Windows XP / Networking

Security as a Cost of Doing Business

There is no denying it: Security represents a cost of doing business. Some of your business is contingent upon secure applications and data. For example, e-business revenue streams may depend on proper security. Security is akin to insurance costs; that is, you pay now to save later. Insurance, after all, is applied risk management. It is reminiscent of the old Fram car filter commercial where the mechanic comments when asked about the price of the filter: "You can pay me now, or you can pay me later." Obviously, the cost of an oil filter is a lot less than the cost of a new engine, but the implementation of some controls now can save you money later.

There is the loss of assets to worry about, but that is not the only concern. Legal actions may result if you fail to meet a general duty of care exhibited as minimum-security standards. Your organization might also have to worry about compliance with specific legislation. In the United States, this could mean.

Gramm-Leach-Bliley Act (GLBA):
Protects the privacy of customer information at financial institutions

Health Information Portability and Accountability Act (HIPAA):
Defines standards and procedures for gathering, retaining, and sharing customer information in the healthcare sector

Sarbanes-Oxley Act (SOX):
Affects publicly traded companies governed by the SEC

You might know about other legislation affecting your industry or business. Other countries have or are developing similar legislation. You will need to know the legal obligations of your particular jurisdiction.

Current resistance to security expenditure will shrink as the information age matures; after all, nobody questions the cost of building security anymore. When we first started in computing, people could not understand the need for passwords, but today, passwords are an accepted control for any system.

In this tutorial, we show you how to design a secure network to mitigate the vulnerabilities and security risks introduced by wireless technologies and the infrastructure installed to support them.

[Contents] [Next]