In formation systems security remains high on the list of key issues facing information systems executives. Traditional concerns range from forced entry into computer and storage rooms to destruction by fire, earthquake, flood, and hurricane. Recent attention focuses on protecting information systems and data from accidental or intentional unauthorized access, disclosure, modification, or destruction. The consequences of these events can range from degraded or disrupted service to customers to corporate failure. This article reports on a study investigating MIS executives' concern about a variety of threats. A relatively new threat, computer viruses, was found to be a particular concern. The results highlight a gap between the use of modern technology and the understanding of the security implications inherent in its use. Many of responding information systems managers have migrated their organizations into the highly interconnected environment of modern technology but continue to view threats from a perspective of a pre-connectivity era. They expose theft firms to unfamiliar risks of which they are unaware, refuse to acknowledge, or are often poorly equipped to manage.
As Information Technology (IT) has become increasingly important to the competitive position of firms, managers have grown more sensitive to their organization's overall IT risk management. Recent publicity concerning losses incurred by companies because of problems with their sophisticated information systems has focused attention on the importance of these systems to the organization. In an attempt to minimize or avoid such losses, managers are employing various qualitative and quantitative risk analysis methodologies. The risk analysis literature, however, suggests that these managers typically utilize a single methodology, not a combination of methodologies. This paper proposes a risk analysis process that employs a combination of qualitative and quantitative methodologies. This process should provide managers with a better approximation of their organization's overall information technology risk posture. Practicing managers can use this proposed process as a guideline in formulating new risk analysis procedures and/or evaluating their current risk analysis procedures.
A stage hypothesis for information centers (ICs) is proposed and 26 critical success factors (CSFs) for IC managers are investigated. Based on 311 responses from IC managers, support is found for the proposed stages and information is provided about the importance of the CSFs. A principal components analysis is performed on the 26 CSFs which identifies five composite CSFs: (1) commitment to the IC concept; (2) quality of IC support services; (3) facilitation of end-user computing; (4) role clarity; and (5) coordination of end-user computing. Statistical tests show that the importance of these composite CSFs tend to vary among themselves but is relatively constant individually across the IC stages.
There are a number of organization structure alternatives for supporting decision support systems, and each alternative has its advantages and disadvantages. One emerging alternative, that of providing support through an end-user services group, is being successfully used by the Oglethorpe Power Corporation.
The information center concept originated in the mid-seventies as IBM attempted to respond to the growing backlog of requests for MIS service. IBM, like many firms, discovered that the DP/MIS organization was unable to respond to the large number of requests for new systems. As a partial solution, information centers were installed at IBM and other firms to support end-user computing--the environment in which users address information needs directly. This concept of support for end-user computing has been well accepted. This research studied the way 20 firms in the Dallas-Fort Worth, Texas area operationalized the concept, comparing their information centers with the IBM/Hammond model. This paper compares the findings of empirical research to the contentions made by Hammond in his IBM Systems Journal article of 1982 [11]. Agreement was found with only one-half of Hammond's propositions. The areas of disagreement are considered important.