Next: 2.3 What Does the
Up: 2.2 Local Computing Environment
Previous: 2.2.3 The goals
The official responsible for the company function served by the
automated information system has a critical role in making decisions
regarding security and control. In the past, risk was often
unconsciously accepted when such individuals assumed the computer
facility operators were taking care of security. In fact, there are
decisions to be made and security elements to be provided that cannot
be delegated to the operator of the system. In many cases, the user or
manager develops the application and operates solely.
The cost of control must be balanced with system efficiency and
usability issues. Risk must be evaluated and cost-effective controls
selected to provide a prudent level of control while maximizing
productivity. Controls are often closely connected with the system
function, and cannot be effectively designed without significant
understanding of the process being automated.
Denis Arnaud
12/19/1997