Security as a management or technological issue Essay

Security as a management or technological issue - Essay Example This study looks into information system security that is becoming a dominant and challenging factor for organizations, as it leverages many risks that are constantly changing. Every now and then, there are new security breaches resulting in massive losses in terms of customer confidence, as well as revenue. As information technology is now considered as the fundamental function, every organization acquires information systems for business automation. Moreover, electronic commerce has also introduced many businesses that are only virtually present. For instance, Amazon that is an online store for selling books generates revenue from the Internet. Customers pay via credit cards for the purchased books that are delivered to them. In this scenario, any sort of security breach may inject an SQL injection or cross site scripting attack on the website can affect the business as well as customer confidence. Therefore, securing the systems as well as data communication on the web is essentia l to protect. This also implies to personal or customer data that is maintained and managed by the organization. For instance, E- commerce based organizations stores information of their customer related to credit card numbers, telephone numbers, address, bank details etc. It is the responsibility of the organization to protect and secure data privacy. However, there is not a single law that states how to handle customer information. For this reason, organizations sell or trade customer information with business partners and even to third parties. Likewise, sometimes the sole purpose of this personal data exchange is funds. Although, every online organization has a privacy policy which states how they will handle and secure customer data but at the same time there is no verification criteria. In the following sections, we will discuss the technical as well as the managerial aspect of these three domains i.e. Information system security, privacy and data protection. Likewise, we will also discuss our main thesis i.e. is it a technical issue or a managerial issue for effectively handling and managing these issues in an organization. The first section will emphasize on all the technical aspects followed by all the managerial aspects and lastly comparing these two aspects for conclusion. 2 Information System Types and Coordination Organizing information systems is defined as the series of activities that are associated with information handling. Organizations expand their business gradually. For instance, strategic plan for any financial institution is to open a branch on every quarter of the year depending on stable revenue and defined achieved objectives. Similarly, the expansion of the organization create more risks and increase the workload for handling information because the maintenance, storage and exchange of information has now become more than ever before. Information handling takes place on three levels i.e. formal level, informal level and technical le vel (Dhillon 2007). The formal information system is associated with communication from third parties, suppliers, contractors, clients, regulatory authorities and financial sectors. As the word formal says for itself, it is a process in which rules are followed for making standardization of business practices and following standards is important for any organization. However, it terms of non-compliance, it may become a