TechLINKS - The Guide to Technology in Georgia
Login  |  Register

Community Publishing

Current Articles | Categories | Search | RSS Feeds | Create Article | Print

  Forward to a Friend
The Case for Information Security
By Kevin Beaver on Friday, September 21, 2001

The Case for Information Security

The Case for Information Security

by Kevin Beaver, CISSP

 

Malicious computer attacks and the loss of information assets are a growing threat.   All companies, whether they have an Internet presence or not, must consider the many issues involved in securing their information and managing risks.  According to the most recent Computer Security Institute and FBI computer crime statistics, 85% of companies surveyed detected computer security breaches within the last year, and 64% acknowledged financial losses due to those breaches.  Additionally, 91% detected employee abuse of Internet access privileges, and 94% detected computer viruses.  It only takes one brief attack by a hacker, disgruntled employee, or computer virus for a company to suffer negative economic impacts.  Whether it’s the loss of revenue or the loss of customer loyalty, companies simply cannot take risks with their information. 

 

A major roadblock to effective information security practices for many companies is the difficulty involved in determining actual security requirements.  Additionally, many companies are concerned about having to spend too much time and money on security initiatives.  Depending upon the size of the company and the level of security required, an information security program could be a monumental task.  However, most companies are not aware of the smaller steps that can be taken to ensure a high degree of security.  Contrary to conventional practice, firewalls, data encryption, anti-virus software and other technologies are simply not enough.  Companies must focus more on risk management and consistently administer periodic vulnerability assessments and audits, offer ongoing security awareness training for employees, and most importantly create and maintain sound security policies and procedures.  Whatever the case, the long term costs of securing information systems are much less than the costs of restoring customer confidence or being forced out of business altogether. 

 

If the proper systems and techniques are implemented and managed properly, information security can be a business enabler.  It can help companies add value to their products and services, reduce the costs of doing business, and even increase revenues by offering products and services that they couldn’t offer before.  For instance, with the proper information security systems in place, companies could take orders and accept credit cards online, allow customers to access and administer personal information, or even provide secure supply-chain management services, as is the case in online business-to-business marketplaces.

 

The issues involved with information security are complex, and expertise is hard to find.  Information security is a process and a philosophy.  It is more of a business issue than a technology issue, and it must be managed from the top down.  Company owners and executives must understand the business impact of information threats and the implications involved if systems are not secured.  In addition, to protect themselves legally, companies need to show proper due diligence in attempting to establish best practices for information security.  There must be efforts to not only prevent the bad guys from getting in, but also to keep information from leaking out.  It’s no longer a matter of if or when, but instead how many times a company will experience computer breaches.  Knowledge is power, and most companies cannot afford to lose their information-based knowledge, thus losing their competitive advantage. 

 

Kevin Beaver is the founder of Principle Logic.  He can be reached at kbeaver@principlelogic.com.


Kevin Beaver
Principle Logic
kbeaver@principlelogic.com
Page: 1 of 1
Previous Page | Next Page
Comments
Currently, there are no comments. Be the first to post one!
You must be logged in to post a comment. You can login here

Introduction

Sir Winston Churchill once said, "If you have knowledge, let others light their candles with it."

TechLINKS Community Publishers share their knowledge with the Georgia technology industry in order to help illuminate the many top-of-mind issues important to your business. Their community participation demonstrates the significant expertise and generosity contained within the Georgia technology industry.

Knowledge has no value when it is stored - it only has value when it is shared and applied. We know that businesses, educational institutions and government agencies sit upon rich veins of untapped information.

Community Publishing's mission is to tap into and release that knowledge to Georgia's technology community.

We encourage you to read the following articles on our website. To create and submit your own article and join this growing, distinguished group, click on "Create Article."

Atlanta & Georgia Business Directory Categories

 | Atlanta HR Outsourcing : Atlanta Consultant | Atlanta Staffing Agency Recruiting Temporary Employment in Georgia GA | Atlanta Business and Professional Services | Atlanta Project Management Atlanta Consulting Market Research | Atlanta PC Consulting Atlanta Computer Service Network Security | Atlanta Web Site Design Ecommerce Internet Marketing | Atlanta Hosting Internet Service Provider & Dedicated Hosting | Atlanta Business Process Automation Quality Assurance Consulting | Atlanta Management Computer Training Continuing Education | Atlanta PC Consulting Computer Service Network Security | Atlanta Wireless Application VOIP Telecommunication | Data Recovery Atlanta IT Consulting IT Services Atlanta |