The primary connection between network management and security is that the security an organization needs largely determines exactly how professionals manage the network. Each part of the security system also has to be organized well to ensure efficiency of control, with managers identifying the threats present for the network. When managers find breaches of policy or law that relate to the system, it is their responsibility to turn individuals over to the proper authorities or take appropriate business action.
The amount of security necessary in a network varies from person to person and business to business. For instance, a home network may contain some personal information such as passwords, but it does not contain the same amount of confidential information as a network in a major government agency. The more sensitive the information on the network is, or the larger the amount of data, the more closely managers have to manage the network, putting more heavy-duty security measures in place.
Understanding that the need for network management and security varies, network managers must formalize their network management and security policies. For example, they might write a specific policy that explains the specific software or user authentication procedure the company will use, or what a person has to do for permission to connect a portable device such as a flash drive. Within the policy, they must be specific about the penalties or consequences of policy breach, such as suspension, loss of pay, dismissal or alert of police.
Just as police officers have to identify threats such as violence, people in network security and management have to identify the threats to the network in order to develop a management policy and keep the network at the right level of access. Examples of threats to network management and security include hacking, viruses and denial-of-service attacks. Once the network manager knows the risks, he can configure the network in such a way that the network is more secure against those particular issues. Identifying risks involves investigating both the hardware and software a person or company uses.
Network management and security personnel are not law enforcement agents. When they have evidence of an electronic or Internet crime, however, they are obligated to report the problem. This is a matter of both company and social stability. This obligation leads network managers to serve as liaisons between their company or client and law enforcement agents as needed, providing evidence of legal breaches and testifying about the network in question. If an employee is dismissed or disciplined for breach of company policy rather than law, the network manager might have to help defend the company's decision in the instance the dismissed or disciplined employee files a lawsuit.
