Finding an Information security consultant is as difficult as understanding the problems of software. Computer Security 4Terrorism is working to provide businesses large and small with information security resources. The directory of information security audit companies is now available online at http://www.4terrorism.com/securityaudits.htm (PRWEB) February 28, 2005 -- In implementing any policy action designed to tighten security against hacking, spyware, and terrorism, a company or agency should consider the potential consequences as well as the costs of the action. Security issues, both physical and cyber, are only one element of what affects an entity’s operations. Management’s primary concern is the day-to-day operation, the investments needed for the future, and stakeholder, stockholder or owner satisfaction with its performance, in short an overall security framework must be considered. An overall evaluation of cybersecurity problems is called an “Information Security Audit.” Computer Security 4Terrorism is collecting resources for individuals and companies to better understand and protect themselves. Resources include firewalls, computer security standards, information links, security audit resources and now a directory of Information Security Audit firms http://www.4terrorism.com/securityaudits.htm The essential first step in change in security is that a risk assessment methodology be used to make informed security investment decisions. If a company has not conducted a risk assessment, it cannot know the extent of its security problem. Even when it knows the extent of security and cybersecurity needs, it cannot protect everything. On the basis of the results of a risk assessment, infrastructure changes can be adopted to mitigate identified risks. These can be highly individualized since there are several categories of cybersecurity technologies available that could be used to better secure critical infrastructure systems. However, it is also important the company keep in mind the limitations of these technologies, as well as the interactions of the technologies with the security processes and the people using the technologies. Hacking, worms, spyware, and cyber attacks are facts of using the computer. The basic problem is that computers were not designed with security in mind, and in reacting to this defect, technologies so far on the market are addressing yesterday’s threat, not dealing with today’s new problem, and ignoring what might happen in the future. Start the security Process today. http://www.4terrorism.com has the computer security resources all in one place.