• E-mail info@agility-biz.com
  • Phone 908-577-2782

Security management in intranet applications

The introduction of the .NET platform by Microsoft and the growing popularity of Internet-based systems have caused major security concerns for system developers. Appropriate information security techniques must be used by system administrators to reduce the risk of information disasters. The purpose of this research paper is to examine possible information security problems and recommend possible ways to evaluate and reduce information system risks.  Information security problems cost millions of dollars for US companies and billions for the overall US economy. Nowadays, the question is not whether organizations need more security, but how much to spend for added security. And yet investing in IT security has always been a hard sell for IT managers. Scores of security technologies are on the market and, if anything is certain, it is that none of them can guarantee security. Each choice involves risk. The problem is that security managers lack structured cost-benefit methods to evaluate IT security solutions in light of prevailing uncertainties. A framework can help evaluate the costs and benefits of IT security solutions using a company’s risk profile. Using an unconventional concept, this framework bases benefit on avoided risk rather than increased productivity. Lawrence Berkeley National Laboratory (LBNL) uses this framework to help demonstrate to management and auditors that it is significantly less expensive to accept some damage from cyber attacks than to attempt to prevent all possible damages. This pragmatic approach continues to enable LBNL’s cybersecurity staff to optimize security countermeasure investments and reduce spending without sacrificing protection. The framework described here uses a risk management approach that integrates risk profile with actual damages and implementation costs to determine the costs and benefits of information security solutions. This approach requires reasonably voluminous data and is thus well suited for organizations with extensive incident data or when the consequences of incidents are high enough to warrant extensive data gathering.

User Dashboard Client Zone