The information age went international in the 1980s. However, the fact is that a series of corresponding security weaknesses also came. For example, electronic mails are widely applied in today's daily life and business, while the virus of one computer connected to many others in a honeycomb arrangement may affect another, as usually how great they are interconnected is unknown (Shain, 1996). Therefore, information security is increasingly required to take on a considerably vital role in networks.
As Shain (1996) points out, security is a wide concept, it is a separated subject with its own theories, "which focus on the process of attack and on preventing, detecting and recovering from attacks". Certainly, these processes should be well organized in coping with the complex system issues. A coherent approach should be taken, which builds on established security standards, procedures and documentation. Actually, "the activities of the IT security function are varying in accordance with the criteria of size and sector"(Osborne, 1998). There are an amount of core activities, including:
- Standards, procedures and documentation.
- IT security policy creation and maintenance.
- Maintenance of capability.
…
