Introduction

With every technological advance comes a new set of risks. In recent years, networks have become more widespread and easy to access, exposing them to break-ins and other security threats. Although most organizations want to connect their networks to the Internet to allow employees to access Internet resources and allow outside Internet users to access public services such as a company's Web site, doing so significantly increases risks to their data and systems. Security breaches come from many sources and take various forms, from data theft to system shutdown. Your goal as an information security professional is to stay one step ahead of the game and anticipate problems instead of reacting to them after the fact. This chapter introduces the concepts of computer and network security, explains why you must be concerned about protecting your systems, and explains how to calculate the value of the information you need to protect. This chapter details common attacks you might face and possible motivations for such attacks. It also explains how to assess your security risks, identifies basic elements of security, and defines the tradeoffs in implementing security.