Security of Organizations' Information Systems (IS) and the Auditors: A Schematic Study

Abstract

The purpose of IS security is to protect an organization's valuable information and knowledge resources, such as information, data, hardware, and software. Over the past few years, the potential of criticality of information systems (IS) and its equally critical support to organizational activities to gain competitive advantage has been widely recognized. Competencies in the area of IS are becoming increasingly important (Quinn & Paquette, 1990) in business organizations. At the level of strategy, there is a genre of organizational activities dedicated to realizing this potential. It has been claimed that strategic IS planning can help an organization visualize the potential contribution of IS (Lederer & Gardiner, 1992). The purpose of this paper is to outline and review the organizational requirement of IS security vis-a-vis the strategic mission of the auditors and the entities. The entire discourse is based on the cause-effect analysis pertaining to the auditing best practices, cost effectiveness, and system owners' transgression of responsibilities beyond their domains. The concept of total and comprehensive approach with the need for periodical reassessment is described in brief and applied to show why and how IS security supports the mission of auditors and the owners. The concluding part of this paper revisits and identifies the impact of society-centric factors on IS security establishment and mechanism.