Security of Organizations' Information Systems (IS) and the Auditors: A Schematic Study

Jagdish Pathak
2003 Social Science Research Network  
The purpose of IS security is to protect an organization's valuable information and knowledge resources, such as information, data, hardware, and software. Over the past few years, the potential of criticality of information systems (IS) and its equally critical support to organizational activities to gain competitive advantage has been widely recognized. Competencies in the area of IS are becoming increasingly important (Quinn & Paquette, 1990) in business organizations. At the level of
more » ... y, there is a genre of organizational activities dedicated to realizing this potential. It has been claimed that strategic IS planning can help an organization visualize the potential contribution of IS (Lederer & Gardiner, 1992) . The purpose of this paper is to outline and review the organizational requirement of IS security visà-vis the strategic mission of the auditors and the entities. The entire discourse is based on the causeeffect analysis pertaining to the auditing best practices, cost effectiveness, and system owners' transgression of responsibilities beyond their domains. The concept of total and comprehensive approach with the need for periodical reassessment is described in brief and applied to show why and how IS security supports the mission of auditors and the owners. The concluding part of this paper revisits and identifies the impact of society-centric factors on IS security establishment and mechanism.
doi:10.2139/ssrn.349840 fatcat:77wcxykhejfb3imuaw6fduuita