The advent of the world of e-commerce has heightened awareness at large, medium, and small businesses that effective programs must be implemented to secure the safety and integrity of business information. In todays environment of greatly reduced technology budgets, every effort must be made to ensure that information security technology purchases are responsive to realnot perceivedrisks to our business operations.

There is a propensity to spend a significant amount of money on technology tools that often do not provide a business value return on investment. Therefore, the first task to perform when considering information security technology deployment is a thorough risk analysis to assess the impact an issue or threat in the environment may have on your business operations. Threats may have substantial or no real impact, but a process must be followed to make that determination and then translate the finding into business terms.

For example, after the NIMDA virus infection, some vendors sent out an alarm claiming the NIMDA virus was capable of creating untold amounts of damage. They promised they had the answer to protect against future NIMDA attacks. Informed chief information officers, however, did not respond to the vendors hype nor did they recommend their companies spend millions of dollars installing new tools.