Newest edition of Editor’s Cut explores data security

By Sam Ransbotham and Terry August

While information technology (IT) has completely transformed how organizations are able to collect, manage and use their data, it has also opened the door to significant new security risks that put that same data in jeopardy. As the next generation of IT developments continue to push boundaries into new areas, including artificial intelligence, companies struggle to balance the profound benefits of IT with the increased vulnerability of their data.

The newest edition of the INFORMS Editor’s Cut series, “Securing Information in a Digital World,” provides access to leading research and multimedia resources, including INFORMS journal articles, industry articles, video and interviews, on the role of analytics in better understanding and managing the potential of IT, both positive and negative.

Sam Ransbotham, associate professor, Carroll School of Management, Boston College, and Terry August, associate professor of Innovation, Technology and Operations, Rady School of Management, University of California, San Diego, serve as the volume editors for this edition of Editor’s Cut. When selecting content for the collection, they focused on four central questions regarding information security:

What are the top threats to information security? The information security environment is ever changing, which results in organizations being at risk for attacks. Managers and users must actively search for better metrics and measurements to understand these risks and improve their response.

How can system design affect and improve user security? Users are a fundamental component of the security – or insecurity – of a system. As a result, a number of system design choices may improve security, including having security guidelines and diminishing threats like phishing attempts. On the other hand, increased security warnings can actually make us more prone to attacks.

How can managers improve the security of their organization? Security is more than just a technical problem; it is also a managerial problem. Systems are similar to organizations in that managerial decisions can either strengthen or weaken information security. Some industry standards exist to reduce attacks, and managers can promote organizational policies either rewarding adherence or punishing noncompliance.

How can a broader view of information security inform organizations? Information security decisions can affect all parts of an organization and can become a core component of how they operate. For example, the insights from cryptographic techniques can promote trust within a distributed logistics system. Or, information security can inform contexts where research and development have incentives to both share and hide information with others.

The collection is available at https://pubsonline.informs.org/editorscut/datasecurity.