Computer Security: Risks, Measures, Costs, and Decision Criteria for a Level of Security Appropriate to Organizational Needs

Abstract

Since the introduction of the first commercial computer into the U.S. business world in the early 50s, the use of computers has grown tremendously. Technology has been advancing at an unbelievable speed, which, on one hand, improves computer capability greatly, and on the other, lowers costs to the extent that even small businesses can afford one. Thus today, computer systems are being used in large and small organizations alike. Along with increases in computer usage, however, have come problems like invasion of privacy and computer-related crime. According to the Federal Bureau of Investigation (FBI), the average loss for each reported computer crime is about $500,000 compared with an average loss of $3,200 for bank robberies and $23,500 for bank frauds and embezzlement without computers.1 But what's more striking is that only one percent of computer crimes are detected and of those detected, only 12 percent are reported to law enforcement authorities.2