Identify and briefly discuss four reasons why the number, variety, and impact of security incidents is increasing

---

In today's computing environment of increasing complexity, higher user expectations, expanding and changing systems, and increased reliance on software with known vulnerabilities, it is no wonder that the number, variety, and impact of security incidents is increasing dramatically.

Increasing Complexity Increases Vulnerability

The computing environment has become enormously complex. Networks, computers, operating systems, applications, Web sites, switches, routers, and gateways are interconnected and driven by hundreds of millions of lines of code. This environment continues to increase in complexity every day. The number of possible entry points to a network expands continually as more devices are added, increasing the possibility of security breaches.

Higher Computer User Expectations

Today, time means money, and the faster computer users can solve a problem, the sooner they can be productive. As a result, computer help desks are under intense pressure to respond very quickly to users' questions. Under duress, help desk personnel sometimes forget to verify users' identities or to check whether they are authorized to perform a requested action. In addition, even though they have been warned against doing so, some computer users share their login ID and password with other coworkers who have forgotten their own passwords. This can enable workers to gain access to information systems and data for which they are not authorized.

Expanding and Changing Systems Introduce New Risks

Business has moved from an era of stand-alone computers, in which critical data was stored on an isolated mainframe computer in a locked room, to a network era in which personal computers connect to networks with millions of other computers, all capable of sharing information. Businesses have moved quickly into e-commerce, mobile computing, collaborative work groups, global business, and interorganizational information systems. Information technology has become ubiquitous and is a necessary tool for organizations to achieve their goals. However, it is increasingly difficult to keep up with the pace of technological change, successfully perform an ongoing assessment of new security risks, and implement approaches for dealing with them.

Increased Reliance on Commercial Software with Known Vulnerabilities

In computing, an exploit is an attack on an information system that takes advantage of a particular system vulnerability. Often, this attack is due to poor system design or implementation. Once the vulnerability is discovered, software developers quickly create and issue a "fix" or patch to eliminate the problem. Users of the system or application are responsible for obtaining and installing the patch, which they can usually download from the Web. (These fixes are in addition to other maintenance and project work that software developers perform.) Any delay in installing a patch exposes the user to a security breach.

U.S. companies increasingly rely on commercial software with known vulnerabilities. Even when vulnerabilities are exposed, many corporate IT organizations prefer to use already installed software "as is" rather than implement security fixes that will make the software harder to use or eliminate "nice­to­ have" features suggested by current users or potential customers that will help sell the software.