We are used to insuring valuable property such as boats, houses, commercialproperties and cars. How can we insure ourselves against data getting into thewrong hans, or unauthorized users gaining access to the internal computernetwork? Who is responsible for any losses incurred?The value of data varies from one company to another. Even rumors can have serious effects if sensitive information goes astray. Companies are running a considerable risk with employees roaming the world, carrying important information on their portable computers. If a computer isstolen on a business trip, that important project could easily end up as reading matter on the Internet or in the Washington Post. Companies also have a moral obligation to protect personal information stored on computer, even if the loss of such data would not damage the company in financial terms. If an organization asks its employees to supply personal data, it also has a responsibility to store it safely. The safe way to store data is in encrypted form. It is difficult to judge how sensitive an organization is to the loss of data. Nevertheless, you should be able to answer the following questions:
1. What if internal data gets into the wrong hands?
2. What if unauthorized users make changes to data?
If the consequences of either of the above are negative, you could do a simple sum showing how much an access control product would cost, set against any possible losses. Note that the quality of access control products varies considerably. You should choose the product that meets your specific requirements.