Evaluating security threats in mainframe and client/server environments

Abstract Recently, client/server computing has become a serious alternative to mainframe computing in industry. It offers some benefits, but it also exposes the computing environment to additional risks: the flexibility that makes it attractive can also make it more vulnerable to security breaches. This paper reports the results of a study that explored how companies that were moving from a mainframe environment to one that included client/server technology, evaluated and took measures to protect against potential information security threats. Apparently, although security measures in the mainframe environment have been well implemented relative to their perceived threat, the same cannot be said about the client/server environment. Certain critical areas in the client/server environment in which security exposure is likely are discussed. Organizations must become aware of these critical areas and ensure that appropriate security measures are implemented to reduce the possibility of loss.

[1]  Louis Fried Distributed information security: responsibility assignments and costs , 1993 .

[2]  Jan H. P. Eloff,et al.  A comparative framework for risk analysis methods , 1993, Comput. Secur..

[3]  Detmar W. Straub,et al.  Security concerns of system users: A study of perceptions of the adequacy of security , 1991, Inf. Manag..

[4]  Steve Mathews,et al.  Securing your business process , 1993, Comput. Secur..

[5]  J. L. Boockholdt Implementing Security and Integrity in Micro-Mainframe Networks , 1989, MIS Q..

[6]  Edgar H. Sibley,et al.  Evolution of Data-Base Management Systems , 1976, CSUR.

[7]  Detmar W. Straub,et al.  Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..

[8]  Ira S. Gottfried When Disaster Strikes , 1989 .

[9]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[10]  Heikki Topi,et al.  Modern Database Management , 1999 .

[11]  M. Smid,et al.  Key escrowing today , 1994, IEEE Communications Magazine.

[12]  Paul H. Cheney,et al.  Training End Users: An Exploratory Study , 1987, MIS Q..

[13]  Louis Fried,et al.  INFORMATION SECURITY AND NEW TECHNOLOGY Potential Threats and Solutions , 1994 .

[14]  Leon A. Kappelman,et al.  The Convergence of Organizational and End-User Computing , 1993, J. Manag. Inf. Syst..

[15]  D. Parker Computer Security Management , 1981 .

[16]  Houston H. Carr,et al.  Risk Analysis for Information Technology , 1991, J. Manag. Inf. Syst..

[17]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[18]  James A. Senn ELECTRONIC DATA INTERCHANGE: The Elements of Implementation , 1992 .