Managing information resources: The impact of the personal computer on information security
This dissertation addresses the general problem of managing information resources through consideration of the impact of the introduction of the personal computer on the challenge of securing information in large organizations. The changing roles of information and information technologies are also considered. The impact of the PC on the basic requirements for all information--availability, accuracy, controlled accessibility, and the emerging issue of authorization--is considered along with changes to the corresponding information security problems--destruction, defect, and disclosure. The central thesis is that information systems comprise people as well as technologies, but that this fact is generally neglected in information security practice and theory. Five cases, including the author's experience as a product manager for computer security software, and reviews of the theoretical and general business literatures, are used to establish this argument. The analytical approach to the cases relies heavily on Schon's concept of experimentation-in-action by the "reflective practitioner." The socio-technical systems approach and various comparable learning theories suggest themselves as a superior analytical framework for the information security problem. The utility of these approaches as solutions to the information security problem is limited, however, by the fundamental fact that security problems may not provide the feedback that is necessary to the learning process that comprises comparison of actual to expected results, detection of deviations, and correction of errors. Since security errors may, and often do, go undetected, they do not provide the reliable feedback required for learning. A program of education and other measures is proposed to address the information security problem. Sample policies and programs, such as how to create "feedback," are detailed. Also discussed is the issue of how to integrate security education and related measures into existing programs. Desirable information security products or features that could be provided by PC hardware and software firms are also described. The thesis concludes with a discussion of why information security will remain a concern for both the organization and for society at large.
|Year of publication:||
|Authors:||Broholm, Paul Richard|
|Type of publication:||Other|
Dissertations available from ProQuest
Saved in favorites
Similar items by person
Broholm, Paul Richard, (1989)
- More ...