ABSTRACT
Corporations have incredible amounts of data that is created, acquired, modified, stored, and
transmitted. This data is the life blood of the corporation and must be protected like any other strategic
asset. The controls established to prevent unauthorized individuals from accessing a company’s or a
customer’s data will depend on the data itself and the laws and regulations that have been enacted to
protect that data. A company also has proprietary information, including research, customer lists, bids,
and proposals-information the company needs to survive and thrive. A company also has personal,
medical, and financial information and security-related information such as passwords, physical access
control and alarm documentation, firewall rules, security plans, security test and evaluation plans, risk
assessments, disaster recovery plans, and audit reports. Suppliers and business partners may have shared
their proprietary information to enable business processes and joint ventures. Appropriate access
controls should be implemented to restrict access to all of these types of information. The effectiveness
of any control will depend on the environment in which it is implemented and how it is implemented.