Managing Business Information Systems
The Need for Network Security
By: Jose L. Rodriguez
The Need for Network Security
The primary objective with this paper deals with how network security systems protect, detect, adapt, recover and/or reconfigured from anomalies in order to provide some desired level of security services. This paper is a strategy for the development of a general security mechanism/countermeasure valuation scheme. The general objective addresses the question, "Given the value of information to be protected and the threat environment, how strong and assured should security mechanism(s) be to provide desired security services(s)?" [DEL98]
Company information is as valuable a company asset as money in the bank. In fact, some information can be even more valuable than cash, so protecting the company's information with appropriate security is critical to business success. The network and data security measures you put in place for your business, from a firewall to a data backup system, are physical manifestations of business rules. You make business decisions about how important your computer network and the data it holds are to your business, and as well as how you want to protect it. Data security systems are the direct result of those business decisions.
Security exists on many layers. Network security considerations begin with (but are not limited to) a range of factors including: [ALE96] How company office facilities are selected and maintained, How potential employees are screened,
The remote access policy and procedures to the company's systems and information, and What kind of encryption and firewalls are provided in the corporate network.
In other words best-practice security isn't just good business sense; in some cases, it's also the law. Legal requirements are vary between specific industries and different jurisdictions. For example, the Health Insurance Portability and Accountability Act (HIPAA) set requirements for patient privacy in the United States. In California, privacy laws prohibit financial institutions from sharing personal financial information with unaffiliated third party partners without the consumer's consent. And in Europe, privacy laws protect certain employee informationeven to the point where inappropriately sharing an employee's name and location in a company directory can be considered a violation. [POW99] Therefore, when considering network security, it is important to consider business policy and practices, legal requirements, and technology.
First, the greatest asset of corporations and governments is information. Which encompasses a wide range of diverse sections including: computer data, marketing strategies, tax and personnel records, military strategies, financial data, communications, and business plans? Internal information is a strategic and competitive tool for an organization. Our society is so reliant on this that the loss or corruption of the United States' information infrastructure would create a situation where the systems such as the national banking system, electric power grid, transportation systems, food and water supplies, communication systems, medical systems, emergency services and most businesses could not survive. In short, information is the backbone of the operations of businesses and government, and the security of this information is critical. In conclusion, computers and software are a part of a world-wide network, no longer existing in limited constraints, making them more susceptible to information abuse and more in need of network security.
The convenience and easy access to information comes new risks. Among them are the risks that valuable information will be lost, stolen, corrupted, or misused and the computer system will be corrupted. If information is recorded electronically and is available on network computers, it is more vulnerable than if the same information is printed on...