In today's business environment, data is one of the most valuable
resources that is required for maintaining a competitive edge. As
a result, businesses must often be able to maintain data secrecy,
readily determine the authenticity of data, and closely control access
to data.
Data systems commonly consist of many types and sizes of computer
systems that are interconnected through many different electronic
data networks. It is now common for an organization to interconnect
its data systems with systems that belong to customers, vendors, and
competitors. Larger organizations might include international operations,
or they might provide continual services. As the Internet becomes
the basis for electronic commerce and as more businesses automate
their data processing operations, the potential for disclosing sensitive
data to unauthorized persons increases. As a result, approaches to
data security must provide:
- Common services for each computing environment
- Support for national and international standards
- Graduated degrees of support
- Flexibility to work with existing and emerging systems
- Management of the increased risks to data assets
A combination of elements must work together to achieve a more
secure environment. To provide a foundation for a secure environment,
a security policy should be based on the following:
- An appraisal of the value of data
- An analysis of the potential threats to that data