Security is primarily a management issue, not a technological issue. This is due to many issues but one of the main ones is budget. Another reason is that obviously nothing can be done in the corporate world without authorization. Also, according to the IncTechnology.com, the leading threat to a corporation’s technology network is that of scorned former employees. (Foley, 2007)
The following is an excerpt from an article regarding network security, “…at its core, security and privacy are business issues, not technology issues—a counterintuitive message that must be convincingly delivered, first to the board and your c-suite counterparts, and then throughout the organization. Your colleagues must realize that if your company focuses primarily on technology as the solution, progress will be slow and setbacks frequent. Conversely, if your organization approaches security and privacy as a business issue (or a customer issue, or a stakeholder issue), and if the process purposely involves the people who normally deal with such issues, then solutions will be more readily attained…No one could credibly deny that IT has a significant responsibility for security and privacy, but care should be taken to distinguish enablement from execution. The fact is, IT alone cannot solve the problem…Perhaps it’s ironic that this message must come from you, the CIO—an executive whose role is often deemed synonymous with technology. But we consider the messenger as important as the message. No one but you has the authority to deliver it.” (DeZabala, 2009)
There are many things that can be done to ensure that a computer network is as secure as possible, nothing is 100% secure. The following are just a few of the things that I would ensure were included in a security plan if I were the Information Technology Director of a small firm.
· A procedure for expedient approval of security measures;
· A policy and procedure regarding funding approval regarding security measures to ensure maximum efficiency (this means a fast way to ensure funding for security necessities.);
· Immediate revocation of technology access for terminated employees and contractors;
· Monitoring of network activity for all employees, especially ones that are pending termination of employment (even if the termination is voluntary).
There are many other things that should be done to ensure maximum efficiency in regards to security but these are some of the most important ones.
DeZabala, T. (2009, October 21). The CIO as Chief Security/Privacy Officer. Retrieved November 29, 2010, from CIOInsight: http://www.cioinsight.com/c/a/IT-Management/The-CIO-as-Chief-SecurityPrivacy-Officer-516692/
Foley, M. O. (2007, July). Guarding Against the Threat from Within. Retrieved November 29, 2010, from Inc. Technology: http://technology.inc.com/security/articles/200707/threat.html
Panko, R. R., & Panko, J. L. (2011). Business Data Networks and Telecommunications (8th ed.). Prentice Hall.