01474nas a2200133 4500000000100000000000100001008004100002260000900043100002200052245005800074300001000132490000600142520119200148 1998 d c19981 aChristo Domozetov00aInformation Security: Management and Personnel Issues a46-600 v13 a
The author analyzes roles of the human factor in guaranteeing information security and ways to influence the personnel in order to accept changes in organizational rules and habits. Trends in attitudes to computer crimes are outlined. The focus in this article is on information security policy and staff responsibilities. Main roles of management in changing organizational culture are to support, to facilitate and to control the stages in information security programs. A particular emphasis is placed on risk assessment and staff security. Primary goals of management are to establish responsibilities and rules for protection of information in order to prevent loss or misuse of information; to establish responsibilities and accountability for information resources; to ensure confidentiality requirements for information resources; to establish a basis for security procedures and to organize educational programs; to protect management options in case of loss or misuse of information resources. We need further efforts in ethical education, in creating and establishing modern professional ethical codes, especially for staff using IT, but based on good old human values.