IT Security
of strategic importance
Ever advancing globalization and ever advancing Internet integration also mean ever advancing high-risk exposure to enterprise computer networks. The more open the corporate network, the greater danger of unauthorized third party access to the network. The fact that threats to corporate networks pose a real danger is substantiated in the press on almost a daily basis. According to a study by WarRoom Research a market research company, close to two thirds of all companies get an undesired hacker visit once every 10 days.
Corporations daily risk their credibility, integrity, reputation, and as a consequence their economic success, through insufficient security systems. These systems should protect data and communication relationships from destruction, theft, tampering, or espionage. Protecting a company's most valuable assets namely its knowledge and the trust of its customers could not be more relevant.
Accepting the idea that, "nothing is going to happen...", IT (Information Technology) security in many companies is rendered ineffective in spite of its strategic significance. A lack of security consciousness at the management level can lead to simple underestimation of the hazards arising from the Internet connection. This lack is even more astonishing given that corporate directors are legally liable for damages arising from gross negligence where IT security is concerned. (KonTraG, Control and Transparency Law). Individuals within the corporation can be held personally liable for such damages arising to the corporation or to third parties. There really should be no compromises as far as investments in IT security are concerned.
Do not place your trust in security mechanisms that are components of operating systems, application programs, routers, or firewalls. It has been demonstrated that: The more functionality that is integrated in a system or program then more complex it becomes and the greater potential it presents for security loopholes. It could be a question of a software error or as a result of the high administrative overhead; it could be a question of unknowingly setting false parameters.
Maximum security is guaranteed by, application software independent, dedicated security systems that have been developed exclusively for IT security and that have been installed behind access servers and firewalls in the DMZ.
NCP solutions are based on the principle of dedicated end-to-end security and are characterized by the highest degree of compatibility, availability, dependability, and flexibility. The central authority is the NCP Security Management that monitors all relevant security features.
Terminology Delimitations: Data Security and Data Protection
Data security refers to the technical and organizational aspects of protecting information and its characteristics from loss, falsification, or unauthorized access.
On the other hand data privacy refers to the lawful regulations protecting citizens from the misuse of person-specific data. Data Privacy is essentially concerned with the legal, political, and procedural questions associated with information handling. Compliance with the guidelines specified in the Federal Data Privacy Act (BDSG) is required for processing person-specific data. The attachment to paragraph 9 BDSG specifies in 10 points how different measures like controlled entry, controlled access, and controlled transport should be implemented. The goals of data privacy can be achieved with the methodology of data security.