The phrase "Information Security", for most individuals and/or organization, is something like an alien phrase. During the several Information Security seminars and fora that I have conducted, I can see question mark(?) in their faces whenever I mentioned the term information security.
Most of them will tell me, "we have an anti-virus here, so our computers are safe", or some will say "we have purchased one of the most expensive firewalls in the market so we are safe". And they will ask me, are these things not enough?
Information security is one of the most important aspect of an IT infrastructure. At the same time it is the least understood by most organizations and individuals participating in the inter-connected world. It is most of the time being ignored/neglected and in the bottom of the priority lists. Most individuals believe that if they have their AV installed and an updated virus definition file in their computers, and they have an Internet gateway security up and running, nothing bad will happen in the network. No information will leak out. No attacks can penetrate.
Well, maybe in the beginning of the Internet days, those contentions/belief are true. In fact, network security (not even information security) are left to the network security professionals and experts. Users doesn't care. But this is no longer true today.
The heavy development of services running over the Internet, the Web 2.0, the proliferation of Social Networking sites and many more have made information security a more complex task than what it was before.
Information security is the process or the ability to protect information. The three (3) basic security concepts important to information in the Internet are confidentiality, integrity, and availability.Security can only be achieved through constant change, through discarding old ideas that have outlived their usefulness and adapting others to current facts. - William O. Douglas
And the three (3) information security concepts relating to people who uses the information are authentication, authorization and non-repudiation.
I will continue to discuss information security on my next article. For now, what is important is for everyone to realize and know that information security is a human enterprise, and you as a user of the inter-connected world is the last line of defense to secure either your own personal information or your organizations' information.
No comments:
Post a Comment