Page 312 - Using MIS
P. 312

Security Guide







            one-StoP ShoPPInG





            In this chapter, you’ve learned how the problems of   privacy and security issues. Clients, personal trainers, and
            information silos shown in Figure 7-5 can be eliminated by   healthcare providers need to see a client’s complete exer-
            increasing the scope of information systems: Workgroup-  cise data. This means, however, that competing personal
            induced silos  can  be eliminated  by  developing enterprise   trainers (and health clubs) view data on their competitors’
            IS, and enterprise-induced silos can be eliminated by de-  practices. Is this a problem? It’s likely to be perceived as a
            veloping inter-enterprise IS. Nowhere in this discussion,   problem even if there is no real danger, and that perception
            however, have we thought about security.             could limit PRIDE sales and use.
               In fact, while removing information silos does have the   This example underlines some of the management
            advantages discussed, moving data into a single, central-  problems of inter-enterprise IS. Unlike an enterprise system,
            ized facility creates a potential security problem. Namely,   where everyone works for the same employer and, except for
            fraudsters can find all the data they want in one convenient   inter-departmental rivalry, has the same incentive to protect
            location. It’s one-stop shopping. So, data integration can   data, an inter-enterprise system can connect competitors
            make organizations more vulnerable.                  with different incentives and agendas. This fact not only in-
               On the other hand, centralizing data in one location en-  creases security risk, it takes away one of the major ways of
            ables the organization to focus security measures on a single   dealing with security flaws: procedures. In an enterprise sys-
            resource. The IS support staff need not manage security over   tem, it’s possible for the organization to set up manual proce-
            several, possibly many, distributed databases, but rather can   dures that compensate for security weaknesses in programs
            focus security management on a single  database. So,  assuming   or data controls. However, in an inter-enterprise system, if
            appropriate security management,
            the two factors counterbalance
            one another: Risk of loss is higher,
            but security against such loss can
            be focused and ultimately result in
            less actual risk.
               Consider how a large-scale
            integrated IS like the PRIDE sys-
            tem discussed at the start of this
            chapter can create unique se-
            curity concerns. To start, for the
            purpose of this guide, let’s assume
            that client privacy is appropriately
            protected. Clients only share the
            data with each of the PRIDE en-
            tities (employers, health clubs,
            equipment manufacturers, insur-
            ance companies, and healthcare
            providers) that they want to.
               Even with that assumption,
            however,  there  are significant
                                                                             Sources: © zentilia/Shutterstock and © andreiorlov/Fotolia

        280
   307   308   309   310   311   312   313   314   315   316   317