Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Information Security Today

Let's explore information security in today's context. Information security is a matter of concern for organizations and individuals alike. Modern hackers are equipped with technological knowledge and tools to infiltrate the accounts of individuals and their credit and debit cards.

Thieves and the authorities are constantly at odds. Most often, thieves are beating the authorities. Many times, the police learn a new technique only after thieves have used it. Similarly, in the field of information, there is always a race between hackers and crackers and the information security personnel. With widespread use of Information

Technology and related tools, particularly with the advent of the Internet, it has become a challenge for organizations and their employees to prevent the misuse of information.

Information in lay terms is anything that is communicated in any form, public or private. Any compromise of private information to others can have a significant impact on the parties involved, including the loss of reputation, finances, or other consequences depending upon the nature of the information. All forms of technology, including the Internet, credit cards or debit cards, ATMs, bank web portals, and so on, are all under attack; most times intentionally, sometimes accidentally.

Cloud computing is the popular buzz word today and has many benefits but also presents many new risks.

A contextual illustration of this scenario is given in Figure 1-1. The rise in the use of electronic chips in everything from automobiles to refrigerators to TVs is another cause for concern. Theories of such attacks are emerging every day. This possibility is illustrated in Figure 1-2.

Figure 1-1. Mistrust on “Cloud” and its security

Figure 1-2. Is this the future state of security?

Information security is an extension of computer security and extends beyond physical control to logical control, control over media, and control over a medium of communication. Information security should be one of the most important goals of everyone, including employees, contractors, suppliers/vendors, and other service providers. Even though there is growing recognition of this fact, there is still a lot more that needs to be understood and implemented by all the stakeholders involved.

In this fast-paced world, where information is an asset and the achievement of business objectives is everybody's responsibility, ensuring that the information security risks are minimized with the appropriate controls in place,

has become a top priority. Of course, it is not always possible to eliminate all the vulnerabilities and consequential threats, but it is necessary to identify the risks to minimize the overall risk to the organization. It is also necessary that organizational management understands the residual risks created by the controls they have put in place. A proper and appropriate risk assessment and management methodology is one of the prime necessities of an information security framework.

As the old adage goes, “An ounce of prevention is worth a pound of cure.” It is always better to put on our critical thinking caps and consider what can go wrong and have the appropriate solutions in place than to worry after an incident has taken place and cost us our reputation or significant monetary loss, either in terms of penalty or in terms of consequential damages.

Even with the utmost sincerity and tremendous efforts, it is not possible to have 100% foolproof information security, because while there may be many known issues, there may also be an equal number of hidden ones. However, if we do not make sincere efforts to at least contain known security flaws or security issues which are applicable to our organization, we do an injustice not only to ourselves and to our customers, but also to the world at large.

Customers have also started explicitly looking for information security being implemented whenever they purchase a system, software, or application. They will not be inclined to purchase any product with known security flaws. As such, product companies, as well as service companies, are required to focus more on information security. What better place to start information security than right at the requirements phase and carry it through during the design, development, testing, and deployment phases? Secure coding practices are gaining momentum and are going to be one of the focus areas of the future.

The following information sheds light on the current information security environment:

“The Norton Report3 (for 2013), now in its fourth year, is an annual research study, commissioned by Symantec, which examines consumers' online behaviors, attitudes, security habits, and the dangers and financial cost of cybercrime.” The Norton Report highlights the following information3:

• Consumers are more mobile than ever, but are leaving security behind. Despite the fact that 63% of those surveyed own smartphones and 30% own tablets, nearly one out of two users don't take basic precautions such as using passwords, having security software, or backing up files on their mobile device.

• Cybercrime continues to be a growing global concern. Both the total global direct cost of cybercrime (US $113 billion; up from $110 billion) and the average cost per victim of cybercrime ($298; up from $197) increased this year.

• As people are now constantly connected, the lines are blurring between their personal and work lives, across multiple devices and storage solutions. Nearly half (49%) of the respondents report using their personal devices (PCs, laptops, smartphones, tablets) for work-related activities.”

Information security is often not given adequate attention primarily based on the false theory that the risk is low. It is also possible that many times, we try to use complex solutions rather than simple solutions. Whatever the method of implementation, information security has become imperative.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science