Overview

Security managers must cope daily with the possibility that electronic information could be lost, corrupted, diverted, or misused. These types of issues represent a real threat to an organization's business performance. Today, companies are more dependent than ever on information technology. Information systems have transitioned from merely being an important asset in a business to being the single most essential, mission-critical factor in the performance of a business mission. However, even as corporate dependence on information technology has grown, so too has the vulnerability of this technology and the range of external threats to it. IM has become a critical part of the the IT communications structure, and as such, the security management issues related to its vulnerabilities should be addressed as aggressively as any other general IT security practice.

As a result of such vulnerabilities, considerable effort has been expended by hundreds, if not thousands, of security experts in creating the applicable policies that attempt to mitigate the risks these vulnerabilities pose. The U.S. government has moved to keep abreast of such changes, enacting various laws that impose severe penalties for perpetrators of cybercrimes. Furthermore, laws placing specific obligations on corporate entities have also been passed to enable or assist law enforcement in pursuing these cyber-criminals. A "get-tough" attitude toward hackers and cybercriminals has become pervasive since the 09/11 disaster.

No corporate or government entity wants to take chances that expose it to greater risk these days. Security teams must now operate within a highly complex legal and...