Security is probably the #1
issue of our times and effects all corporations to different degrees
and in different ways.
Microsoft as made TRUSTWORTHY COMPUTING
key to everything it does.
Traditionnally, information security has been characterized in
terms of the "CIA triad":
Confidentiality keeping secrets secret and
protecting from those not authorized to access it;
Integrity
ensuring that information isn't altered without proper
authorization; and
Availability
making all systems available to users when they need them.
While this triad is useful and still applicable, it represents
only one piece of the complete security model. In the wake of
9/11, many business are adopting a more synergistic approach to
security, one that merges three sperate disciplines into a new
security triad:
- Information Security
- Physical Security
- Personnel Security
Security concerns are probably the most
haunting and dangerous threat to all businesses, never
knowing how and when something will occur, but having to protect
against everything all the time.
A threat can raise it's head in an infinite number
of ways and from many directions, sometimes more than one at a
time.
This requires an upfront investment of funds and
resources, but it must also be backed by continuous funding for
regular, ongoing maintenance and even performing controlled attacks
to test security in place, not just technologically, but using
social tests also.
To define the right amount of security required
and the amount of funds and resources to apply to protect one's
firm requires an indepth analysis and risk assessment
of several areas of the business for data, systems and social.
While this is a key, possibly even major investment,
a problem firms encounter in putting the funding and resources
towards security is that there is no ROI(return on investment).
THe only result seen at the end of the tunnel over time, is that
if successfully done, the organization will never have been hit
and downtime will never have occured due to security issues and
last but no least to legal issues will have been encountered due
to the release of confidential corporate data or the privacy issues
of losing client data to the public domain.
