Threats to Information Systems: Today's Reality, Yesterday's Understanding

Information systems security remains high on the list of key issues facing information systems executives. Traditional concerns range from forced entry into computer and storage rooms to destruction by fire, earthquake, flood, and hurricane. Recent attention focuses on protecting information systems and data from accidental or intentional unauthorized access, disclosure, modification, or destruction. The consequences of these events can range from degraded or disrupted service to customers to corporate failure. This article reports on a study investigating MIS executives’ concern about a variety of threats. A relatively new threat, computer viruses, was found to be a particular concern. The results highlight a gap between the use of modern technology and the understanding of the security implications inherent in its use. Many of the responding information systems managers have migrated their organizations into the highly interconnected environment of modern technology but continue to view threats form a perspective of a pre-connectivity era. They expose their firms to unfamiliar risks of which they are unaware, refuse to acknowledge, or are often poorly equipped to manage.