In today's business environment, data is one of the most valuable resources that is required for maintaining a competitive edge. As a result, businesses must often be able to maintain data secrecy, readily determine the authenticity of data, and closely control access to data.

Data systems commonly consist of many types and sizes of computer systems that are interconnected through many different electronic data networks. It is now common for an organization to interconnect its data systems with systems that belong to customers, vendors, and competitors. Larger organizations might include international operations, or they might provide continual services. As the Internet becomes the basis for electronic commerce and as more businesses automate their data processing operations, the potential for disclosing sensitive data to unauthorized persons increases. As a result, approaches to data security must provide:

• Common services for each computing environment
• Support for national and international standards
• Graduated degrees of support
• Flexibility to work with existing and emerging systems
• Management of the increased risks to data assets

A combination of elements must work together to achieve a more secure environment. To provide a foundation for a secure environment, a security policy should be based on the following:

• An appraisal of the value of data
• An analysis of the potential threats to that data