Information Systems Control
Information Systems Control refers to the management and oversight of information technology systems within organizations, ensuring their effective operation and security. As businesses increasingly rely on technology for daily operations, the need for dedicated personnel to maintain these systems has grown significantly, leading to a surge in demand for professionals in this field. Key roles include the Chief Information Officer (CIO), who formulates and implements strategies for technology use, and various information systems managers responsible for executing these strategies and addressing any issues that arise.
The evolution of information systems has transformed how businesses operate, facilitating faster communication and data sharing. However, this reliance on technology also introduces risks, such as computer viruses and hacking, necessitating robust security measures. Information systems control professionals must proactively safeguard against these threats while integrating technology planning with overall business strategies. As the digital landscape evolves, the importance of effective information systems control continues to grow, highlighting its role in supporting organizational success and resilience in a competitive global market.
On this Page
Information Systems Control
Virtually every aspect of business is conducted using information technology systems. In light of the vital nature of these systems, it is equally critical for those who utilize them to have at hand a department or group dedicated to maintaining those systems. It is understandable that information systems control is an increasingly popular and highly-demanded field. This paper will take a look at information systems control, its development and its role in the 21st century global business environment.
Keywords: Chief Information Officer (CIO); Computer Virus; Firewall; Hackers; Linkage; Risk Management; Security Systems; Strategic Business Plan; Systems Control
Overview
Nathaniel Borenstein is considered by many to be an electronic mail pioneer. His work on multimedia formatting for e-mail laid the groundwork for how this widespread form of communication is conducted. Borenstein understood that the work he and his peers had done in computers had global implications, at once facilitating nearly instant communications with people in every corner of the world. Yet, he recognized the potentially widespread disaster for those who relied on that form of communication when those systems failed. "The most likely way for the world to be destroyed," he said, "is by accident," adding glibly, "That's where we come in — we're computer professionals. We cause accidents" (Anecdotage.com).
Indeed, information systems are the lifeblood of any successful business, government or organization. Virtually extinct are cardboard visual aids and overhead projection slides, replaced with multimedia presentations flowing directly from laptop computers, tablets, and/or smartphones. Mass bulk mailings are slowly disappearing in favor of much faster and more efficient mass e-mailings for advertising or information dissemination. Major business meetings are attended from an individual's desk via "webinars," conference calls and podcasts.
Virtually every aspect of business is conducted using information technology systems. In light of the vital nature of these systems, it is equally critical for those who utilize them to have at hand a department or group dedicated to maintaining those systems. It is understandable that information systems control is an increasingly popular and highly-demanded field. This paper will take a look at information systems control, its development and its role in the 21st century global business environment.
A Brief History of Information Systems
From the monstrous machines of the 1950s and 1960s to the handheld cellular telephone, computers have consistently served two general purposes:
- Data collection and storage, and
- Facilitating access to and use of that data.
In the late 1960s, however, an important U.S. Department of Defense project added a new dimension to computer technology. The Pentagon's Advanced Research Projects Agency (ARPA) developed a system whereby computers could share that data with one another. The purpose of "ARPANET", as it was known, was reflective of the realities and dangers of the Cold War — military computers in sites around the country could transfer data to and from each other in the event of a devastating nuclear attack (Howe, 2009).
During the 1960s, computers were enormous and extremely user-unfriendly. For this reason, the government and universities were predominantly the only users of such systems, although a handful of the nation's largest corporations also developed computer technologies. Over time, it became clear that the sharing of information between military computers and universities was not the only application for such systems. Scientists also used the precursors to the Internet for information exchanges, a practice espoused by the government which had created and continuously funded it through the 1980s.
In the 1990s, the number of networks continued to grow, and systems were introduced which made the Internet more user-friendly to those outside of research, academic or government engineering circles. The government's backbone (which connected all of these networks) was prohibited for commercial use, a barrier that was short-lived. In 1992, the birth of the Delphi commercial online service created a system that enabled non-government users to circumvent the government's backbone. The government ceased its funding for its own backbone in the mid-1990s, and commercial networks became the sole avenue for information. The door was open for widespread Internet use complemented by the exponential growth of personal computer use during the 1980s and 1990s. By the end of the 1990s, e-mail and Internet use was as commonplace in business as the telephone.
Further Insights
The Stewards of Information Systems
As businesses increasingly used the growing volume of information systems available, another industry was born. Information and computer systems management has seen rapid growth since such systems came to use in business. Computer and information systems managers control not only the hardware and software use and operations of a firm; they play an integral role in the decisions to use such systems for the betterment of the company. Because the field of information systems control and management has such extensive implications for any business, there is a diverse group of employment positions that are included in the area.
Typically, at the top of the information systems control hierarchy is the Chief Information Officer (CIO). The CIO is charged with formulating and implementing the technical direction of the company or organization. Because information systems are so heavily interconnected with nearly every aspect of the business's operations and endeavors, the CIO will typically have access to every aspect of the company in order to ensure that that technology is properly utilized to the fullest extent possible. According to the Bureau of Labor Statistics (2009), the CIO is also expected to build an information technology and systems team that will satisfy the technological goals and needs of the organization. The CIO is usually part of a company's overall executive team, working with the Chief Executive Officer/President, Chief Financial Officer and other top management officials.
Reporting directly to the CIO are the computer and information systems (IS) managers. These individuals carry out the policies and directives of the executive teams. In this implementation role, IS managers will introduce, maintain, assess and where necessary, replace systems to meet the needs of both the office as a whole and of specific projects. These personnel will work closely with employees, vendors and information systems analysts and programmers as they carry out IS policies (O*Net Online, 2009). In the event that issues arise relevant to the efficacy of programs, IS managers will report those issues to the CIO and the executive team officials.
Other team members are the computer programmers and information technology professionals. These individuals are charged with implementing the tasks handed to them by IS managers and their superiors. They may be called into project teams to meet the specific needs of a given proposal or program. Others may be charged with managing the maintenance needs of the office, installing or removing software, trouble-shooting system issues and entering personnel into company directories.
Information technology employees have long endured a negative stereotype, due to the highly technical and specific nature of their jobs. However, as information systems have become integrated into every component of business operations, this unflattering image is rapidly being replaced with appreciation and, more importantly, high demand and higher salaries. In 2009, personnel who work at a help desk (a central office or department charged with addressing every day computer issues in a given company) earn between $36,000 and $46,000 per year, a highly competitive rate for entry-level positions. In many cases, managers and senior personnel may earn over $120,000 per year. In fact, Katherine Spencer Lee, an analyst for a leading business recruiter, recently noted the growing demand for in-house information systems control personnel and the competitive environment this demand has created:
In addition to in-house operations and project management, the increased demand for information systems control personnel stems from a number of important areas.
Business Planning
Business and industry has undergone a vast transformation in the centuries that followed the Industrial Revolution. The commercial environment's evolution is not just about the growth of business — it is based on the diversification of business as well. Most medium-sized and large businesses have sought to maximize their client base — by crossing state borders and even finding clients overseas. Central to this focus on expansion is the Internet, which since the later 1990s has become the primary vehicle for international commerce. Corporations consistently seek ways in which their operations may expand beyond their service areas, and utilizing information systems is the key to that endeavor.
In light of the overwhelming potential opportunities the new global economy presents, businesses must have a business plan. A business plan helps executives take into account the few or many obstacles that exist and find ways to proceed without those obstacles impeding their endeavors. A business plan is integral for taking into account the technology that must be employed in order to achieve preset goals.
The notion of information systems control speaks to the integration of business management with the information technology domain. While this linkage (which in this context may be defined as the degree to which information technology planning is supported by the goals and objectives set forth by the business) seems clear, understanding the link between the two realms has challenged researchers. The realities of both the limitations and potentials for IT use create a challenge for executive teams that do not fully understand those attributes (Reich & Benbasat, 1996).
The key to successfully creating linkage over the long-term is the strategic business plan. A strategic business plan is a comprehensive assessment of a company's products and services, target consumers and markets, direct competitors and the resources and tools at hand. A strategic business plan uses this data as a roadmap for long-term planning. Like other department heads and managers, information systems executives and senior personnel, like CIOs and information systems managers, are called upon to provide input into this plan. In a recent study, the fact that IT professionals are drawn upon for the creation of strategic business plans was revealed to help foster understanding of this invaluable resource and bring information systems objectives in line with business plans, creating short-term and long-term linkage (Reich & Benbasat, 2000).
As business planning and information systems control become more integrated, the two areas present a unified front on the company's endeavors. This concept is important, especially when considering another important application of information systems control: systems security.
Issues
Systems Security
Viruses
Because e-mail is one of the most dominant forms of communications in the 21st century, and because the Internet is one of the most vital vehicles by which commerce is conducted today, it is not surprising that some of the greatest risks and dangers to a business's operations are inherent in these domains. One of the most important aspects of the job of information systems control personnel is to protect against Internet-and e-mail viruses.
A computer virus is a small, self-replicating program that is embedded in an e-mail or a downloaded Internet website. Viruses are intentionally created, often as a prank but sometimes with malicious intent. A virus, once activated, might simply cause documents to be altered, although others can cripple entire computer networks. Some reproduce themselves by infiltrating the operator's e-mail system and e-mailing itself to the people on that computer's contacts list. Still others, like "Trojan horses," lower the computer's anti-virus software defenses in order to render the computer open for other attacks ("Understanding computer viruses," 2009).
In 2003, the city of New Orleans, Louisiana experienced a crippling virus, "Sobig.F", which for nearly two weeks clogged e-mails, slowed service and caused overall disruptions in business in that major metropolitan area. At its peak, one in 17 e-mails in the city was infected with the virus, which caused widespread slowdowns in service during its attack. The virus was intentionally placed, experts concluded, by computer "hackers" who sought to find weaknesses in Microsoft's operating system (Roberts, 2003).
Information systems control professionals must therefore pay careful attention to installing safeguards into their company's systems. Such an undertaking is never easy. As in the case from New Orleans, those who create viruses are consistently seeking to circumvent the network firewall (a part of the computer system that is designed to block access to certain web content as well as block unauthorized users to the network) and anti-virus software.
Unfortunately, in many cases, information systems controllers implement updated firewalls and other safeguards only after problems arise. Recent studies show that IT professionals working to protect against viruses and unauthorized access using the best technology available do so responsively to threat manifestations rather than proactively before incidents occur (Ryan, 2004). This indicates that information systems control professionals must be consistently on guard for the latest in anti-virus software and technology. A major component of their work must focus on implementing anti-virus protocols within the company (such as personnel policies on web and e-mail use) and monitoring the latest in security systems.
Hacking
In 1995, self-proclaimed "hacker poster boy" Kevin Mitnick went on a 2 ½ year hacking spree, stealing corporate secrets, disrupting telephone networks and even tapping into the national defense warning system. The Department of Justice, fecklessly pursuing Mitnick across the U.S., dubbed him "the most wanted computer criminal in United States history." Mitnick's newly obtained national notoriety did not help bring him to justice, however. Rather, it was his own error in judgment that ensnared him, as he attempted to hack into the computer of fellow hacker Tsutomu Shimomura. Shimomura, angry about the attack by another hacker, contacted federal agents and, using hacker technology, helped them isolate and capture Mitnick. Mitnick served five years in prison, and upon his release, became a high-demand computer security consultant and speaker (ITSecurity.com, 2009).
The example of Kevin Mitnick demonstrates an interesting point about the development of information systems and how those systems are managed. Unlike many other invaluable technologies, information technology's evolution to that status has been relatively quick and extensive. The potential it represents for business has led organizations to seek personnel that understand how to utilize it to the fullest advantage even if those personnel have committed crimes in the field.
The role of those who work in the field of information systems control in the 21st century is critical in light of the explosive international growth it has experienced. One such aspect is to integrate business and commerce with this technology in order to fully utilize its potential. Linkage has not always proven easy, but effective integration of business planning and information systems management planning may help the growth and success of a company over the long-term. Information technology experts who are fully integrated into a company's executive leadership can help a business meet that goal. Many hackers like Mitnick removed their "black hats" for "white" ones in order to lead the further development of this field.
Of course, hacking, the propagation of viruses and other information technology-oriented dangers persist, presenting a danger not just to individual businesses but to the vast international network in which they conduct their pursuits. It is for this reason that information systems control personnel must implement safeguards against such programs while, at the same time, enact internal policies that influence employees not to avail themselves to such dangers.
The information systems management environment continues to evolve as the systems themselves change. As shown here, IT control has for decades played a game of catch-up with this evolution, resulting in a reactive posture to Internet-borne risks. However, as linkage and integration between business planning and information technology systems continues to occur, it is likely that the divide between the two courses will narrow.
Terms & Concepts
Chief Information Officer (CIO): An executive-level employee charged with the overseeing overall policy pertaining to and operations of a business's information technology systems.
Computer Virus: A small, self-replicating program that is embedded in an e-mail or a downloaded Internet website that causes a disruption to normal operations.
Firewall: A part of the computer system that is designed to block access to certain web content as well as block unauthorized users to the network.
Linkage: The degree to which information technology planning is supported by the goals and objectives set forth by a business plan.
Strategic Business Plan: A comprehensive assessment of a company's products and services, target consumers and markets, direct competitors and the resources and tools at hand used for the purposes of mapping short-term and long-term pursuits.
Bibliography
Bureau of Labor Statistics. (2009). Computer and information systems managers. Occupational Outlook Handbook, 2008-09 edition. Retrieved October 29, 2009 from http://www.bls.gov/oco/ocos258.htm.
Computer professionals. (2009). Retrieved October 29, 2009 from http://anecdotage.com/index.php?aid=7330.
Deng, X., & Chi, L. (2012). Understanding postadoptive behaviors in information systems use: A longitudinal analysis of system use problems in the business intelligence context. Journal of Management Information Systems, 29, 291-326. Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=85985311&site=ehost-live
Drnevich, P. L., & Croson, D. C. (2013). Information technology and business-level strategy: toward an integrated theoretical perspective. MIS Quarterly, 37, 483-509. Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=87371536&site=ehost-live
Howe, W. (2009, Sept.). A brief history of the Internet. Walt Howe's Internet Learning Center. Retrieved October 29, 2009 from walthowe.com http://www.walthowe.com/navnet/history.html.
O*net Online. (2008). Summary report for: Computer and information systems managers. Retrieved October 29, 2009 from O*Net Resource Center http://online.onetcenter.org/link/summary/11-3021.00.
Reich, B. H. & Benbasat, I. (1996). Measuring the linkage between business and information technology. MIS Quarterly, 20, 55-81. Retrieved October 31, 2009 from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=9606261494&site=ehost-live.
Reich, B. H. & Benbasat, I. (2000). Factors that influence the social dimension of alignment between business and information technology objectives. MIS Quarterly, 24, 81-113. Retrieved October 31, 2009 from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=3205161&site=ehost-live.
Roberts, D. (2003, September 1). Sobig virus inflicts record punishment on N.O. businesses. New Orleans CityBusiness (1994 to 2008), 24. Retrieved October 31, 2009 from EBSCO Online Database Regional Business News. http://search.ebscohost.com/login.aspx?direct=true&db=bwh&AN=10816071&site=ehost-live.
Ryan, J. (2004). Information security tools and practices: What works? IEEE Transactions on Computers, 53, 1060-1063.
Top 10 most famous hackers of all time. (2009). Features. Retrieved November 1, 2009 from ITSecurity.com http://www.itsecurity.com/features/top-10-famous-hackers-042407/.
Understanding computer viruses. (2009). Retrieved October 31, 2009 from AllBusiness.com. http://www.allbusiness.com/technology/computer-networking-network-security/1331-1.html.
Zupek, R. (2007). Top 10 jobs in information technology. CareerBuilder.com. Retrieved October 30, 2009 from http://www.careerbuilder.com/Article/CB-774-Who-is-Hiring-Top-10-Jobs-in-Information-Technology/?cbsid=2ac8f092b30546ea83e9442e2151b217-310425206-RB-4&ns%5fsiteid=ns%5fus%5fg%5finformation%5ftechnolog%5f&ArticleID=774&cbRecursionCnt=2.
Suggested Reading
Eloff, J. & Eloff, M. (2005). Information security architecture. Computer Fraud & Security, 2005, 10-16.
Henderson, J. & Sifonis J. (1988). The value of strategic IS planning: Understanding consistency, validity and IS markets. MIS Quarterly, 12, 187-200. Retrieved November 1, 2009 from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=4679871&site=ehost-live.
Kearns, G. & Sabherwal, R. (2007). Antecedents and consequences of information systems planning integration. IEEE Transactions on Engineering Management, 54, 628-643.
Marine, R. (2002, April). IT security tips for any business. Hawaii Business, 47. Retrieved November 1, 2009 from EBSCO Online Database Regional Business News. http://search.ebscohost.com/login.aspx?direct=true&db=bwh&AN=6540645&site=ehost-live.
Mechling, J. (2009). What does your CIO really need to know? Government Finance Review, 25, 79-80.
Reinhold, C., Frolick, M. & Okunoye, A. (2009). Managing your security future. Information Security Journal: A Global Perspective, 18, 116-123.