Security Standards  «Prev  Next»

Lesson 2What is security?
ObjectiveDescribe Security Statistics

Describe Security Statistics

The Internet is available to anyone with a network connection and an Internet Service Provider (ISP) account. In fact, it was designed to be an open network[1] and therefore has little built-in capacity for securing information. From a security standpoint, the Internet is inherently insecure; the challenge is to protect sensitive data while allowing authorized personnel to use it.

Securing resources

In computer networking, security can be defined as a continuing process in which an administrator ensures that information is shared only between authorized users.
The process of planning and implementing security in your business requires that you understand the resources you are protecting, as shown in the MouseOver below.

  1. Protect your employee workstations by enabling password-protected screen savers to prevent snooping. Require that each employee use a virus checker and observe caution when downloading anything from the Internet.
  2. Your networks and its resources are the primary communications medium for the entire company. If a hacker gains access to or control of your networks, he or she has access to all or most company data.
  3. A major asset of any company is the information it organizes and disseminates. A hacker's ultimate goal is to discover this information, as well as tamper with the networks and methods that help to create and communicate the information.
  4. Your World Wide Web, email, and FTP servers are vulnerable to several types of intrusions. Typically, servers provide storage for the network infrastructure, and act as the hub. They also control overall system security. Hackers try to gain access to server resources, because they can then access and then control other resources.

Protecting Security Resources

Security statistics

According to the Computer Security Division and Computer Emergency Response Team (CERT), hacking is on the rise and is becoming increasingly destructive.
  1. One of every five Internet sites has experienced a security breach
  2. Losses due to security breaches are estimated at $10 billion annually
  3. Intrusions have increased an estimated 50 percent in the past year

In spite of these statistics, many sites
  1. do not have a firewall[2] in place,
  2. do not have a written network security policy, and
  3. do not know whether they had been attacked or not.

Effects of Security Policy

You always need to consider the effect that your security policy will have on legitimate users.
In most cases, if the effort required by your users to use the system is greater than the resulting increase in security, your policy will actually reduce your company's effective level of security.

[1]Open network: A group of servers and computers, such as the Internet, which allows free access.
[2]Firewall: A security system designed to prevent unauthorized access to or from a private network.
Firewalls can be implemented in both hardware and software, or a combination of both.