Information and Decision Sciences Department, Curtis L. Carlson School of Management, University of Minnesota, 271 19th Avenue South, Minneapolis, Minnesota 55455
Information security has not been a high priority for most managers. Many permit their installations to be either lightly protected or wholly unprotected, apparently willing to risk major losses from computer abuse. This study, based on the criminological theory of general deterrence, investigates whether a management decision to invest in IS security results in more effective control of computer abuse. Data gathered through a survey of 1,211 randomly selected organizations indicates that security countermeasures that include deterrent administrative procedures and preventive security software will result in significantly lower computer abuse. Knowledge about these relationships is useful for making key decisions about the security function.
The article discusses key issues and laws relevant to information use in organizations and proposes specific methods for dealing with legal liability. The author explains that the legal status of information in its electronic forms of programs and the rights of individuals to keep private some information about themselves is not clearly defined in the patchwork of old and new legislation on Computer-based information. The author states that as information usage in organizations increases there will be a need to decrease the information liabilities of managers and their organizations. The discussion within the article focuses on the protection of intellectual property rights concerning programs and the protection of individual rights to privacy of information stored in computer-based systems. INSETS: Scenario 1.;Scenario 2..