the “de-perimeterization of security” where it has become difficult to demarcate the line between a firm and its clients, suppliers and partners (PGP Corporation, 2007). Enforcing effective security standards is a challenge in this complex milieu. There are many reasons as to why information is on longer safe and there is a need for data protection and security. The notion that sensitive information is within the walls of the organization and so is safe is no longer justified. With the advancement in technology and the new computing form factors, information can be accessed by malicious insiders. The people who are responsible for administrating the systems can also present a risk to the bypass of sensitive information. It is not easy to define who has access to what information. This also necessitates that an effective security protocol must be present to ensure that sensitive data is not leaked out. Data protection is also necessary to build a bond of trust with the customers. When a customer approaches an organization, the organization is bound to protect his or her privacy. Not doing so can bring bad repute to the organization and cause it to lose its customers.
A comprehensive data security system encompasses an assessment of the associated risks and threats to data security. A strategy that includes a thorough assessment of these risks enables the organization to understand the value of the data that is at risk and the consequences of any loss. Data could be lost by many ways. One can be due to malicious infections. System crashes and natural happenings such as floods can also cause the loss of significant amount of sensitive data. When considering data protection, the organization needs to review who has access to what type of data, who used the Internet, who should be given limited access, what type of firewalls and anti-malware solutions need to be in place, the usage and maintenance of passwords and the training being given to staff (Spam laws,