Here I plan to write about the need for information security no matter what size of the organization. But before I go any further you’re probably wondering who I am and why you should read anything written by me. Well, currently I’m a senior at the Marshall School of Business with a concentration in information systems. During my summer internship last year, I worked as technology risk consultant and got to see the abilities of a business intelligence tool that analyzed and categorized threats as information passed through the network. I’ve also done cross disciplinary work at Viterbi School of Engineering where I took courses on web security, forensics, and am currently working with the Director of ITP on how to plan and implement an information security plan from the ground up, across an enterprise.
My interests with information security stem from childhood where until recently the focus of my academic pursuit was on construction of information system: whether that is a computer from components or using Oracle to design a relational database. This focus was great for a beginner and I took the perspective, like much of the world at the time, that as long as it worked we could put it in the closet and lock it up. Now that I am proficient at building, the focus has shifted toward breaking down and filling in the pieces that threaten to debase the edifice. (For example: how to gain unauthorized access to a system or integrating key policies and procedures in the security plan to give managers the authority to monitor and fire employees.)
I also have to admit that its pretty cool being able to see what people do and realizing the level of trust and risk they expose themselves to unknowingly. Of course, doing so responsibly…
This unknowing trust and risk leads to debacles in organizations all around us. For example, recently an unnamed school on the other side of town had their systems compromised for nearly a year which contained almost a million student, alumni, and faculty personal information including SSNs (link to Washington Post). Even the school I’m attending (USC), had its admission application database hacked using a common hacking technique called SQL injection. Allegedly, the hacker acted as a white hat, and notified USC officials, but the school still initiated a complaint with the FBI, and spent $140,000 notifying applicants of the breach (link to Daily Trojan). Furthermore, something as simple as a stolen laptop threatened millions of veterans’ and active military service members’ identities last May. Yet this is only the tip of the iceberg, as thousands of other stories don’t get media attention, and even more organizations are ticking time bombs who fail to see the value of security (particularly small to medium sized businesses).
As we become a society increasingly reliant on computers, the problems mentioned above and the need for security will only become more pronounced. In the future I plan to blog about ‘hacking attacks’ such as denial of service and SQL injection, privacy and protection measures such as business policy contracts and passwords, and perhaps the myth of the ‘Secure Mac’. Check back here often, as I continue to examine the world of information security: the business it creates, the damage that can be done, and how it all relates to you.
3 comments:
Hey Benson, I just read something rather interesting from the net. Did you ever heard of ? People cracked Netflix's new Watch Now service without using the minutes (Read it here.). And then there's a quote from Netflix spokesperson Steve Swasey, "We have people dedicated to reading Hacking Netflix every day. We treat him with equal importance to the Wall Street Journal and the New York Times because he knows more about Netflix than anyone else." (Source: http://www.mikemoran.com/biznology/archives/2007/03/blog_influence.html)
I found this interesting because it seems that companies are monitoring blogs and sites to secure their business. In fact, what I don't understand is why don't companies hire these smart people to attempt hacks and to improve the security in-house? In the Netflix case, I think it's very important that the Watch Now service is secured. Otherwise, they will face a lot of copyright issues before they actually roll out the service to all subscribers.
Hey Benson,
I think Security is always an issue.Take the service industry for example.Customers place a great deal of trust in their service providers. But do they really have an option? I mean is there a trade off between convience and security and should there be?
For example,when making a purchase over the web who should be responsible? I mean people are aware of the risks, but yet they do it on a daily basis. On the other hand if business want to make that sale they have to give consumers what they want...especially security.
I think, at least historically, business rather than consumers have borne a great deal of the brunt and it makes sense. What can the average consumer do against the round-the-clock hacker? I know that If I can't trust someone to protect my information I'm simply going to take my business elsewhere. Peace of mind is part of the service or it should be.
We're all seeking protection from the proverbial hacker. And I think that if they didn't exist people would feel a whole lot more relaxed. But I can't help but wonder if that should be our primary concern. Check out this interesting article I found which states that most security issues may actually be because of natural human error (http://www.informationweek.com/showArticle.jhtml;jsessionid=QLWR3GKSTZTEOQSNDLPCKHSCJUNN2JVN?articleID=197801676&queryText=Hacking). Maybe we all need to take a step back and rethink things a bit.
But its too late for many. You know, those companies that invest millions in security. I'm by no means saying that its a bad investment. It's necessary, afterall hacking does occur. But how frequently does it actually happen? And is it more of a concern now with the outsourcing phenomena? I'm not to sure, but I'll reserve judment.Just take look at the recent Firescope and Google collaboration and you'll understand why. IT managers can actually view all of their security products and infrastructure pieces at work in real time at all locations (Read more at: http://www.informationweek.com/showArticle.jhtml;jsessionid=QLWR3GKSTZTEOQSNDLPCKHSCJUNN2JVN?articleID=198000975&queryText=Security) It's not like hackers aren't facing resistance. I just think that consumers are more safe at some times than others. When I don't know. What should be just as important as investing in security is finding out precisely when and where consumers are most vulnerable.
But to end on a light note, it may not be a bad thing to be getting hacked or pirated. At least Microsoft seems to think so. Although in this case it might be and issue of ego, but it's true that if someone is going to the trouble of pirating your work its because your desireable. That begs the question: are there times when security is not a pressing matter?(read more at: http://www.informationweek.com/showArticle.jhtml;jsessionid=QLWR3GKSTZTEOQSNDLPCKHSCJUNN2JVN?articleID=198000211&queryText=Hacking)
Hi Benson, security will always be a problem especially in online business transactions. You want to protect valuable information going back and forth between senders and receivers. Downtime caused by hackers or internal errors will result in lost revenues for corporations.
Why do you think that we use products like Norton or McAfee?
They give us an assurance in terms of online security.
I, myself am a subscriber to Norton
for internet protection. Security issues can be a blessing or a pain depending on which side you are on. On one hand, subscription fees are fixed and it basically lock users to that specific product. On the other hand, it is a source of revenue for companies like Symantec and McAfee.
In the end, online protection has become a necessity for the growing number of online transactions.
Here is an interesting article on outsourcing security. Is it a good idea?
Post a Comment