14 - Computer and network security risk management
from IV - Protecting enterprises
Published online by Cambridge University Press: 11 September 2009
Summary
The use of communication technologies to conduct business has become a crucial factor that can significantly increase productivity. The need to secure information systems and networked infrastructures is now a common preoccupation in most enterprises. As a result, strong links are being established between security issues, communication technologies, an enterprise's security policy, and an enterprise's business activity. Risk management has become an important procedure for any enterprise that relies on the Internet and e-means in its daily work. Risk management determines the threats and vulnerabilities of any e-based system. It also integrates architectures, techniques, and models. This chapter attempts to deal with all of the above concepts and techniques.
Introduction
The development of information and communication technologies, especially the Internet, has prompted enterprises to redesign their communication infrastructure in order to take benefit of this visibility factor and re-engineer their business processes by implementing projects online, managing virtual enterprises, and externalizing their activities. Renovation and ICT use have contributed significantly to the success of many companies. Nevertheless, the current growth of digital attacks has caused decision makers in enterprises to doubt the confidence in information technology. In fact, security incidents that occurred recently (as discussed in the previous chapters) have emphasized three important facts: (a) computer network attacks can induce a huge damage on business activity, (b) many of the attacked enterprises have active security infrastructures at the moment the security incident occurred, and (c) the security infrastructure costs vary highly from one enterprise to the other based on the security policy adopted and the nature of the activity performed by the enterprise.
- Type
- Chapter
- Information
- Security of e-Systems and Computer Networks , pp. 325 - 350Publisher: Cambridge University PressPrint publication year: 2007