6 - Principle Five: Maintain Secure and Virus-Free Computer Systems

Abstract

This chapter reviews the fifth principle of socially responsible information technology management—maintaining secure and virus-free computer systems. Without sufficient security, the organization is open to a range of risks, all of which are harmful. Viruses and other malicious code attacks are growing in number, and so is the cost incurred by companies, government organizations, and private individuals to clean up systems and get them back into working order. A firm foundation is required to develop satisfactory security protection, and that foundation is an organizational security policy that covers all the compulsory contingencies. Among those contingencies are procedures for installing applications, e-mail and Internet practices, information technology (IT) user policies, password protection, downloading data considerations, and network monitoring. The policy must provide a plan for responding to security attacks, and that plan must be rehearsed through dry runs and other simulated methods. Fighting back against security violators requires that an organizational policy be developed and implemented. The first step in any security plan is to instill an awareness of the vulnerability in all users of computer systems. Physical security is particularly important. Equally vital is not throwing sensitive IT system data into the dumpster.