Computer Network Simulation and Network Security Auditing in a Spatial Context of an Organization
Zaliwski, Andrzej J., Issues in Informing Science & Information Technology
Very often, used biological metaphors are used to describe compound organizational issues due to difficulties in explaining these issues. Business organizations can be compared to biological systems that function within an ever-changing environment. The life cycles of the organizational organisms are identified not only with manufacturing processes but also with processes involved in fulfilling customer needs.
Companies must survive among similar competitive organisms (other companies and corporate predators). Learning organizational concepts that were so popular some time ago and process improvement methodologies are really about learning the techniques of survival. The process improvement concepts typically consider environmental conditions for doing business (such as market relationships, customer demand, technological development enables innovations in products, government regulations, stock market, and competitors for doing business) and how they fit together internal organizational processes and environment challenges. Other competitors were recognized as being potential enemies to a company. The internal structures of the company are viewed as they evolve toward greater flexibility and adaptability to environmental changes.
The integration of business infrastructure around computer networks creates new threats for the business organization. There are dangers which are not coming from the same kind of corporate organisms which behave according to well defined business rules and customs so the old methods will not work in dealing with these threats. The new threats are in micro scale rather than macro scale, where competitors operate. Micro threats are like a cancer or parasites that can destroy organisms from the inside (e.g. bad guys inside a company). There are other micro scale organisms that can attack a company from the outside like insects (e.g. hackers and crackers) and bacteria or viruses (e.g. computer viruses, worms, Trojans).
The first group of threats (referred to in this paper as macro threats) is strictly related to day-today business activity and are a natural result of regular business activity of competitors, some government regulations, market fluctuations, ever-changing customer needs, technology embedded into products and services, changes in manufacturing and management processes, etc. These factors create an uncertainty when managers make business decisions because any or all of these macro threat factors can harm an organization. However problems created by macro threats are solved on a day-to-day basis using managerial practice and experience. Business competitors and government must operate within limits drawn by law, customs, and business rules. Because the rules of behavior are more clearly defined, there is less mystery about this type of threat.
The second group of threats, micro threats, is created by people who do not feel obliged to obey the law or any other rules, who often work for their own profit, for ideologies (which are sometimes stupid), or for revenge. These people often select their targets randomly. They are not a part of the business game and do not follow the common rules. The development of new telecommunication and computer technologies has created a world where more and more areas of our life are moving into cyberspace. The institutions functioning inside cyberspace have become vulnerable to new threats and new forms of crimes that were unknown before the Internet era. New challenges for security have emerged. It is becoming necessary to educate a growing number of better prepared professionals to maintain growing numbers of computer networks. Also, stronger emphasis should be placed on security aspects. These goals are impossible to realize without solving the following problems:
The first problem is that experiments with software that is related to network security such as software that tests the security of a network and experiments with different software and hardware configurations may compromise the network security of an institution. …