Posted by the ManGeek

Saturday, August 20th 2005 11:28 pm CDT

Do you work for a company that doesn't have a data security policy?

Like data, knowledge isn't a physical thing. So far the only way to secure knowledge has been through laws and secrecy. (Look at KFC and the Colonel's special secret recipe.) It should be no surprise that data falls into the same bucket. I believe that before anyone can seriously understand information security, they need to see it from where the issues stem. They need to understand more than technology. They need to understand the concept and importance of securing data.

After all, what more is a firewall than device to keep some knowledge (data) secret? I am in support that the world has entered a new age; a time period that may well take us hundreds of centuries into the future. (If we can keep from warring and suing each other into oblivion before that date.) We had the Renaissance, and the Elizabethan period. We had the Reformation and the Industrial Revolution. Now I feel confident saying we've entered the Information Age.

Isn't it interesting that there was never a time prior to now when you could on a whim, immediately start learning another language without leaving your home? Or listen to music and check news from around the world: all without seeing another person. There's never been a time prior to now when you could instantly get an idea from one side of the world to the other in a fraction of a second. Now it's managing to turn the knowledge and information/data upside down, much like a salt shaker that's been conveniently unscrewed. (Kids, don't try this at home.)

I believe that in the world of security, we don't have a choice but to acknowledge this (potentially obvious) fact. Only at that point can we start to see why law and secrecy are turning out to be weak in the face of technology. Only then can we see how we have to evolve yet again to understand the ramifications of ideas moving outside of our "control". The truth is that technology is one of the weakest links in the security chain. The protection of an idea has to start with the source of the idea itself: the creator; the author; the possessor.

For evidence, you need only take a look at some of the recent security exposures that occurred:

• At UCSB, a student breaks into a grade system. How? Using information she obtained from her work in insurance. (Personal details of professors that allowed her to take control of their accounts.)
• Bank of America and Citi Group lose track of backup tapes resulting in millions of consumers having their personal information exposed.
• Email virus after email virus spreads because people don't think about how they are using their computers.
• Nigerian 419 scammers steal millions every year from victims conned into believing they are the lucky recipient of a get-rich-quick opportunity.

It's obvious by this that technology is not the definitive answer: people are! As a people we need to evolve and come up to speed not only with computers but with the information and communication they share between themselves. We need to see that not only does plugging ourselves into the Internet provide a pipe for us to bring the world into our living rooms, office buildings and schools, but also as a way to provide us to be pulled (reluctantly so if we're foolish enough to fall into the traps) out into the open sea of the 'Net.

So I ask the question again, do you work for a company that doesn't have a data security policy?

Trackback URL: http://www.mangeek.com/blogc/35track.html

Comments (0)