The Internet has undoubtedly become the largest public
data network, enabling and facilitating both personal and
business communications worldwide. The volume of
traffic moving over the Internet, as well as corporate
networks, is expanding exponentially every day. More
and more communication is taking place via e-mail;
mobile workers, telecommuters, and branch offices are
using the Internet to remotely connect to their corporate
networks; and commercial transactions completed over
the Internet, via the World Wide Web, now account for
large portions of corporate revenue.
While the Internet has transformed and greatly improved
the way we do business, this vast network and its associated
technologies have opened the door to an increasing number
of security threats from which corporations must protect
themselves. Although network attacks are presumably more
serious when they are inflicted upon businesses that store
sensitive data, such as personal medical or financial records,
the consequences of attacks on any entity range from mildly
inconvenient to completely debilitating—important data
can be lost, privacy can be violated, and several hours,
or even days, of network downtime can ensue.
Despite the costly risks of potential security breaches, the
Internet can be one of the safest means by which to
conduct business. For example, giving credit card
information to a telemarketer over the phone or a waiter
in a restaurant can be more risky than submitting the
information via a Web site, because electronic commerce
transactions are usually protected by security technology.
Waiters and telemarketers are not always monitored or
trustworthy. Yet the fear of security problems can be just
as harmful to businesses as actual security breaches.
General fear and suspicion of computers still exists and
with that comes a distrust of the Internet. This distrust can
limit the business opportunities for companies, especially
those that are completely Web based. Thus, companies
must enact security policies and instate safeguards that
not only are effective, but are also perceived as effective.
Organizations must be able to adequately communicate
how they plan to protect their customers.
In addition to protecting their customers, corporations
must protect their employees and partners from security
breaches. The Internet, intranets, and extranets enable
fast and effective communication between employees and
partners. However, such communication and efficiency
can of course be impeded by the effects of a network
attack. An attack may directly cause several hours of
downtime for employees, and networks must be taken
down in order for damage to be repaired or data to be
restored. Clearly, loss of precious time and data can
greatly impact employee efficiency and morale.
Legislation is another force that drives the need for
network security. Governments recognize both the
importance of the Internet and the fact that substantial
portions of the world’s economic output are dependent
on it. However, they also recognize that opening up the
world’s economic infrastructure to abuse by criminals
could cause major economic damage. National
governments are therefore developing laws intended
to regulate the vast flow of electronic information.
Furthermore, to accommodate the regulations enacted
by governments, the computer industry has developed a
portfolio of security standards to help to secure data and
to prove that it is secure. Businesses that do not have
demonstrable security policies to protect their data will be
in breach of these standards and penalized accordingly.
