Information Security Drivers

Is it possible to acheive total and complete information security? The answer today is no.

On occassion, it is easy to become complacent and make an assumption of security. Implementing effective counter measures to possible breaches of security can give an over confidence in our perception of the level of security in our systems. The reality is that our applications and systems become increasingly more complex.  The primary challenge of any development of technology is making something that works, making something that works but also has perfect security is a pipe dream.  Modern operations systems can contain upwards of 50 million lines of code.  There are always holes in applications and operationg systems.  If you doubt this, check the amount of security patches released by any OS vendor you know.

With this is mind effective security becomes about understanding that it’s not possible to fill every hole and block every gap in security, not without an unlimited amount of time, money and resources.  What drives security activity is not generally a desire for total security, but managing risks for both individuals and organisations.

Drivers for Individuals primarily  include:

  • Theft of banking or other financial details.
  • Identity theft.
  • Loss of privacy.

Organisation drivers will differ depending on industry, here are some generic drivers:

  • Protecting Intellectual Property and other senstive information.
  • Acheiving regulatory compliance.
  • Safeguarding reputation.
  • Ensuring business continuity.

These are not all inclusive and there are many more drivers.  As I continue to explore, we will pull more of these drivers into the discussion so we can understand in depth what motivates us, what we implement and why.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>