Improving Security for Decision Support Systems
Security is a very important issue associated with building, managing and using DSS. Reports of computer crime are increasing at a rate of more than 150% a year. Viruses and worms attack computers from email message attachments. Hackers disrupt Web sites. Customer and credit card data have been stolen from Web servers. Company and customer data is valuable to competitors and thefts by unhappy employees and hackers of company data do occur. Security IS important.
Improving security for decision support applications involves addressing a number of issues. First, managers and MIS staff must determine security needs. Managers should ask what are the current security problems. This task is often called security evaluation. Based on the diagnosis in the evaluation stage we need to implement the required security measures and fix any problems. These two tasks occur in what has been called the implementation stage. Once appropriate security is in place one must monitor the system and any new security problems need to be fixed. This is the feedback stage. Finally, managers and MIS Staff need to stay informed about new security problems and methods for breaking into information systems. Both managers and MIS staff need to assume shared and equal responsibility for the security of Decision Support Systems.
So letís examine the stages involved with implementing security for Information Systems and especially Decision Support Systems. The four major stages are evaluating security needs (evaluation), remedying problems and implementing solutions (implementation), observing and monitoring the operation of the system (feedback), and finally staying informed on security issues (cf., Jones, 1998).