Managing Business Information Systems

Topics: Computer security, Security, Information security Pages: 10 (2543 words) Published: April 15, 2007
Final Project

Managing Business Information Systems

The Need for Network Security

By: Jose L. Rodriguez

The Need for Network Security

The primary objective with this paper deals with how network security systems protect, detect, adapt, recover and/or reconfigured from anomalies in order to provide some desired level of security services. This paper is a strategy for the development of a general security mechanism/countermeasure valuation scheme. The general objective addresses the question, "Given the value of information to be protected and the threat environment, how strong and assured should security mechanism(s) be to provide desired security services(s)?" [DEL98]

Company information is as valuable a company asset as money in the bank. In fact, some information can be even more valuable than cash, so protecting the company's information with appropriate security is critical to business success. The network and data security measures you put in place for your business, from a firewall to a data backup system, are physical manifestations of business rules. You make business decisions about how important your computer network and the data it holds are to your business, and as well as how you want to protect it. Data security systems are the direct result of those business decisions.

Security exists on many layers. Network security considerations begin with (but are not limited to) a range of factors including: [ALE96] •How company office facilities are selected and maintained, •How potential employees are screened,

•The remote access policy and procedures to the company's systems and information, and •What kind of encryption and firewalls are provided in the corporate network.

In other words best-practice security isn't just good business sense; in some cases, it's also the law. Legal requirements are vary between specific industries and different jurisdictions. For example, the Health Insurance Portability and Accountability Act (HIPAA) set requirements for patient privacy in the United States. In California, privacy laws prohibit financial institutions from sharing personal financial information with unaffiliated third party partners without the consumer's consent. And in Europe, privacy laws protect certain employee information—even to the point where inappropriately sharing an employee's name and location in a company directory can be considered a violation. [POW99] Therefore, when considering network security, it is important to consider business policy and practices, legal requirements, and technology.

First, the greatest asset of corporations and governments is information. Which encompasses a wide range of diverse sections including: computer data, marketing strategies, tax and personnel records, military strategies, financial data, communications, and business plans? Internal information is a strategic and competitive tool for an organization. Our society is so reliant on this that the loss or corruption of the United States' information infrastructure would create a situation where the systems such as the national banking system, electric power grid, transportation systems, food and water supplies, communication systems, medical systems, emergency services and most businesses could not survive. In short, information is the backbone of the operations of businesses and government, and the security of this information is critical. In conclusion, computers and software are a part of a world-wide network, no longer existing in limited constraints, making them more susceptible to information abuse and more in need of network security.

The convenience and easy access to information comes new risks. Among them are the risks that valuable information will be lost, stolen, corrupted, or misused and the computer system will be corrupted. If information is recorded electronically and is available on network computers, it is more vulnerable than if the same information is printed on...

References: [ALE96] Alexander, Michael, The Underground Guide to Computer Security,
Addison-Wesley Publishing Company, 1996.
[BAR96] Barrett, Daniel J., Bandits on the Information Superhighway, O 'Reilly & Associates, Inc., 1996.
[COH95] Cohen, Frederick B., Protection and Security on the Information
Superhighway, Johen Wiley & Sons, Inc., 1995.
[DEL98] Delmonico, D., ‘‘Detect Network Intruders Before They Wreak Havoc, ' ' InternetWeek, Oct 5, 1998, pp. 38.
[ESC98] Escamilla, Terry, Intrusion Detection: Network Security Beyond the
Firewall, John Wiley & Sons, 1998.
[KRO92] Krol, Ed, The Whole Internet, O.Reilly & Associates, Inc., 1992.
[NUL98] Null, C., ‘‘Covering your assets, electronically, ' ' LAN Times, April 27, 1998, pp. 44.
[PFA97] Pfaffenberger, Bryan, Protect Your Privacy on the Internet, Johen Wiley & Sons, Inc., 1997.
[PFL97] Pfleeger, Charles P., Security in Computing, Prentice Hall, Inc., 1997.
[POW99] Power, Richard, 1999 CSI/FBI Computer Crime and Security Survey, Computer Security Journal, Volume XV, Number 2, 1999, pp. 32.
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Business Information Systems Essay
  • Management Information System and Business Strategy Essay
  • Introduction to business information systems review Essay
  • The Business value of Information System Research Paper
  • Essay about Managing Information Systems
  • managing communication knowledge and information Essay
  • Essay about Business Information System

Become a StudyMode Member

Sign Up - It's Free