Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Why is Security Important?

Earning is difficult, but losing is extremely easy. You have to earn with your efforts, but you can lose because of others' efforts. No individual or entity wants to lose what they have earned through hard work (or even otherwise!).

If you lose what you have, you have to start over again, which is hard for anyone. Again, by nature, everyone wants to preserve their energy and secure their future for themselves and their children. Every organization wants to secure its bright future. Securing what you have and not losing it, while getting more of it, is important for societal status. Every individual or organization is a “social animal” and is conscious about their status. Status is what makes one distinct or different from others. Organizations or governments have a lot of information at their fingertips which is of strategic importance to them. They invest a lot in carrying out research in areas of strategic, military, or competitive significance to them. The loss of this information to a third party with the same interests may lead to their strategy being a complete waste, thereby leading to the waste of entire investments and years of effort. This may require them to restart their efforts, possibly using a new way of thinking. Information may be required by those who want it for the value of it, or who want to show their heroism. Some of the current generation of so-called computer hackers may just want to satisfy their ego or show their supremacy over the technology and may steal useful and valuable information and publish it to others. Others may want to mine for data of value so that they can sell the same to others, who want the information to either harm others or make commercial gains from it. Terrorists may want the information to either destroy the strategic or military capability of a country, or to threaten the economy of a country by using the information they steal. Also,

3D printers present a new possible threat by potentially being used by terrorists to create weapons! The primary reason for information security is the threat of information being misused if it lands in the wrong hands.

Some people feel that the need for information security is “hyped.” However, we in technology security do not think so. It is possible to think of information security as “hyped” only if our focus is on information security just for the sake of information security, and not based on the risks to the business of any information leakage, breakage, or loss. The protection of business information of value is the primary reason for information security. We must ask ourselves, “Can we risk the leakage of customer data held by us or to which we have access?” If the answer is “no,”

then we have used basic Risk Management to justify a need for security because the leakage of customer data can only be at our own peril.

Furthermore, the pace at which we are coming up with new technologies is also of concern to security. New technology, new products, and new applications are brought to the market with such speed that inherent security issues may not be known yet and it may not have been possible to be tested thoroughly before launch. Once new technologies are in the market, there is a possibility that somebody may accidentally or intentionally break through any of the inherent security flaws in the technology, product, or application. It is necessary that entities or individuals have the capability to be able to respond at such a speed that the chances of an exploitation of a security flaw are very minimal. Many times, it may not be possible to do so because of design or technical issues behind the flaw, or because of the extent to which the solution is required, sometimes across multiple systems and by multiple users. This means that some of the entities or users are open to the exploitation of such a security flaw. Oftentimes, users and entities may not apply the corrective actions immediately, either because of a lack of appreciation of the gravity of the issue, because of ignorance, or because of other priorities. This is very much true when there are deadlines to be met and many of the compulsory checks get skipped due to lack of time or personnel to perform those checks.

Science and technology provide many tools which are at the disposal of entities and people that can be used for either good purposes or bad purposes. Bad guys can always use such facilities or tools for bad purposes. For example, a security tool like Metasploit or Nessus or nMap, if placed in an auditor's hands, can harden infrastructure, whereas in a cracker's hands they become the go-to tools for criminal activity. A proper focus on information security allows only the required details about the entity or person to be known to the outside world. If any entity or person wants “peace of mind” in today's connected world, information security is a MUST.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science