The revolutions in end-user computing and open systems have left those in charge of information security dazed and casting about for shelter. In the past, it had been difficult enough for security professionals to cope with the increased distribution of information technology throughout the enterprise and the attendant decentralization of responsibility for corporate information systems. But more recent innovations, including powerful workstations, data and resource sharing, and sophisticated networking technologies have brought chaos to the controls situation. For example, the proliferation of logical and physical network paths, nodes, and gateways has created many new and different ways in which systems can be attacked. Carefully defined, mainframe-oriented controls have clearly been undermined by the spread of this technology. At best, the enterprise is left with divergent security strategies and complex control requirements that are not well understood.
展开▼