 |
 |
Recent years have seen continuing growth in corporate information systems, electronic transactions (e-commerce), and electronic government, as well as ever-rising numbers of Internet users - in short, continuing advances in the networking of Japanese society. Far from being restricted to corporate activities, information networks have become an essential element of social services provided by schools and central and municipal governments, and integral to both essential and convenient consumer services.
As information networks evolve into indispensable infrastructures in ever-wider areas of modern society, one issue that has risen to the fore is security. Information systems connected to a network are exposed to significantly more risk than stand-alone computers. Network connections leave information systems vulnerable to attacks from those wishing harm from anywhere in the world. Unauthorized intrusion can result in inappropriate access to or tampering of confidential files. In the worst-case scenario, unauthorized individuals gaining full access to system administrator privileges can render systems unusable.
Another threat involves the threat of infection by computer viruses or worms via e-mail or visits to certain web pages. Above all, the current proliferation of broadband connections and the growing numbers of terminals with always-on high-speed connections means viruses can attack networks and spread throughout the world in a matter of days starting with personal computers, security for which tends to be relatively lax. |
|
 |
|
In addition to such external threats, the need for strengthening internal network security has emerged as a major issue in recent years. Without security precautions, systems in a wireless-LAN access environment are exposed to unauthorized access even from locations with no physical connection to the network. The growing popularity of notebook computers in recent years has led to cases in which infected notebooks brought in from outside the workplace lead to infection of the entire network. A major tangential issue is unauthorized leaks of confidential customer information held by corporations, although most such leaks tend to involve internal malfeasance rather than network intrusions from outside. Appropriate network management and operations under a clear security policy are essential to eliminate this and other risks. These measures must be based on improving the morale of corporate personnel and other individuals, as well as implementing strict limits on information access and management of access histories.
A personal information protection law is scheduled to go into effect April 2005. This law will impose various restrictions on the handling of personal information, with penalties if information leaks occur. More significantly, the measure will force companies to provide compensation to those who suffer due to such leaks. In addition to providing this compensation, the public reputation of a company involved in such a leak is likely to suffer significant damage. Information security measures are critical tasks that require ceaseless monitoring, not only for the above reasons, but also in light of CSR (corporate social responsibility). |
|
 Network system security risks and preventive measures |
|
|
