This paper explores how, overall, the security administrator's duty is to reasonably ensure the security of the network, and how he/she can do this by setting policies commensurate with the risks of losing data, financial damage, theft of information, public embarrassment and/or reduction in...