Abstract

Commercial computer security concerns have grown in importance with the continued rise of computer literacy among the general populace. Despite this, the education of management information system professionals in the application of computer security techniques has been largely ignored. This study groups a comprehensive list of security methods using Leonard Fine's Total Computer Security Concept and Security Policy, which divides security concerns into 9 categories: security policy, organization, physical and fire, personnel practices, insurance, systems security, application security, standards and the audit role. Due to the vast scope of the framework, only one of Fine's categories was validated: systems security. To allow computer security issues to be addressed in a timely manner, the implementation schedule of each method has been addressed in terms of a 4 phase Systems Development Life Cycle. Finally, to address commercial security concerns, a third dimension of cost/effectiveness was added for each method under consideration. The conclusions include the results of the validation of the 12 systems security methods, as well as further research possibilities.