analysis as well as the specification approach and the logical design of the controls. The control identifications are carried out by the developing a formal heuristics. Though beginning from differing assumptions, at operational level Baskerville’s approach is similar to other analysis approaches (Bragg, 2002).
Whatever the claim of the risk analysis approaches in comparison to another, there is minimal difference in the basic hypothetical assumptions. However, a careful consideration of the risk analysis methods implies that the boundaries between the different levels of risk analysis may be uncertain. Regardless of the diversity that is reflected in the available information, the issues that separate the classes are insignificant.
The other category of the research in the computer security is the evaluation approaches, whose rationale comes from the need to measure the security level. Though it has proved to be difficult to accord a value to the level of security, several techniques exist that help in the process of grading the security of IS. Among the other approaches of securing the information system is the Bell La Padula. The approach dealt with the discretionary and mandatory access control system with the basic objective of preventing unwarranted disclosure of the information (Sheehan, 1982).
The evaluation approaches have been implemented in countries such as the US and UK. The department of trade and the department of government communications in the UK, produced a series of Green Books. The Green Books were meant for the commercial information system security. The other countries that embraced the evaluation approaches include: Franc e, Netherlands and Germany. The nations have combined the optimal features of the national initiatives. However, the evaluation approach though, have attained public approval, they have failed to provide comprehensible solutions and are not acceptable to the body of research. The national scope initiative tends to focus on the best way as it has been provided for by Taylor in scientific management (Tashi, 2008).
Despites some fundamental benefits that are in the evaluation approaches, there is a restricted long term application. The security evaluation methods may wound up to problems since they tend to provide rational explanations to the social affairs. The traditional approaches that are developed for military application have been transformed and applied in commercial sector. Given that the social world of a defence area significantly differs from the commercial field, there should be coherence and compatibility concerns.
Key Characteristics of the Risk Evaluation and Analysis Security Methods
In summary, the key characteristics of the risk evaluation and analysis security methods based on the funtionalist tradition may be enumerated as:
- The organization and the information systems may be considered as strict boundaries that differentiates them from the other environment.
- The security management and the information systems are conceptualised as being processual, hence focusing on throughput, input, feedback and output mechanisms.
- The organizations and their information systems are regarded as secure in case the models are satisfied.
- The different models that assist in ensuring that part of information system is equally interdependent.
- The overall IS security may be attained through analysis of the behaviour of the constituent elements of the systems.
The Radical Structuralist
The security and information system researchers from radical structuralist paradigm are interested in exploring the myths perpetuated by the functionalists. The radical structuralist assume that the commercial environment, computer based super-structures and social organization are locked into the dynamic procedure of a dialectical materialism. In this regard, they do not view organizations as monolithic structures that have singularity of the purpose and of direction. Alternatively, organizations are regarded as loosely coupled coalitions that have conflicting groups. It is assumed that these groups are in discordance with each other, though order may be restored through negotiations (Ridgewell, 1994).
In developing and implementation of security system based on the radical structuralist paradigm, the designers tend to regard the end users in the organization over other users. It is believed that there is a conflict of interest between the top management,, and the end users, here, the system developer should intervene so as to resolve this conflict. The discordance may come from the prestige, resources or power. In this regard, the process of developing system security is viewed as a catalyst for resolving the problems through participation (Tashi, 2008).
However, the participation tends to be biased to the end users of the information system. Information system security designed with such emphasis may promote reinforcement of the craftsmanship and the operational conditions.In spite of the IS success background in the radical structural viewpoints, there ought to be criticism of the fundamental assumptions. In various instances the core ideal may be co-operation.
Results and Conclusion
To resolve the issue of “technological trap” and to address subject of the information systems security, the intellectual framework assist in the process of tracing the information within the system as well as classifying to ease its accessibility to the users. The intellectual framework is based on the radical transformation continuum and objective and subjective continuum.
The security of the information system is achieved by the application of the models and approaches that are derived from the study of human affairs. The dimension of subjective is completely opposite the objective stands and it denies the applicability of the models and the approaches of social science such as sociology in the study of information system security.
On the other hand, the functionalist paradigm represents a view that is founded in the sociological control that approaches the subject of information system security from an objectivist perspective. It is concerned with the control and the regulation of the information security in organizations. The contingency theory is a part of the functionalist paradigm. The contingency theory aspects are applied in establishing the matches between the organization and its environment. This theory may be used in the determination of the success of the information system regarding the user satisfaction.
The contingency theory provides a simplistic approach for the study of the information system security. The technical and social designs are subjected to the criticism because functionalists do not put into consideration the organizations as being loose with politics, conflicts and the power. The application of user satisfaction as an indicator of the success of the information system has also been put under severe criticism. This has been as a result of trying to quantify the information system variables without prior understanding of the relationships.
Technically all the risk analysis methods prescribe discrete steps. Such methods may be considered to have a linear origin and may be controlled scientifically. The structural risk analysis approach, for example views the information system in form of data structures, data processing as well as events in the information system.
Risk analysis approach of addressing the security of information system is a flagship of the current security management, which has allows the organizations to justify the cost of the information system security and to avoid the application of unguaranteed and expensive systems security controls. These approaches provide ways of forecasting the financial benefits vis-à-vis the original investments. It is such system management knowledge that laid the foundation of the information security system approaches.
Buy custom Information System and Security essay