In a recent security survey report released by Internet Security Systems (ISS, 2002), it is reported that Internet risk was, in general, high in 2001 and is getting worse. ISS noted 830 million alarm events, and dealt with 2,185 security incidents in 2001 alone. ISS also points out that 70% of the security attacks happened through the widely used WWW services. IIML was also one of the thousands of affected organizations. The IIML web site was defaced a number of times between May and August 2001, and a large number of man-hours was spent to restore the damaged web pages. A spate of virus attacks caused considerable damage leading to data loss, increased clean-up costs, and a subsequent drop in productivity levels of the users. These attacks impacted the normal function of the users and caused considerable drain of computer center resources. IIML had installed simple security services that could not prevent the above-mentioned security intrusions. To address the above-mentioned security threats, a three-member security planning team was formed in August 2001. The team, including Mr. Mohapatra, the Computer Center Manager, set out to prepare a framework for the implementation of a comprehensive information security management system for IIML.

Despite the importance of information security, it is reported in Dinnie (1999) that 45% of companies worldwide made no allowance in their budget for information security and 41% had no budget for maintenance. It is not surprising that only $20,000, a mere 10% of the annual budget of IIML, was allocated for information security management. The challenge was to minimize the security threats by implementing appropriate security components within the allocated budget. Moreover, since security management is an ongoing activity, Mr. Mohapatra also had to decide about the strategies for the continuous maintenance of the deployed infrastructure.

Annals of Cases on Information Technology
SQL Tips & Techniques (Miscellaneous)
EAN: 2147483647
Year: 2005
Pages: 367 © 2008-2017.
If you may any questions please contact us: