Data security is a broad category of activities that covers all aspects of protecting the integrity of a computer or computer network. Under its most liberal interpretation, data security involves protecting a computer from external threats (from individuals outside the organization), internal threats (from individuals within the organization) and from threats to hardware as well as to software. In this interpretation, disaster recovery can be considered a part of data security as information managers seek to protect data from natural disasters and manmade attacks.
Organizations can improve their security by simply observing fundamental strategies such as using only licensed copies of software (which are unlikely to have viruses installed on them) and by limiting access to computers and files on those computers. Just as physical files have limited access points, so data files should also be limited to those individuals who have a business reason for viewing the files. Passwords and access codes provide rudimentary security at this level, and will prevent access by the merely curious.
However, even small organizations now have computer links with the outside world, which makes them vulnerable to breaches of security from any number of sources. Disgruntled employees (current or former), vendors unsatisfied with payment conditions, advocacy groups who disagree on a political level with the organization's philosophy, competitors and hackers all pose security threats. While some of these threats can be readily identified, others are unknown until they strike.
Among the major challenges facing an organization which wants to protect its information is recognizing that data security is even a problem. Large organizations which have a dedicated MIS staff are likely to impose security measures because the MIS staff is aware of the problems which can happen. Organizations which have been struck by the Michelangelo or Melissa viru...