Page 422 - Using MIS
P. 422
390 Chapter 10 Information Systems Security
security threats. After that, Q5 through Q7 address security safeguards. Q5 discusses
technical safeguards that involve hardware and software components, Q6 addresses
data safeguards, and Q7 discusses human safeguards that involve procedure and people
components. Q8 then summarizes what organizations need to do when they incur a
security incident, and we wrap up the chapter with a preview of IS security in 2025.
Unfortunately, threats to data and information systems are increasing and
becoming more complex. In fact, the U.S. Bureau of Labor Statistics estimates that
demand for security specialists will increase by more than 37 percent between 2012
and 2022 with a median salary of $86,170. This is strong growth considering computer
1
occupations are projected to grow at 18 percent and all occupations at 11 percent. If
you find this topic attractive, majoring in information systems with a security specialty
would open the door to many interesting jobs.
Q1 What Is the Goal of Information Systems Security?
Information systems security involves a trade-off between cost and risk. To understand the nature
of this trade-off, we begin with a description of the security threat/loss scenario and then discuss
the sources of security threats. Following that, we’ll state the goal of information systems security.
The IS Security Threat/Loss Scenario
Figure 10-1 illustrates the major elements of the security problem that individuals and organi-
zations confront today. A threat is a person or organization that seeks to obtain or alter data or
other IS assets illegally, without the owner’s permission and often without the owner’s knowl-
edge. A vulnerability is an opportunity for threats to gain access to individual or organizational
assets. For example, when you buy something online, you provide your credit card data; when
that data is transmitted over the Internet, it is vulnerable to threats. A safeguard is some mea-
sure that individuals or organizations take to block the threat from obtaining the asset. Notice
in Figure 10-1 that safeguards are not always effective; some threats achieve their goal despite
safeguards. Finally, the target is the asset that is desired by the threat.
Safeguards
Threats Target
Vulnerabilities
Blocked by
Safeguard Safeguard
Ineffective
No
Safeguard
Figure 10-1
Threat/Loss Scenario Loss
1 Bureau of Labor Statistics, U.S. Department of Labor, 2014–2015 Occupational Outlook Handbook, accessed June
6, 2014, www.bls.gov/ooh/. Information about information security analysts can be found in the Computer and
Information Technology section.
