Showing papers in "Information Management & Computer Security in 1993"
TL;DR: An analysis of both neural networks and expert systems applications in terms of their capabilities and weaknesses is presented, using examples of financial applications of expert systems and neural networks to provide a unified context.
Abstract: Neural networks and expert systems are two major branches of artificial intelligence (AI). Their emergence has created the potential for a new generation of computer‐based applications in the area of financial decision making. Both systems are used by financial institutions and corporations for a variety of new applications from credit scoring to bond rating to detection of credit card fraud. While both systems belong to the applied field of artificial intelligence, there are many differences between them which differentiate their potential capabilities in the field of business. Presents an analysis of both neural networks and expert systems applications in terms of their capabilities and weaknesses. Uses examples of financial applications of expert systems and neural networks to provide a unified context for the comparison.
17 citations
TL;DR: The ISM⊃2 introduces the idea of international security criteria or international security standards (baselines) to enable information security evaluation according to internationally‐accepted criteria.
Abstract: Information Security Management consists of various facets, for example Information Security Policy, Risk Analysis, Risk Management, Contingency Planning and Disaster Recovery which are all interrelated in some way. These interrelationships often cause uncertainty and confusion among top management. Proposes a model for Information Security Management, called an Information Security Management Model (ISM⊃2) and puts all the various facts in context. The model consists of five different levels defined on a security axis. ISM⊃2 introduces the idea of international security criteria or international security standards (baselines). The rationale behind these baselines is to enable information security evaluation according to internationally‐accepted criteria.
9 citations
TL;DR: A recent study of 50 Australian information systems development environments highlights a continuing lack of corporate security measures by Australian business organizations and recommends actions to rectify the current predicament.
Abstract: A recent study of 50 Australian information systems development environments highlights a continuing lack of corporate security measures by Australian business organizations Project managers and developers are battling the rising surge of computer‐related crime with little support from their corporate management This has occurred in spite of refinements in software development and the subsequent constraints on access to these systems at a working plane Outlines, for corporate management, the results regarding lack of corporate commitment to the security of information systems in Australia and recommends actions to rectify the current predicament
8 citations
TL;DR: The study studies trichotomy of Saudi organizations, investigating reasons behind their computerization and determining their future computerization plans, and offers pointers for action to facilitate the computerization process among organizations in this Arabian Gulf country.
Abstract: Examines the computing environment in Saudi Arabia. Studies trichotomy of Saudi organizations. After profiling these organizations, investigating reasons behind their computerization and determining their future computerization plans, the study offers pointers for action to facilitate the computerization process among organizations in this Arabian Gulf country.
7 citations
TL;DR: Analyses some of the 497 cases of computer abuse recorded by the Australian Computer Abuse Research Bureau since its inception in 1978, and features include perpetrators and the law, and computer abuse by industry.
Abstract: Analyses some of the 497 cases of computer abuse recorded by the Australian Computer Abuse Research Bureau, since its inception in 1978. Features include perpetrators and the law, and computer abuse by industry.
7 citations
TL;DR: This tool will provide top management with information security status reporting in a clear, non‐technical format, and suggest implementation of an information security management model by means of an evaluation tool.
Abstract: Top management is responsible for the wellbeing of the organization. Most organizations nowadays are dependent totally on the availability and effectiveness of their information service resources. For this reason it is imperative that top management gets involved and stays involved in the protection of the information service assets of the organization. This can only be accomplished through a process of continuous information security evaluation and reporting. An information security evaluation and reporting tool, representing the information security status in a concise, clear manner, will help a great deal in ensuring top management involvement. Suggests implementation of an information security management model by means of an evaluation tool. This tool will provide top management with information security status reporting in a clear, non‐technical format.
7 citations
TL;DR: It is argued that the objective use of EIS can be considered as a strategic management aid to top management teams and that the characteristics of the classes within this taxonomy are explored.
Abstract: Develops a classification of executive information systems. (EIS). EIS implementations cluster into four distinct groups, called the 4 Cs: Conglomerate; control and monitoring; competitive and intelligence; communication and efficiency. Explores the characteristics of the classes within this taxonomy. Argues, among other things, that the objective use of EIS can be considered as a strategic management aid to top management teams.
6 citations
TL;DR: OSA is an architecture which will provide the basis for the selection, design and integration of products providing security and control for a network of desktop personal computers, “mobile” notebook computers, servers and mainframes.
Abstract: Outlines the Open Security Architecture (OSA). OSA is an architecture which will provide the basis for the selection, design and integration of products providing security and control for a network of desktop personal computers, “mobile” notebook computers, servers and mainframes. States that the purpose of this architecture is to provide an environment where: acceptable and workable controls can be placed on sensitive data; user productivity and existing investments in applications are not negatively impacted by the addition of control and security; data flow around the organization, and the investment that has been put in place to support this capability (e.g. local‐area, wide‐area, and telephonebased networks) can still be used to enhance information exchange between users; and all workstations, regardless of their location, operating system, or capability to connect to a network, can be included and easily administered under this architecture.
6 citations
TL;DR: The authors discusses the potential of information technology and pays attention to the difficulties experienced by developing countries and discusses some problems of information: the awareness problem; government neglect of the information function; inadequate indexing; poor administration in libraries; and information overload.
Abstract: Contends that information should be added to the six management functions enunciated by Henri Fayol in 1916. Considers some problems of information: the awareness problem; government neglect of the information function; inadequate indexing; poor administration in libraries; and information overload. Discusses the potential of information technology and pays attention to the difficulties experienced by developing countries.
4 citations
TL;DR: Risk analysis of information security and its aim of placing risk exposures into perspective and providing a basis for comparing the risk exposure with the cost of the solution is examined.
Abstract: The need for security for the business user is all important these days especially as the trend is to distribute computing power in the user environment. Examines risk analysis of information security and its aim of placing risk exposures into perspective and providing a basis for comparing the risk exposure with the cost of the solution. Views two different approaches, qualitative and quantitative, based on the mixed influences of Dr Jerry FitzGerald′s matrix approach and Bob Courteney′s approximation scales. Assesses the strengths and weaknesses of the analysis.
4 citations
TL;DR: The survey evaluates the extent of computer usage within the UK at a general level, as well as focusing on specific areas such as management support systems, IS strategic planning and strategic alignment of business and IS.
Abstract: The evolving information systems (IS) field has been the subject of much research and observation in recent years. Much of the work has been US based. By contrast, this empirical survey analyses the current state of IS practices within UK‐based organizations. The survey evaluates the extent of computer usage within the UK at a general level, as well as focusing on specific areas such as management support systems, IS strategic planning and strategic alignment of business and IS. Where possible, compares the results of this survey with previous surveys and forecasts, and analyses differences. Identifies topics worthy of further investigation.
TL;DR: Lost, stolen, destroyed, compromised, or exploited, computer information can cripple a company irrevocably, deplete shareholder assets, and leave the CIO and other executives legally vulnerable if they have not taken relevant measures to ensure the security and integrity of corporate information resources.
Abstract: Lost, stolen, destroyed, compromised, or exploited, computer information can cripple a company irrevocably, deplete shareholder assets, and leave the CIO and other executives legally vulnerable – professionally and personally – if they have not taken relevant measures to ensure the security and integrity of corporate information resources.
TL;DR: Results showed that all but one of the companies believed the IT factor was the most important aspect at the pre‐merger planning stage, but post-merger IT seemed to be less important than expected.
Abstract: A group of financial services companies which had recently merged were questioned to determine how differences in IT systems affected merger implementation. Results showed that all but one of the companies believed the IT factor was the most important aspect at the pre‐merger planning stage. Post‐merger, generally IT seemed to be less important than expected, the systems differences had not slowed down company integration but new systems development was affected. Although not all companies had estimated systems mergers costs beforehand, none found these actual costs were higher than anticipated. In only one example was IT systems merger the main determinant of full company merger.
TL;DR: How admissions can more accurately be predicted and how a systematic approach to communications with potential students be developed should make it easier to respond to government pressures exerted, with regard to increasing student numbers.
Abstract: Looks at Management Information Systems and their application with regard to higher education and recruitment in universities. Discusses how admissions can more accurately be predicted and how a systematic approach to communications with potential students be developed. Concludes that data analysis techniques and analysis should make it easier to respond to government pressures exerted, with regard to increasing student numbers.
TL;DR: Data communications is a relatively neglected topic, which is surprising as it offers the infrastructural platform that can help to provide organizations with flexibility and responsiveness.
Abstract: Data communications is a relatively neglected topic, which is surprising as it offers the infrastructural platform that can help to provide organizations with flexibility and responsiveness. DataComms 2000 explores the business themes and issues, and technology drivers and focus that will shape the industry. Explores the perspectives of a range of different actors.
TL;DR: Surveys existing literature pertaining to the role of communication and information in generating innovation in organizations and systematizes the literature in a model displaying CIF in relation to the above question.
Abstract: Surveys existing literature pertaining to the role of communication and information in generating innovation in organizations, aiming to organize innovation literature, coupled with information and communication in organizations, around critical innovation factors in the various phases of the information process, and asking, principally, what critical innovation factors, coupled with information and communication, exist in the various phases of an innovation process? Finally, systematizes the literature in a model displaying CIF in relation to the above question.
TL;DR: A new computer package is introduced which can address the problem of computer passwords by generating difficult‐to‐guess passwords by removing human judgement from the password construction process.
Abstract: Suggests that computer passwords can pose a major computer security risk, as password guessing is the most prevalent and effective method of system penetration. Introduces a new computer package which can address this problem by generating difficult‐to‐guess passwords by removing human judgement from the password construction process.
TL;DR: A study of security officers in a large Australian organization examined the security awareness of these officers and the reasons for, and current management practices of, shared logons, finding that work flow efficiency was more important than access control.
Abstract: User identifiers/passwords are an integral part of the first line of defence of a computer system. Ideally, each user should have a unique logon assigned to him or her but because of work demands, the practice of sharing logons in user groups is now emerging. A study of security officers in a large Australian organization examined the security awareness of these officers and the reasons for, and current management practices of, shared logons. It was found that work flow efficiency was more important than access control and that policies for user group access control are urgently needed.
TL;DR: Investigating attitudes regarding the ethical use of computers in samples of business students from universities in the United States and Australia finds that the two groups are statistically significantly different on 17 of the 26 ethics questions.
Abstract: Compares attitudes regarding the ethical use of computers in samples of business students from universities in the United States and Australia. Finds that the two groups are statistically significantly different on 17 of the 26 ethics questions. Results show that significant differences in attitudes towards property and privacy issues exist; attitudes toward ethics in employee‐employer relations were not significantly different. In general, students in Australia tend to take ethical positions supporting greater freedom of action for computer users, while students in the United States take more restrictive positions.