Corporate Network Security
By: Andrew • Research Paper • 4,936 Words • December 19, 2009 • 1,160 Views
Essay title: Corporate Network Security
ABSTRACT
Corporate Network Security is one of the most underrated considerations within today’s business world. This spotlight’s, on a more fundamental level, where management teams struggle to align their Information Technology infrastructure with business goals, business objectives, business practices and procedures.
Successful management teams are cognizant of two things. First, they are acutely aware that technology is integrated in most every facet of business. As a result, secondly, they realize the importance of having an Information Technology infrastructure properly aligned and supporting of the business purpose and organizational systems. They will go about business in ensuring that the information (technology) strategy and organizational strategy fit the business strategy.
INTRODUCTION
The purpose of Corporate Network Security is to mitigate risks of unauthorized access and protecting network systems and resources, while ensuring maximum systems uptime, data integrity and availability. In this paper, I intend to outline many areas that make up the concept of Corporate Network Security, look at many areas where companies struggle, while providing examples of companies doing things right, or making recommendations in such areas.
WHAT ARE THE RISKS
The threats and risks that businesses face to their corporate network security are real and plentiful. For example, compromised data, construed as a business asset, can be used to the benefit of competitors, which becomes detrimental to a company’s potential strategic advantage; compromised personal information, such as social security numbers or financial information, can create legal liability (more than 158 million personal data records have been exposed since February 2005 (Vanhorn, 2007)); information and data can be physically destroyed, wasting considerable manpower productivity; and your own ability to work can be hampered when a system is compromised by rendering it inoperable.
METHODS OF ATTACK
Some of the numerous ways a network can be attacked and how data and information can be compromised include Denial of Service attacks, backdoors, spoofing, phishing, password attacks (guessing, brute force, dictionary style), software / operating system exploitation, malicious code (viruses, adware, spyware, worms, trojans, browser hijackers), and physical thievery.
MANAGEMENT SUPPORT AND TEAMWORK
Suppose you have a company, which has grown leaps and bounds, to the point where they are in dire need of some form of an enterprise system, such as a CRM (Customer Relationship Management) system or an ERP (Enterprise Resource Planning) system, that would help take antiquated “doing things by hand” type processes to a more efficient and effective electronic method, because they have grown to such a point where managing their information necessitates such a system and the old ways of doing things have just become too cumbersome and are not effective in performing day-to-day functions.
While a company’s management team, as a whole, will all share the realization that such a system is necessary; depending on how the company is set up to deal with such endeavors will be a huge key in how successful such a systems implementation will go. How a company’s management team is set up to plan, procure, and execute such endeavors, will largely dictate success.
One common scenario is where the Information Technology professionals within the company happen to wield significant power and exert significant influence into what system is chosen. This type of scenario is the organizational strategy and business strategy matching the objectives of the information (technology) strategy, which is an atrocity waiting to happen. Commonly in such situations, Information Technology will end up putting in a system that does not match the requirements of the business goals and organizational procedures.
As a result, there will be all sorts of internal dissention, in-fighting amongst departments / business units and Information Technology. Even worse, after such a significant investment of time and money into the initial implementation, the management team will ultimately move forward with whatever is necessary to make the system work, sometimes requiring expert-level consultants and such, when the system shortcomings are realized. Between the internal issues (disgruntled employees resulting in morale issues and productivity losses), and the efforts (time / materials / manpower) in attempting to make the system right and attaining the level of functionality desired,