General discussion

  • Creator
  • #2188774

    MadMark’s List Of Many Things


    by madmark ·

    blog root

All Comments

  • Author
    • #3043588

      What is Security?

      by madmark ·

      In reply to MadMark’s List Of Many Things

      Security can be defined as the assurance of safety, the reduction or elimination of threat and/or risk.

      Information Security can be defined as the process of reducing risks imposed by threats, with the goal of assuring that information is safe from unauthorized access, safe from unauthorized change, and available to authorized information consumers.

      Security is and always will be a process.  It is not a product, it is not a standard, and it is not a solution that can be dropped into place. 

      Security continues to be an issue for most organizations as it is not recognized for what it is.  Many organizations still believe that security issues can be resolved by throwing money and technology at the problem, without understanding the problem.  Technology is not security.  A firewall is a security device with a specific purpose and limitations.  Anti-Virus software is a security device with a specific purpose and limitations. 

      We are constantly hearing about web site penetrations, firewall traversals and system vulnerability exploitation in the media, but what we are really hearing about is a mismanagment of policy, process and procedures.  We are starting to see and hear about new laws, new legislation, and new methodologies for applying Information Security practices and processes.  As these regulations are forced upon businesses, common sense security will finally be brought to bear.

      In my 20 years in IT, I have found companies that truly care about their customers, their customers’ welfare, and their own responsibilities to their customers’ information.  These are the few, and they will be the successful.  They look at security as an investment.  A differentiator.  Security gives them the competitive edge.  And, it is the right thing to do.

      I now read those boring and unnecessarily long privacy statements on web pages.  Not because it’s interesting or I am curious, but because I feel that I need to know what these people are going to do with (or NOT do with) my personal information.  I check out everything I can find regarding a business’ practices and security before handing over my private information.  The fact that Equifax and other credit reporting agencies have been breached says a lot about the state of security in the connected world today.

      My hope is that through this blog, I can record and share my experience, thoughts, opinions and mistakes.  My purpose is not to preach (although it does sound like it, eh?), but to clarify, share, teach and to learn.  I hope that if I am incorrect, or blinded by my own philosophical views, some one out there will wade in and add the other side for discussion.



Viewing 0 reply threads