Midterm examination concepts and preparation

Security

Computer Security, Policy, and Procedures: Practical Recommendations

The rapid pace of technological development, especially in the area of information and communication technologies, has led to many changes for businesses and other entities the world over. New opportunities and faster environments are continually developing as a result of technological progress, creating the potential for more prosperity and efficiency, however these new opportunities go hand in hand with new challenges. As technology continues to grow, security policies and procedures in regards to these technologies must keep pace; if technological use moves faster than technological protections, sensitive information and company operations would be placed at much greater risk from a variety of abuses and mishaps. Given the number of components that must make up a comprehensive computer security program, achieving success in this area can be quite complex. Three specific areas that most companies could focus on include building a stronger foundation for network security, paying more attention to the development and proficiency of the human resources involved in maintaining and progressing computer/information technology security, and making improvements to virus detection and reporting techniques.

Three Areas of Change

A company or organization's network is typically a central part of that organization's overall information technology system, and thus network security must take a central place in the organization's approach to overall computer/information technology security (Greene, 2006; Bishop, 2003; Kizza, 2009). While most organizations have at least some basic understanding of the importance of network security and some of the basic components that contribute to security in this area, many could also stand to pay more detailed attention to the many different components of network security and the different types and degrees of vulnerabilities that are necessarily a part of any network system (Kizza, 2009; Cobb, 2011). Ensuring that access controls are as tight as they can be in order to prevent unauthorized access (whether purposeful or not, or from internal or external users), updating hardware as much as possible (or at least as much as is cost effective given the specific security needs of the company), and ensuring that proper monitoring and regular maintenance programs are in place are all important parts of ensuring network security (Kizza, 2009; Cobb, 2011). Taking these steps will help the company ensure greater security of its data and its communications, and ensure smooth operations.

The hardware and software components of a network security system are essentially meaningless if the individual employees, managers, etc. who have access to the network do not maintain proper security procedures and remain well-informed regarding potential risks and updated procedures and policies (Cobb, 2011; Whitman & Mattord, 2011; ICR, 2008). Any security policy must, after being properly designed and established, be communicated clearly and comprehensively to all relevant personnel, which in today's organizations typically means anyone with access to a company computer and/or the company network, or who handles digital information or communication for the company (Kizza, 2009; Lahtinen et al., 2006). Ongoing training and development programs for all relevant personnel should be made a regular feature of the company's overall security policy, and there should be a trend towards the greater recognition of the importance of human resources as the ultimate line of defense against malicious security breaches and errors (Cobb, 2011; Greene, 2006). With the right people doing the right things -- that is, following proper procedures -- maintaining proper security policies becomes much easier.