Executive Overview

Executive Overview

Copyright: © 2004 |Pages: 12
DOI: 10.4018/978-1-59140-247-3.ch006
OnDemand PDF Download:


The convergence of many interdependent events, including the expansion of unprotected Internet connected applications, the global war on international terrorism and the large financial impacts of information and identity theft, has made IT security a core element of most corporate and government IT plans. During 2003, two examples illustrate the scope and cost of the security problem: Cyber attacks increased 40% in the first three quarters of the year, and the cost of cleaning up multiple worm and virus attacks during the summer cost $3.5 billion, according to the CERT Coordination Center, a cyber security-monitoring agency. Interwoven with capacity, performance and reliability factors, internal security strategies have expanded past keeping external hackers and crackers out to authenticating users through biometric and other factors, tracking authorized access inside firewalls by system users, and forensic analysis of destructive software. Given the economic con- straints placed on business expenses, however, these efforts have often been too little, too late to stop determined individuals from gaining access to information assets. Adding to the technical complexity of security are legal issues concerning user privacy, liability issues for not preventing the theft of customer records and identities, and government compliance with HIPAA, GLBA, FCRA, NORPDA, PIPEDA, SAFETY, Sarbanes- Oxley, and the U.S. Patriot Act regulations. Overlaying proactive longterm plans and operations are immediate reactive limitation activities to network and system-wide attacks caused by malicious software (also called “malware”) such as worms, viruses, Trojan horses and zombies. As technology reliability has moved user expectations to a 24×7 availability level, the level of management complexity associated with that degree of service has required larger equipment investments, more staffing, and increased awareness of the consequences of each decision made concerning IT security. By default, IT managers and executives have been forced to become experts — with associated responsibilities — on many different topics outside the traditional IT community.

Complete Chapter List

Search this Book:
Table of Contents
Lawrence Oliva
Chapter 1
Executive Overview  (pages 1-12)
The convergence of many interdependent events, including the expansion of unprotected Internet connected applications, the global war on... Sample PDF
Executive Overview
Chapter 2
Craig E. Kaucher
The latest year-end statistics from the highly regarded CERT Coordination Center (CERT-CC) at Carnegie Mellon University once again demonstrate that... Sample PDF
Aligning Assurance Requirements, Countermeasures, and Business
Chapter 3
Charles Rex IV
Protecting customer provided information is crucial to the success of the organization. In order to maintain existing customers and attract new... Sample PDF
Protecting Customer Provided Information
Chapter 4
Chrisan Herrod
This chapter describes why it is important for organizations to develop and implement an IT risk management function and use best practice risk... Sample PDF
Global IT Risk Management Strategies
Chapter 5
Architecture Issues  (pages 96-106)
Lawrence M. Oliva
This chapter is focused on building the information architecture: what is important to consider, how to align the security, application and... Sample PDF
Architecture Issues
Chapter 6
Clifton Poole
The proliferation of wireless local area networks in the enterprise and home domains has increased dramatically within the past several years as the... Sample PDF
Wireless Information Security
Chapter 7
Reference Materials  (pages 144-165)
Lawrence Oliva
Reference Materials
About the Authors