There are barriers to developing systems security that are both financial and philosophical:
Systems security is often viewed in a manner similar to physical security: Buy it once and use it forever. Unfortunately, like physical security, obsolete policies, procedures, and technologies leave systems extremely vulnerable to external and internal attacks. Most stakeholders find it difficult to accept the need for constant spending on systems security when it is difficult to quantify the benefits. Even when benefits can be quantified, unenlightened stakeholders may still question the need for continuous spending in the systems security area. In many cases, education can overcome this philosophical barrier. Unfortunately, often only severe losses from a security breakdown will prompt appropriate, albeit late, action (Luehlfing et al., 2000, p. 62).
More and more organizations reco0gnize that part of security is data security. In choosing the technology solution for a given data need, certain features should be considered. This means making a careful study of needs, the complexity of the infrastructure, the resources and skill level of the it staff, and the capital available for investment. To make an informed choice, the manager should consider four areas: reliability, scalability, security, and total cost of ownership. The meaning of reliability is self-evident, and it means features to ensure the integrity of the data and to assure that the data is safe in the event of a system failure or disaster. The feature of scalability is measured in both its ability to manage increasingly large volumes of data and increasingly large numbers of users or transactions without compromising the system's overall worth. There are two approaches for dealing with scalability, known as scale-up and scale-out. Scale-up is achieved by increasing the computing power of a single machine by adding CPUs, memory, or enhancing the networking components and storage systems. Scale-out, on the other hand, is accomplished by the addition of more servers to the system to spread the workload...
It further depends on the training afforded to users, the abilities of the it maintenance staff, the documentation provided with the system, and many other facets of the development and implementation of an it system. If these elements are taken care of in a proper manner by personnel who are knowledgeable and whoa re using the best available information on requirements, then the resulting system will serve well and should also contain sufficient flexibility to be reshaped and adjusted as needed in order to serve new needs as they develop. Technology is also involved in physical security, from alarms on doors and windows to systems for deciding who is allowed to enter and who is not. The facility manager and the security manager must coordinate activities to assure that security is maintained throughout the facility.
References
Borchers, M. (1996, July). Building security relationships. Security Management 40(7), 103.
Keehn, a.K. (2002). Institution's Complexity, Resources and Future Needs Influence Database Selection. The Journal 29(10), 50.
Luehlfing, M.S., Daily, C.M., Phillips, T.J., & Smith, L.M. (2000). Defending the security of the accounting system. The CPA Journal 70(10), 62
Phelps, E.F. (1994, May). Securing safety policies through self-inspection. Security Management 38(5), 75.
Surette, K.J. (1993, November). Have we made security an issue?. Security Management 37(11), 40.
A f, M.D. (2000, September). The importance of site manager involvement.
Occupational Hazards 62(9), 31.
Truncer, E. & Field, S. (1997, March).
System maintenance that sings. Security Management 41(3), 95.
Zwirn, J.D. (1997, November). For whom the bell tolls. Security Management 41(11), 60.
