Assighnment #2: Ais Attacks and Failures: Who to Blame Essay

1565 Words Sep 10th, 2012 7 Pages
ASSIGHNMENT #2: AIS ATTACKS AND FAILURES: WHO TO BLAME
Introduction
In this paper, I am going to present about an accounting information system attacks and failures: who to blame. I am also going to discuss the following related topics in the following order:
Firstly, I will take a position on whether a firm and its management team should or should not be held liable for losses sustained in a successful attack made on their AIS by outside source. Secondly, I will suggest who should pay for the losses, to whom, and state why. Thirdly, I will give my opinion regarding the role, if any; the federal government should have deciding and enforcing remedies and punishment. Finally, I will evaluate how AIS can contribute or not to contribute
…show more content…
This is because security is primarily a management issue, not a technology issue. The accuracy of an organization’s financial statements depends upon the reliability of its information systems. And information security is the foundation for system reliability. Therefore, information security is first and foremost is a management issue, not an information technology issue. In other words, management plays very crucial roles in information security. These crucial roles are enumerated as follows: 1. Create and foster a proactive security aware culture. 2. Define the information architecture and place a value on organization’s information resources. 3. Assess risk and select a risk response. 4. Develop and communicate security plan, policies, and procedures. 5. Develop and communicate security plan, policies, and procedures. 6. Monitor and evaluate the effectiveness of the organization’s information security program.
In addition, management and organization has a responsibility to employ multiple layers of control and time based model of information security in order to avoid having a single point of failure. For tactical and daily management of security, most organizations follow the principle of defense-in-depth and employ multiple preventive, detective, and

Related Documents