next up previous
Next: 2.3 What Does the Up: 2.2 Local Computing Environment Previous: 2.2.3 The goals

2.2.4 Control decisions

The official responsible for the company function served by the automated information system has a critical role in making decisions regarding security and control. In the past, risk was often unconsciously accepted when such individuals assumed the computer facility operators were taking care of security. In fact, there are decisions to be made and security elements to be provided that cannot be delegated to the operator of the system. In many cases, the user or manager develops the application and operates solely.

The cost of control must be balanced with system efficiency and usability issues. Risk must be evaluated and cost-effective controls selected to provide a prudent level of control while maximizing productivity. Controls are often closely connected with the system function, and cannot be effectively designed without significant understanding of the process being automated.

Denis Arnaud