Ethics in the Security of Organizational Information Systems

Organizational security initiatives by corporations have been voted number one for IT project priorities for the year 2006. The increasing concern for the security of information systems is further intensified with the plethora of governmental regulations emphasizing security, both of information systems and of soft data. The Health Insurance Portability and Accountability Act (HIPPA), the Sarbanes Oxley (SOX) Act, and the U.S. Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (U.S. PATRIOT) Act make it mandatory to ensure the security of electronic records and the integrity of data. Security of informational assets is a huge responsibility for organizations that are IT intensive. A strong IT infrastructure in organizations brings convenient and fast access to data across the globe. With such access comes an added burden in the form of protection and safeguarding of crucial data. Since soft data is more vulnerable to malicious attacks from outsiders than physical hard copies of data, which may be securely locked in an office, it calls for organized and efficient information assurance practices in the form of detection and prevention of breaches in networks, data usage procedures, and data storage procedures. Various sophisticated technical solutions to these problems such as firewalls, access control models, and cryptography technology are available. However, these technical efforts to ensure the integrity of information are not sufficient to achieve a secure information system in an organization. The organizational as well as behavioral issues of security endeavors need to be explicitly planned for by management. After all, it is the human aspect of security that is the weakest link in an integrated security approach to information systems. BACKGROUND