Title: Preparing Information Systems (IS) Graduates to Meet the Challenges of Global IT Security: Some Suggestions.
Abstract: 1. INTRODUCTION Information security and assurance management is vital for the success of organizations. It is particularly relevant for global companies whose customers demand a high level of security for their products. Meeting such high expectations requires companies to study security best practices, continually invest in technical and human resources, and implement a secure corporate environment. The goal of this paper is to discuss some security challenges faced by global organizations and to provide suggestions to IS academics concerning security curriculum to effectively educate the next generation IT workforce to meet these challenges. 2. SECURITY CHALLENGES FACED BY GLOBAL COMPANIES This advisory focuses on security challenges faced by global companies. For instance, security challenges faced by a multinational company operating manufacturing plants in several countries are likely to be much different than those of a company with a manufacturing plant in a single location. The goal of this section is to present some security challenges faced by global companies. What many companies do in terms of security is driven by the needs of their customers. For instance, consider the case of a global manufacturing company that makes hardware for a smart card. Smart cards include embedded integrated circuits and customers generally provide the manufacturer with a detailed list of functional and assurance requirements for security. The manufacturer of the hardware is expected to comply with the specifications of the customer. If the company decides to manufacture in two plants in Europe and the U.S., it becomes important for the manufacturer to have uniform security standards in both plants. These security standards may include many aspects such as how firewalls are managed, how data is encrypted, type of security policies, and implementation of security policies. Having uniform security standards in both plants makes it easier for the company to support these plants and the customer to audit the security. Some customers require the manufacturers to conform to the Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria). Common Criteria is an internationally recognized technical standard, which includes a framework that is used for evaluating the security of Information Technology (IT) products and technology (SANS Institute, 2003). Common Criteria assures that the processes involved in creating a computer security product have been conducted in a standard manner. The extent to which manufacturers meet specifications can be tested by laboratories. For global companies, meeting Common Criteria standards presents a challenging task because of the time and effort involved in preparing the documentation for security evaluation. Having the ability to meet the needs of customers with high security requirements helps companies meet the security demands of other customers as well. However, achieving this high level of secure environment comes at a great expense. Research by Gartner finds that global spending on security is expected to increase 8.4% to $60 billion in 2012 and projects the spending to increase to $86 billion in 2016 (CIO Insight, 2012). Thus, organizations must incur large costs from an IT perspective to implement and maintain this high level of security environment. Some security challenges faced by companies may not be technical in nature but related to human elements. A majority of the communication between customer and vendor is back and forth. Given that not everything can be automated in companies, the jobs performed by humans can result in mistakes. For instance, an employee could mix up the order specifications and another employee could show incorrect data to a client. Therefore, to mitigate these human errors, it is important for companies to provide training to employees on the best practices to avoid making such mistakes. …
Publication Year: 2013
Publication Date: 2013-03-01
Language: en
Type: article
Access and Citation
Cited By Count: 15
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot