Computer security is emerging as the business risk of the 1990s for many organizations operating in the commercial sector. Unlike military, government, defense and financial organizations, the mid- to low-risk commercial sector does not have well-developed security procedures. However, owing to the very different security needs of the commercial sector, it is inappropriate to apply the procedures used by high-risk organizations. The characteristic system security concerns of the commercial sector, are identified, some solutions are suggested, and a structured and systematic approach to security assessment in the form of a qualitative approach to security risk analysis is investigated.
展开▼