Facts and findings 2.1 What is Security? “ Security is the state of mind”  An example is mission impossible one of the detective movies who show how easy it is to tap a telephone- Although it is illegal unauthorised access is gained, damage can be done to sensitive data if leaked from one company to another which can provide criminals with the electronic gold mine of fraud opportunities. so this justifies the need for security.
Many definitions say that security means “…..unauthorised access, such as preventing a hacker from breaking into your computer” (Fitzgerald and Dennis, 1996, pp426). This statement shows the importance of the computer security, because the computer data storage device such as hard drive and other computer storage devices, which contain the information to use efficiently within organisations, should be prevented. The means of security can also be the physical control of the information that should be prevented from loosing and to be prevented from natural disasters which is called ‘traditional security’ according to Fitzgerald and Dennis (1996).
2.2 Why Organisations need security? As discussed above, the organisations in this century more increasingly depend on data communication for the daily business communication, database information retrieval and the internetworking of LAN’s. This led the management into more consideration on converting manual operations into computerised systems and relay on them. In fact, organisations then considered that “….many potential hazards such as fraud, errors, lost data, breaches of privacy and the disastrous events that can occur in a data communication” (Fitzgerald, 1984, pp620). The above consideration statement was considered about fifteen years ago but still holds valid reasons.
Computer and network address three requirements  Securecy Requires that the information in a computer system only be accessible for reading by authorised personnal or parties. This type of access includes printting, displaying , and other form of disclosure, including simply revealing the existence of an object.
 Integrity Requires that the computer system access can vbe modified only by authorised personnals. Modification includes writting, chaning, changing status, deleting, and creating.
 Avalibility Requires that the computer system access are avalible to authorised personnel.
2.3 Do Organisations need a security policy? The essence of security operations is managing and controlling access to equipment and facilities within an organisation. The crux of the security problem is providing simple and inexpensive access on a wide-reach basis even protect the physical securities from harm and sensitive information from unauthorised users. Therefore, the organisations can define their own security policies and...