Understanding Information Security

Everyday, we see a rapid growth in technological advancement.We stand witness to the evolution of computers, devices, processes, software, the internet and many more. Numerous businesses are overhauling their processes in order to adapt to this advancement. People, in all ages, are also trying to learn what they can as much as possible. It is truly an amazing and dizzying thought to comprehend.

With all these breakthroughs, however, comes the proportionally increasing danger. When before we only need to worry about physical safety locks deteriorating, now, in addition to the first, we also need to worry about storage media, access control, backup and so on and so forth. The complexities of these so-called protection has been increasing exponentially. This is in part because of the technological advancement mentioned earlier. The people who commit fraud, theft, sabotage, and all other criminal acts, have also improved their methods. One might want to think that we were better off staying in the stone age...

When we analyze the dangers stated, we also gain an understanding on how to prevent it. That is the concept of information security. It revolves around the concept of prevention methods. More often than not, businesses, organizations and individuals, all wait for something to happen; THEN we put our efforts into protecting something that has already been damaged.

A practical example of this is when, us, users think that there's a very slim chance that we can be infected by a computer virus. It is probably because we are the only ones using the computer (or we are just lazy). So we skip installing or updating our anti-virus due to the hassle one must go (this hassle only takes a couple of minutes, by the way). And when we are infected, we go through several hours and spend money in order to remove the virus.

This is what I call firefighting. It is the total opposite of prevention methods.

In the words of bestfriend, Wikipedia:

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.

It means protecting by preventing. The following steps are very general, but it may give us a clear understanding on what needs to be done and how information security runs its gears:

• Identify what needs protecting.


• Prioritize the assets by giving it value.


• Identify the dangers (risks) surrounding that asset.


• Coming up with a plan to prevent those dangers from happening.


• Implement those prevention plans.


• Measure the effectiveness of those prevention methods by using international best practices.


• Do it all over again.

Now what I said may be oversimplifying things. And that may be true since the world has too many different best practices in one certain field. However, one thing stands constant: that there are best practices.

Most people think information security came from a purely technical stand point. That it is purely for technology since we're talking about the security of information and information systems. That may be a part of it, albeit a very small part. However, what we need to understand is that information security is not only I.T.'s responsibility. It is for everyone, technical or non-technical alike. It was suppose to have been practiced together with the advancement of technology (but only the techies did that). Then probably we wouldn't have been cramming to study it in one sitting. Like what we are doing now with this page/lens.

This may be a lot to take in. The whole concept of information security is vast (yet simple) so I will try to break it down into small parts that we can chew easily.

But that is for another article...