ABSTRACT
Beginning in the 1980s, information security attracted the attention of the boardrooms and information
superhighways of corporate America but was not a major concern. Then came the disastrous events of
September 11, 2001, which more than any other event in history assured security forever a place in the
media and, at least for a few months, caused organizations around the world to evaluate their
contingency plans. Executives could no longer overlook the importance of security; they finally
recognized that information security was an issue that required proper diligence. It is no longer possible
to plead ignorance, because nearly every trade magazine reports on incidents of security breaches on an
almost daily basis. The catastrophe of 9/11 shed light on the scope and importance of information
security. September 11 also made organizations wake up to the fact that people and business processes
were also critical to an organization’s survival. Just recovering the data center is not enough, as it is still
necessary to have the people to run the computers, answer the telephones, and input the data.