As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

A: When is enough, enough? Every day, businesses and organizations learn more about the importance of information security, yet many still procrastinate implementing an action plan. Many times, an action plan is put into place after the company or organization experiences a hacking or receives a virus. Why wait? How much does an organization need to hear or experience before the proper security measures are put in place? Do you buy insurance on your property after damage?

Earlier this year, the Los Angeles Times reported that U.S. intelligence officials believe the Chinese military is working to launch widespread attacks on American and Taiwanese computer networks. The report went on to say that independent Chinese hackers might be stepping up their attacks on U.S. networks in the near future. The attacks would include common hacks such as defacing Web sites, virus attacks and the "flooding" of computer systems by overloading them with transmissions. Some of these are known as denial of service attacks, which affected Yahoo!, eBay and Datek last year and the year before. But the real questions are: Will your systems be affected? Do you have the proper security in place?

Most of the time, opportunity cost is the primary cost component of justification. At a basic level, entrepreneurs may lose sales. Also, revenues could be significantly impacted with just one security breach--not only the instantaneous revenues, but also the loss of confidence by your customers in the security and systems you've set up to serve them.

The costs associated with security breaches can add up quickly, according to Computer Economics. The research firm's estimates for costs associated with the Code Red Virus alone were more than $2 billion in downtime and repairs. And Information Week Research reported that the cost of security-related downtime to U.S. businesses in the 12 months before September 11 was estimated at $273 million. Worldwide, the approximation is an extraordinary $1.39 trillion.

The question at hand in justification then becomes, what is the cost when an intruder hacks a Web site or has access to private and insecure data? Then there are related costs: the help desk calls when there's a problem, emergency services and so on. When a system goes down, calculate the number of minutes times the number of people not available, and the costs go sky-high. Ask a security manager his estimate of these costs, and security measures will be justified even more.

Many entrepreneurs often cite lack of time, capital outlay, the cost of hiring and the need for training as financial challenges related to security management. Up-to-date technology, expertise and solutions are also issues. These limited internal resources are often the factors that justify third-party participation to manage information security within a company.

It's a costly struggle to have internal staffers monitoring the various detection systems, firewalls and other security programs that are in place, and this isn't even in real time. This is true especially in entrepreneurial companies where staff headcount is low to begin with. For some entrepreneurs, the costs involved aren't just a matter of cost-effectiveness, they're a matter of true survival.

Security can be a hard sell, and it's rarely a black-and-white justification--especially in today's world of budget cuts. But the answer sure gets easier when evaluating the costs of just one security breach.

So what steps should you take now before your system is breached? Evaluate and choose a managed security services provider that will: