Computer and Network Security

A great deal of an organization's existing information is processed and stored electronically by single (standalone) computers or computer networks. Therefore, an attack on an organization's computers or computer networks can result in extensive information theft or abuse. However, computers and computer networks today are not just tools used to store information; they are the heart of an organization's operations and crucial to its communication and business transactions. For example:

• Nowadays, most of an organization's communication and business transactions are conducted via email (regardless of the organization's size).
• Online stores process orders and supply products over the Internet.
• Emerging technology today allows an organization's branch offices to communicate, share data, and even establish low-cost VoIP (Voice over IP) communications, rather then using the traditional phone system.
• Applications are hosted on a main computer rather than on personal workstations. This helps organizations share application resources. For example, in service departments, the customer database is located on a main computer, while all customer relations transactions are managed by software clients running on the agents' computers.
• In order to withdraw money from any ATM machine, your PIN and the details on your magnetic card are scanned and verified against the details on the main bank computer.
• A department store in New York can query the inventory of the main warehouse located in Chicago and enter orders for missing products, all in real time.

In other words, on top of the damage done by computer information theft or abuse, unauthorized access to a computer or a computer network can seriously damage the entire organization's essential operations, communications, and productivity. For example:

• An online store's Web site can be hacked, so customers cannot enter orders.
• An unauthorized user can take advantage of an organization's email server to send unsolicited bulks of email. As a result, the organization's Internet communication lines will be overloaded, and employees in the organization will be unable to send or receive emails.

Since computer and network security has become a central part of information and general security, security managers must either have an understanding of computers and networking, or work closely with network administrators and network security specialists.