Since the advent and infancy of the internet, many U.S. companies and corporations have functioned and operated with very little Computer and Network Security in place in their network infrastructure. Although many of these companies and corporations have hardware firewalls and intrusion detection systems in place, many of these businesses do not have policy and procedures to guide and govern their infrastructure security.
Policies along with personnel are the backbone of the Computer and Network Security. This backbone is the fragile structure that keeps companies secure in today’s digital world. These directives (Policy and Procedures) insure that companies and corporations will be in compliance as long as the CIO or IT manger enforces them. Although a definite and structured compliance has not been put in place, directives and training are the true tools needed to help companies maintain a form of security within their organization.
Until now, computer security and locking down the network infrastructure has been on the back burner with most companies and corporations because of cost. According to a corporate poll in A nationally recognized information technology magazine, 99% of U.S. companies now use some type of preventive antivirus technology with 98% of these companies now using firewalls.
This electronic security poll was based on compiled information from larger corporations and their practices and does not include small to midsize companies found throughout the United States. The recently released polls in this research paper show are usually focused on larger companies and corporations in the United States. The main reason for this was found by interviewing several midsized and smaller companies locally. These smaller companies and corporations usually have outsourced their Information Technology infrastructure to private organizations that do not have written policy and procedures written for these smaller companies.
Normally, these companies do not have any type of policy and procedure in place for their current clientele. Because of this practice, these companies and small corporations do not look at industry related security trends, security issues or any relevant areas of computer security. Although it was found that <10% of the companies offer a service related plan that pushed security issues for their clientele.