The preservation of the integrity, availability, and confidentiality of information system (IS) resources is increasingly gaining currency among researchers and business practitioners due to the rising cases of computer crime and misuse (Schell, 2013). As such, computer security has become an integral component in IS contexts that underscores the need for individuals and organizations to take a proactive approach in preventing incidents that may compromise the confidentiality, integrity, and availability of the systems (Bella, Curzon, & Lenzini, 2015). This paper uses extant literature to illuminate some of the important elements of computer security.
Elements of Computer Security
The first element is that computer security should support the mission of the organization in terms of safeguarding its physical and financial capabilities, status, legal position, employees, as well as other material and nonmaterial resources (Schneider, 2015).
Owing to the fact that most organizations view security as a secondary role to the primary objectives of making a profit and providing services to customers, it should be the function of the senior management to align the mission and strategic objectives of the organization with available information systems to ensure optimal support. Another important element is that computer security should be an integral component of sound organizational management by virtue of the fact that the systems operate to provide the management with the leverage to achieve the mission and objectives of the organization (Bella et al., 2015).
The task of protecting information and computer systems, therefore, should be as significant as that of protecting other organizational assets, and the management should always have a criterion for use in deciding about the degree of risk they are willing to accept without compromising the systems.
The third element of computer security is that it should be cost-effective in terms of ensuring the cost of controls that are implemented by the organization does not surpass the expected benefits. This means that the direct costs (e.g., purchasing, installing, and administering security systems), as well as the indirect costs (e.g., poor system performance, retraining requirements, and low employee morale), should not exceed the benefits availed by the use of a particular security application (Bella et al., 2015; Schneider, 2015).
The fourth element relates to the fact that computer security responsibilities should be made clear through the implementation of organizational policies that define proper usage behaviors and incidences of misuse. This element is important in ensuring that the employees and other relevant stakeholders are able to make use of the systems without compromising their integrity and confidentiality (Krutz & Vines, 2012).
Available literature underscores the need for system owners to demonstrate computer security responsibilities outside their own enterprises to not only protect their own businesses but also to ensure that their operations do not interfere with the information and computer systems of other companies (Krutz & Vines, 2012).
This element of computer security is important in ensuring a level playing field for business competitors, reducing unethical business practices such as espionage, and guaranteeing that organizational owners are held accountable for their actions or shortcomings. The sixth element of computer security underscores the need for information systems managers to design a comprehensive and integrated approach in dealing with the security, confidentiality, and privacy of information and data (Trcek, Trobec, Pavesic, & Tasic, 2011).
This element considers the interdependencies of security controls (e.g., how the administrative, physical, and algorithmic controls can be integrated together for optimal security) as well as other mutually supporting components such as system management, legal issues, and quality assurance (Schneider, 2015). As such, it is important to train employees and other stakeholders on how to use a secure system and the interdependencies that could be employed to ensure optimal security.
Another element concerns the fact that computer security should be occasionally reassessed and reevaluated to keep up with dynamic operating environments that are known to create new and potentially dangerous vulnerabilities (Bella et al., 2015; Schneider, 2015). This element reinforces the need to continually upgrade systems and security components to reduce new vulnerabilities that are often created by malicious individuals with the view of gaining unauthorized access to secured information and data.
The final element is that computer security is inhibited by societal factors such as educational level, cultural predispositions, belief systems, availability of key infrastructure, and population awareness (Trcek et al., 2011). This element underscores the need for security managers to assess social and cultural issues that may limit computer security in their own jurisdictions and devise mechanisms that could be employed to reduce vulnerabilities emanating from these issues.
This paper has discussed some of the most important elements of information security as documented in extant literature. It is clear from the discussion that these elements can be used by computer security managers and consultants to preserve the integrity, availability, and confidentiality of IS resources by reducing incidences of security violations in work-related settings. Although the elements are not exhaustive, the knowledge achieved from this discussion can be used to develop strategies and organizational policies aimed at optimizing the security of information and communication systems.
Overall, the elements underscore the need to ensure that issues of computer security are not relegated to the periphery as they are equally important in helping organizations to achieve their strategic objectives.
Bella, G., Curzon, P., & Lenzini, G. (2015). Service security and privacy as a socio-technical problem. Journal of Computer Security, 23(6), 563-585.
Krutz, R.L., & Vines, R.D. (2012). The GEH prep guide: The comprehensive guide to certified ethical hacking (2nd ed.). Indianapolis, IN: Wiley.
Schell, R.R. (2013). Computer security: The Achilles’ heel of the electronic airforce? Air & Space Power Journal, 27(1), 158-192.
Schneider, G.P. (2015). Electronic commerce (11th ed.). Stamford, CT: Cengage Learning.
Trcek, D., Trobec, R., Pavesic, N., & Tasic, J.F. (2011). Information systems security and human behavior. Behavior & Information Technology, 26(2), 113-118.