The Security Conundrum
A network with no access control system is very easy for Users to use. It easy for EVERYONE to use! It’s easy for ANYONE to alter, copy or delete data.
This was the situation with the Intrnet asd it developed. Now that "freedom of information" is turning back to bite us.
With no access control system there is no way of ensuring that the data is correct and/or consistent.
As soon as access control is initiated, Everyone's access is slowed and limited.
If you slow down the Good Guys (which is bad), you also slow down the Bad Guys (which is good). But, by how much?
Any security specification amounts to buying insurance. You decide what the value of the item(s) to be insured is/are and pay the appropriate premium - hoping that you’ll never need to invoke the policy.
This is a terrifying question. A tool, such as that provided by the IT Department, needs to be readily available when required. The Users need to be familiar with it so that its use is automatic. However, putting security measures in the Users’ way slows
them down and irritates them.
Generally, if the Users perceives the security system as beneficial to them and their well-being, they will accept it. This requires understanding on the part of the IT Staff and education of the Users.
|
Web Author: Geoff May.
Last Update: 08/09/98
Copyright © 1998 by Network Business Services Pty Ltd. All Rights Reserved. |