Part Eight of Twelve
Note: (If you are reading this article, you should begin with the first article and follow through to understand the content and information provided. Information in this article shows the research methodology used in articles One-Seven.)
The approach used in this study uses the research of relevant information along with filtering of the available information. The approach also used interviewing of internal associates in the Information Technology field. These information technology experts are responsible for the compliance of Computer and Network Security with a background of professional knowledge and previous experience in the field of Information Technology
security. During the developing of this study, there was a specific focus on the collecting of information needed to accurately look at the problem of protection of network infrastructure and data. This allowed for the presentation of discussions found later in this article found under “Review of Related Information”.
Discussion was provided for several of the subjects relating to Policy and Procedures and Internal Company Security and Auditing Controls. The impact of network infrastructure is discussed, along with the impact of breeches of U.S. companies. These findings of several of the companies along with the researcher’s first-hand experience in protecting network infrastructures at a higher education facility are examples in this research article of related information concerning Computer and Network Security.
Data Gathering Method
The primary method used by this study was the typical and historical method of research. This research method uses the interpretation of a collection of materials and facts in order to present all of the discussion materials. The many
experiences of the researcher with a higher education facility along with the interviews of associates of a higher education facility were also used to gather the material needed for this study. Several of the appendices have extracts of publications found on the world wide web and are used as factual backups to many of the discussions listed in this research article. These appendices contain relevant articles and excerpts from several laws.The secondary method used by this study is actual case studies. This method allowed the researcher to challenge and interview many industry experts in the Information Technology field. This along with first-hand experience, internal interviews and resources allowed the researcher formulate the validating and presenting of Policy and Procedures along with methods and methodologies of protecting a network’s infrastructure.
The secondary method used by the study is the case study. This method allowed the researcher to “observe” the predictions and theories of industry experts, along with utilizing the first-hand experience and internal interviews to formulate the basis for presenting and validating the security implementation plan. The article itself is based on looking and studying the mentioned companies and the gathering of specific subject matter related to information technology security. Database of Study
This study collected related information on Understanding the Impact and Solutions of Computer and Network Security from external publications such as newsarticles, Internet websites, corporate publications, etc. Magazines which offered the most relevant information included Information, A nationally recognized magazines. These various publications target security related information in the full scope of Information Technology and their target audience is all levels of IT, and their focus is on all areas of the technology field. The researcher’s approach was to use “Google.com” and search for “Computer and Network Security”, “protecting your network” “viruses”, “spyware/malware”, and “hacking”.
This research method presented many direct hits and resources. All of the information had to be filtered for relevant information on the topic of Computer and Network Security in order to get direct related hits on the topic of Computer and Network Security.
To prove discussions on Policy and Procedures and Internal Company Security and Auditing Controls, various sources were used including the Policy and Procedures of a higher education facility and policy and procedures from the companies named in this study. These many sources of information along with board and entry level policies are vital in establishing the outline and importance of Policy and Procedures.
Several areas of the research contained different surveys which are used in the context of this research article. Results of these surveys help to contribute to the overall discussion of the impact of companies in terms of finances, operations and organizational structure. Surveys are an important contribution for this article in that they show what organizations are doing country and worldwide.
Validity of Data
Much of the research was garnered from reputable and leading industry sources. These resources represent a diverse group of Information Technology professionals. The discussions on the setup of their individual networks came from CIO’s and Information Technology Managers with a combined time in the IT field of over 65 years. Much of the information on Policy and Procedures came from the author’s place of employment. The updates and service pack information, along with spyware/malware information came from sources on the internet including Microsoft Corporation and Lavasosftusa.com Other sources included magazine periodicals from CMP and other publishers to include Microsoft.
Finally, the implementation plan used to outline security in the workplace is a compilation of interviews through the Allen, Neill and Taylor Corporations. The cumulative efforts of the researcher’s association with these companies contributed greatly to the outline given in this research article. The information technology mangers and CIOs from these organizations provided key input and knowledge from several personnel who have more than sixty five years of combined expertise.
This outline provides input from local industries with adequate reputations and leadership foresight and to obtain could be used to show the most cost-effective approach while providing the best security for industries today. This outline provides guidance used by leaders in the information technology industry. Originality and Limitations of Data
There has been no study done companywide for the Allen Company, Neill Company or Taylor Company on infrastructure security until this research took place. A higher education facility has undertaken a study several times and does quarterly reviews of security policy at least twice each year within their own facility. This study has revolutionized the importance of network infrastructure security by bringing security into focus across these Middle Tennessee companies and corporations.
Because the Information Technology field has very few standards in place for Computer and Network Security, this study has limitations based on the ideology and philosophy of sources. While CERT.ORG and other institutions, including CompTIA setstandards for the “what to check” and security certifications, there are no industry wide guidelines concerning Computer and Network Security. No in-depth research was done to uncover the reason for this situation. Many companies use the following companies and organizations as references and resources for Computer and Network
Security and advice.• Techrepublic
www.techrepublic.com• Carnegie Mellon
www.cert.org• United States Computer Emergency Readiness Team
www.us-cert.gov• The Center for Education and Research in Information Assurance and Security
www.cerias.purdue.edu• National Security Institute
http://nsi.org/compsec.html• Microsoft
www.microsoft.com/security/default.mspx