View RSS Feed

giveen

Why is Information Security important today?

Rate this Entry
by , 09-26-2012 at 10:47 AM (39266 Views)
Why information security is important is a statement that speaks for itself. In today's world, we see examples all over the news of Company X losing its data to Hacker Group Y and how that data is then posted over the Internet for anyone to view and copy. Those with malicious intent have had a growing rise of popularity recently and other aim to have their minutes in the spotlight as well, resulting in the need for those of us to step and protect the users who just want to perform their work. Information security is a growing field that continues to see new development and ideas and companies are starting to see the need for this as well. But I disagree, I don't think we need more information security, I think we need more education.
The need to protect a network has significantly grown in the past ten years and so has the technology to do so. This has been the spear head of many companies that do security such as Microsoft or Symantec. We have seen software firewalls and even the development of hardware firewalls that provide robust protection and features. This is great! We know realize the importance of it and we are doing something about it. However, with these features comes the need to use it. While this may seem like a good thing, its really not. Now we have users who want to use VPN's or remote desktop or similar features and save their credentials in the program. We have users who do not want to memorize their 8 character passwords but want to use CAC cards to login and then forget those cards at home. We have users who do use their 15 character passwords and then leave their desktops unlocked while going to the bathroom. We even have system administrators who place amazing defenses up and yet leave their ID cards hanging around or write down their passwords. What we really need is more education.
This is why I can say I don't believe in information security, but instead I believe in education. Educating users and even computer personal of the best practices for handling and safeguarding information is far better than any firewall, any anti-virus software, any physical security device. We need to educate users that despite having the best password in the world and changing it often, that if they write it down for anyone who walks by to see it, the great password is useless. Most security attacks actually come from within the organization, not from the outside, and these are easily avoidable by simple changes in practices. Users need to remember to lock their workstations even when they step away for "just a minute". It does not take long for the malicious employee to write down their username and password that was so conveniently written down. Even system administrators and computer support personal need to be taught that their accounts are the ones that most need to be protected, and it also why I believe we should be punished the hardest for failing to set an example. When I was in the military, if I saw my Marines leaving their workstations unlocked, I would lock their accounts and make them come to me to get it unlock. My Sergeant and I went on an educational rampage and made everyone in the entire unit read and sign the DoD and Marine Corps computer usage policies to ensure that everyone understood and agreed to the punishments that were required of failure to obey. I rather spend money on educating people than on equipment to protect the uneducated.
When we fail to learn and grow from our mistakes and from the mistakes of others, the fault does not lay on the attackers but on ourselves for not being on the lookout.

Submit "Why is Information Security important today?" to Digg Submit "Why is Information Security important today?" to Twitter Submit "Why is Information Security important today?" to Facebook Submit "Why is Information Security important today?" to del.icio.us Submit "Why is Information Security important today?" to StumbleUpon Submit "Why is Information Security important today?" to Google Submit "Why is Information Security important today?" to Reddit

Tags: None Add / Edit Tags
Categories
Uncategorized

Comments

  1. unlockiphone's Avatar
    • |
    • permalink
    like your blog dude