booklets and brochures
networked information systems
introduction
The explosion in affordable computing power and the rapid expansion of interconnected, publicly accessible networks has dramatically altered the way sensitive personal, financial, or proprietary information is acquired, processed, distributed, shared, stored, and retrieved. The advances that have made this possible have simultaneously increased the risk that this information may be compromised, manipulated, stolen, or lost.
This has created a paradox. We now have the dilemma of choosing between the advantages of using networks, weighed against the probability of becoming a victim of cyber thieves. Although this paradox remains, the decision has already been resoundingly made in favor of using the networks, and people have become dependent on these networks.
This transition to network dependence has placed vast amounts of sensitive information intended only for authorized users -- such as financial, personal, medical, military, and research information -- at risk. Traditional security safeguards designed to limit or preclude physical access or removal of data do not apply in a networked world. Entire libraries are vulnerable to being downloaded within seconds, and the thief need never reveal himself or gain physical access to the storage location. George J. Tenet, Director of Central Intelligence, recognized the enormous significance of dependence on computer networks when he stated:
"We have staked our way of life on the use of information. We rely more and more on computer networks for the flow of essential information. Like electricity, we now take information infrastructures for granted. Reliability breeds dependence, and dependence produces vulnerabilities."
The vulnerabilities that allow unauthorized exploitation of networks are not necessarily the result of technology, nor are the vulnerabilities present because smarter minds are writing better programs than the network developers. Perhaps the number one reason vulnerabilities exist in the amount and variety that they do is because of the pace at which network technology is being used, modified, and upgraded. The majority of network vulnerabilities can be attributed to software that is outdated or improperly installed or upgraded and lax, inattentive, or poorly trained system administrators. In fact, the most common factors affecting network security are the sheer volume of computers being produced, their increasing sophistication, their linkage to networks, the increasing number of individuals using them, and the disparity of knowledge among users.