Electronic data and its transmission are vulnerable to unauthorised interference form criminals and persons having vested interests. Ensuring security of data through legal and technical means has become a matter of concern. A legal infrastructure has become imperative to protect data and information. The gainful use of IT in all walks of life and the development of E-Commerce, hinge to a great extent on the availability and efficacy of the legal infrastructure.

Ernst & Young‘s Information Security Survey conducted this year (2000) polled the senior management of companies from all over the world. Altogether, more than 4,300 IT managers from 29 countries responded. The survey found that an overwhelming 82 percent of senior executives now recognise the importance of information security - a significant increase from their first survey f‌ive years ago. Security is now viewed as the gateway to new business opportunities, with time out of four respondents indicating that their companies would expand their use of the Internet for business transactions if the security of this medium were improved.

The survey results showed overall agreement on basic information security issues, world-wide. The vast majority of companies say their risks have increased over the past two years, and many organisations have responded by increasing their attention to this area. Most companies employ full-time security professionals, and many have part-time personnel. Only 3 percent have no security function. Despite their heightened awareness of security issues, however, many companies have serious gaps in their security. Twenty percent have not yet adopted a formal security policy. In many organisations that have one, much improvement is required. For example, of the companies that reported a security breach in the past year, only half have taken adequate measures to prevent such incidents in future.

The failure to fully address security issues is ref‌lected in these findings showing that, of the organisations surveyed:

• 36$\%$ do not monitor for network incidents
• 53$\%$do not monitor their on-line activities (including the Internet)
• 64$\%$ do not have planned incident response

These weaknesses leave security personnel with real problems in responding to security issues. More than half of respondents are not confident that their systems could withstand an internal attack, and more than a third are uneasy about their ability to weather an external assault. Eighty percent of respondents said that winning the commitment of top management is the key to improving their companies' information security. Only 25 percent thought lack of management commitment was actually a barrier. Instead, lack of human resources and employee awareness were noted as the biggest obstacles to improving security.

Data and programs on a stand alone computer or a network of computers can be protected by a procedure called access control. This process allows only authorised people to use the information held on the system. Various access control procedures exist, including the physical locking of the computer. Password protection requires a person to key in a secret arrangement of letters or digits so that computer allows access to the information inside. Some networks have installed a software known as 'firewall', which protects the network from unauthorised external interference.

Data transmitted over a communication link can be protected by being coded. This process is called 'encryption'. A special software carries out the encryption, and encrypted data can be transmitted to other computers through the network. Transmission of encrypted information is insulated against unauthorised interference because the information/data can be decoded only by another computer with the same software.