Tuesday, 29 May 2012

Why we have information security?

We implement information security to protect the confidentiality, integrity and availability of our resources, but what is the real reason for implementing? It is very difficult to stop the determined individual of group of individuals from attack our cyber infrastructure.

If we lived in a utopian world then we would not need information security as no one would abuse the systems, however they are very few people are totally honest, and there a lot of the population who could be tempted if the motivation was sufficient to ‘bend’ the rules.

We tend to think that people are either honest or dishonest, a binary assessment for the digital age. Society likes to believe that most people are honest, but a few bad apples spoil the bunch. If this were true, it would be easily remedy some of society’s problems with cheating and dishonesty. Human-resources departments could screen for cheaters when hiring. Dishonest financial advisers or building contractors could be flagged quickly and shunned. Cheaters in sports and other arenas would be easy to spot before they rose to the tops of their professions.

However it is not as straight forward as people being honest or dishonest, there are multiple levels between a total honest individual and a total dishonest one.

The article “Why we lie” in the Wall Street Journal has a great statement about why locks are fitted to our doors, and this statement fits well with our cyber security.

“Another 1% will always be dishonest and always try to pick your lock and steal your television; locks won't do much to protect you from the hardened thieves, who can get into your house if they really want to. The purpose of locks, the locksmith said, is to protect you from the 98% of mostly honest people who might be tempted to try your door if it had no lock.”

http://online.wsj.com/article/SB10001424052702304840904577422090013997320.html?mod=wsj_share_tweet


No comments:

Post a Comment