It may seem absurd to ask the question. “Why is computer and network security important?”
but it is crucial for organizations to define why they want to achieve computer security to
determine how they will achieve it. It is also a useful tool to employ when seeking senior
management’s authorization for security-related expenditures. Computer and network security
is important for the following reasons.
• To protect company assets: One of the primary goals of computer and network
security is the protection of company assets. By “assets,” I do not mean the hardware
and software that constitute the company’s computers and networks. The assets are
comprised of the “information” that is housed on a company’s computers and
networks. Information is a vital organizational asset. Network and computer security is
concerned, above all else, with the protection, integrity, and availability of
information. Information can be defined as data that is organized and accessible in a
coherent and meaningful manner.
• To gain a competitive advantage: Developing and maintaining effective security
measures can provide an organization with a competitive advantage over its
competition. Network security is particularly important in the arena of Internet
financial services and e-commerce. It can mean the difference between wide
acceptance of a service and a mediocre customer response. For example, how many
people do you know who would use a bank’s Internet banking system if they knew that
the system had been successfully hacked in the past? Not many. They would go to the
competition for their Internet banking services.
• To comply with regulatory requirements and fiduciary responsibilities: Corporate
officers of every company have a responsibility to ensure the safety and soundness of
the organization. Part of that responsibility includes ensuring the continuing operation
of the organization. Accordingly, organizations that rely on computers for their
continuing operation must develop policies and procedures that address organizational
security requirements. Such policies and procedures are necessary not only to protect
company assets but also to protect the organization from liability. For-profit
organizations must also protect shareholders’ investments and maximize return. In
addition, many organizations are subject to governmental regulation, which often
stipulates requirements for the safety and security of an organization. For example,
most financial institutions are subject to federal regulation. Failure to comply with
federal guidelines can result in the seizure of a financial institution by federal
regulators. In some cases, corporate officers who have not properly performed their
regulatory and fiduciary responsibilities are personally liable for any losses incurred
by the financial institution that employs them.
• To keep your job: Finally, to secure one’s position within an organization and to
ensure future career prospects, it is important to put into place measures that protect
organizational assets. Security should be part of every network or systems
administrator’s job. Failure to perform adequately can result in termination.
Termination should not be the automatic result of a security failure, but if, after a
thorough postmortem, it is determined that the failure was the result of inadequate
policies and procedures or failure to comply with existing procedures, then
management needs to step in and make some changes.
One thing to keep in mind is that network security costs money: It costs money to hire, train,
and retain personnel; to buy hardware and software to secure an organization’s networks; and
to pay for the increased overhead and degraded network and system performance that results
from firewalls, filters, and intrusion detection systems (IDSs). As a result, network security is
not cheap. However, it is probably cheaper than the costs associated with having an
organization’s network compromised.
If you need to protect your home or company from intruders contact us for the best solution.