Information Technology Reference
In-Depth Information
of security policies. The model can then be used to manage security cost-effectively in
real-time.
We first present our view of the information role evolution in organizations, and put
forward the main information management trends adapted to the most important
information technologies like the computer, the telephone and data communications, We
then present a hypothetical evolution for mobile real-time data communications that will
create an ubiquitous information infrastructure. Based on this vision of technological
evolution and use, we finally propose a framework for information security management.
2.
THE ROLE OF INFORMATION IN ORGANIZATIONS
The relevant issues regarding organizations for our work are based on Anthony's
pyramid
1
. Anthony used Herbert Simon's
2
three level framework of structured, semi-
structured and unstructured decisions, in the context of organization management.
Anthony's model
1
considers operational as structured decision, management as semi-
structured decisions and strategic as unstructured decisions. This model assumes a
decision is an action based on information. To understand decision we need to
understand the action process and the information available. The decision action takes
place after a communication process that comprehends the acquisition, analysis and
processing of information by the deciding actor (the individual, the group of individuals,
and the computer). Organizations are sets of deciding actors and their performance
depends both on the quality of the decision-making process and the information
infrastructure. We are interested in the latter aspect of decision-making processes.
The new methods of handling data have a major consequence on all decisions at all
levels of the organization. Each organization has to ensure the adequacy of the
management of information and information systems in their new role. In this regard,
security is one of the most important and often overlooked issues. Its importance follows
the impact of information systems on strategy, which is paramount.
We are interested in the relationship of the enterprise and technology in the
information age, so we need to consider what data, information and knowledge mean by
using simple common sense definitions:
x Data is an abstraction of reality. It is a code that represents it explicitly and can be
used for communication
x Information adds value for the individual, for it is data with some meaning. It is
also an abstraction that depends on the individual's ability to understand the
context that surrounds a datum
x Knowledge exists by learning from information and is an even greater
abstraction. Knowledge depends completely on our ability to learn and so is
abstracted according to our learning capabilities. Knowledge can be explicit if we
use previously existing data and information codes, or implicit if we are unable to
communicate it
Anthony's approach starts by considering data at operational level for short-term
decisions, and information at management level for medium-term decisions. With the use
of decision support systems at operational level, both information and knowledge are
nowadays present at all levels of the organization for value creation, which is a major
organizational evolution and a new management paradigm, all of which largely impacts
on security practice in organizations.
Search WWH ::
Custom Search