Information Technology Management Term Paper

Network Security Management

From the onset, it is important to note that for data to flow from one computer to another, such computers should be interconnected in what is referred to as a network. With such interconnectedness comes the risk of data interception and it is for this reason that network security is considered crucial.

In the recent past, the number of corporations that have experienced attacks on their computing resources has been on the increase. Outages in this case have ranged from denial-of-service-attacks to viruses to other more sophisticated forms of attack. It is important to note that these attacks, which are rarely publicly acknowledged by the affected companies, are coming at a time when organizations are increasingly becoming dependent on information systems and networks to conduct their business. Today, business communications between an entity and the various groups of stakeholders, including but not limited to employees and customers, are primarily done or carried out through networks. Any disruption on these networks could be potentially catastrophic for individual firms.

It should also be noted that organizations stand to lose should an individual gain access to their networks and computer systems. In that regard, therefore, network security management is of great relevance to companies that wish to safeguard their most important and critical resources. A discussion highlighting the key benefits of network security management is, therefore, both relevant and timely.

The Importance of Network security Management

Introduction

During the past few years, the internet has evolved greatly. Computer networks have also grown in terms of size, complexity, and relevance. Essentially, it is these changes that have triggered the emergence of a new breed of cyber criminals and other malicious individuals who are constantly on the lookout for ways of compromising vulnerable networks. This text largely concerns itself with the importance of network security. In so doing, it will amongst other things define network security and briefly discuss how network security management has evolved over time. The text will also address the implementation of an effective network security management strategy.

What is Network Security?

For purposes of this discussion, it is the definition that Richardson and Thies (2012) give to a network that will be utilized. According to the authors, a network is essentially "an interconnection of two or more computers with some means of sending messages back and fourth" (Richardson and Thies, 2012, p. 389) Given the role they play in the facilitation of remote access, networks tend to be specifically vulnerable to remote attacks and acts of sabotage. Network security comprises of all those initiatives and measures embraced by an entity in a bid to protect its network. Such initiatives and measures essentially protect not only the integrity but also the reliability and usability of data. Network security management, therefore, seeks to offer protection to the network from both misuse and unauthorized access.

Network Security Management and its Relevance

Before addressing the importance of network security management, it would be prudent to first highlight how network security management has evolved over time. The move to embrace effective network security strategies has been fueled by the increasing instances of theft and misuse of sensitive organizational data over networks. Indeed, many companies have in the past lost millions (mostly in silence) to hackers. It should, however, be noted that although interest in network security seems to have spiked within the last one decade, specific incidents in the early 90s may have convinced businesses that there was indeed need for a comprehensive network security policy.

The 1986 Computer Fraud and Abuse Act was created after it emerged that crimes relating to the use of computers to commit fraud and other related activities were on the increase (Senft, Gallegos, and Davis, 2012). However, as Senft, Gallegos, and Davis (2012, p. 11) further point out, despite being created to "protect against attacks in a network environment," the act did have several weaknesses and faults. It is important to note that it is at around this time that authorities were beginning to come to terms with the theft of crucial information from military computers. Some of those who were either accused or convicted of computer related crime during this period include but they are not limited to Robert Morris and Ian Murphy. Later on, just as the world was coming to terms with how costly network security failures could become -- primarily following the release of the Morris Worm, the U.S. Government orchestrated the formation of a response team that was essentially charged with responding to computer risk incidences.The said team was christened CERT -- Computer Emergency Response Team (Wang and Ledley, 2012). It should, however, be noted that regardless of the measures that were being put in place, network security concerns continued to increase in the 1990s, after the internet became widely available to members of the public.

As I have already pointed out elsewhere in this text, it was during this decade that businesses begun to adopt far-reaching measures aimed at protecting their computing infrastructure from network attacks. In the recent past, many network security breaches have cost organizations billions of dollars. Some of the said breaches are never reported in the media.

In the words of Canavan (2001), "network and computer security is crucial to the financial health of every organisation." This according to the author is more so the case given the increasing number of network security incidents being reported in the media on a daily basis not only across the nation but across the world as well. Indeed, within the past two decades, network security incidents have significantly increased, thus effectively validating the central claim made in this text: that the relevance of network security management cannot be overstated. From the onset, it should be noted that network security management comes in handy in the prevention or aversion of losses arising from misuse of data. In the absence of adequate network security management approaches, data manipulation, destruction and breaches of confidentiality would most likely be common occurrences.

In the year 2000, a report on network attacks pointed out that companies would lose close to $1.6 trillion in hacking and other network attack incidents. According to Canavan (2001), whichever way one looks at it, this "is a staggering amount of money with a direct effect on companies' return on investment or assets." It is important to note that the said report was released approximately thirteen years ago. Today, companies continue to lose billions of dollars to credit card thieves, hackers, and other individuals (or entities) of shadowy character who take advantage of system and network vulnerabilities to steal customer private information, stall organizational operations, or spy on competitors. As a matter of fact, and as I will demonstrate shortly by making use of real life examples and occurrences, network security breaches can be particularly expensive. In addition to suffering financial losses, businesses that fall victim to network security breaches could have their operations severely disrupted. The said business disruptions are more likely than not to negatively affect productivity. By extension, this could have a negative impact on the bottom-line.

One classic example of a business that has been there, and lived to tell the story, is Sony. Sony has been one of the dominant players in the electronics marketplace for decades. According to Richardson and Thies (2012, p. 366), in what came to be popularly referred to as the Sony PlayStation Network Attack back in the year 2011, attackers made use of what in the authors' own words was a "potentially known vulnerability" to access the records of scores of the Sony PlayStation Network customers. As the authors further point out, "at stake were the records of possibly 70 million users' credit card information…." (Richardson and Thies, 2012, p. 366). Thanks to the said attack, Sony was forced to suspend the Network for a total of 24 days. Further, as a result of the entire debacle, Sony is said to have lost millions (and possibly billions) of dollars. Sony according to Tassi (2011) acknowledged a total loss of $170 million. It is, however, important to note that some analysts have speculated that this figure could have been much higher -- perhaps close to a billion dollars. In this particular case, the effective management of network security could have saved Sony from the financial mess it found itself in thanks to the PS Network outage.

Still on financial losses, it is important to note that failure to have in place an effective approach to network security management could expose a company to legal suits. Indeed, it is important to note that many businesses have in the past been sued for failure to embrace effective security measures. Court action in this case could come from the affected customers or the relevant regulatory authorities. For instance, following the Sony PS Network attack, authorities in the UK deemed it fit to fine the technology company a total of $396,100 for what it termed a preventable breach......