Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesDatapro Report

January 1997 / Bits / Datapro Report

Security Wake-Up Call

Rebecca J. Duncan and Jackie Hyde

It's time for organizations to stop saying they are concerned with securing their information and get down to the business of doing it. In theory, upper management supports the protection of information assets; in practice, the implementation of security strategies is minimal or nonexistent within many organizations today. That's the conclusion Datapro analysts draw from Datapro's 1996 International Survey of Information Security Issues.

Companies that have implemented successful, cost-effective computer security strategies typically have formed a policy, conducted a risk assessment, and put in place risk-management methods. An organization should identify its unique risks to ensure those areas are covered by the security policy, then execute suitable countermeasures based on priorities and levels establ ished in the policy stage. Training and awareness play an invaluable role in making a security implementation successful: globally, current employees were responsible for 57 percent of all security incidents.

Unfortunately, economic influences such as the drive to cut costs have taken their toll. Funding for security has disappeared from many corporate budgets. While the number of companies with a dedicated security department and a security policy has decreased, the number of companies with no plans for a policy has risen. Only 54 percent of survey respondents in 1996 had a security policy, down from 82 percent in Datapro's 1992 survey. For those companies trying to salvage some form of protection when the security department is dismantled, the responsibility is primarily reallocated to the MIS manager. MIS is not the ideal location -- as long as security remains part of the IT function, i t may never become a priority. Organizations that have a dedicated person assigned to security are more likely to have a security policy in place.

Companies today place high value on the ability of PCs, networks, mainframes, and databases to contribute to an organization's success. Yet security is still regarded as a drain on the bottom line. Organizations need to stop thinking of security as something that impedes or restricts, like the locks and seat belts in a car. Instead, they should think of security as something that enhances the ride and ensures that you reach your destination, like antilock brakes. The drive for electronic commerce, the phenomenal growth of the Internet, and the increasing popularity of business applications that use public networks require organizations to develop sound information security. Security needs to be regarded as an enhancement that contributes to the bottom line, not a function that drains it.

Companies With a Plan

illustration_link (14 Kbytes)

Firms with a plan often have dedicated security staff.

Top Microcomputer Security Breaches

illustration_link (14 Kbytes)

Computer viruses are the most common microcomputer security breach.

Rebecca J. Duncan and Jackie Hyde are information-security analysts at Datapro. For more on Data pro services, call (609) 764-0100 or see http://www.datapro.com .
Up to the Bits section contentsGo to previous article: Go to next article: Corel PDA to Bundle Java SuiteSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network