Wednesday, November 29, 2006

What Are Security Breaches: Trousers they are not

Are you new to the world of computer security? If so you might appreciate a little orientation lesson.
  1. Computer security is about protecting information that is processed by computers, otherwise known as data, and the processes that use such data. This includes, for example, information about your bank account and how much money you have in it [data] and your ability to withdraw that money [process]. You want the data to be both secret and correct; and you want the process to work on demand. These are the three main pillars of computer security: confidentiality [secret]; integrity [correct]; availability [on demand].
  2. Computer security can also be referred to as information system security although technically an information system might include other elements besides just computers.
  3. Information system security is a part, or subset, of information security [because information security includes stuff that is not on computer, like a set of design drawings or company secrets whispered from one person to another].
  4. Information security can also be referred to as information assurance.
Suppose you are a bank and you have procedures and mechanisms in place to prevent anyone but an account holder from finding out how much money is in an account. If someone defeats those procedures and mechanisms the result is called a security breach, as in "my cannons have breached the walls of the city" and "Once more unto the breach dear friends."

Failure to prevent the breach may cost the bank money. The bank might be sued by the account holder. The bank may have to divert staff from normal duties to a review of records to determine the extent of the breach. If the breach exposes confidential information about a lot of customers the bank might lose some existing customers who are angry about this, and the marketing dollars that the bank spends to attract new customers might not work for a while due to bad publicity.

In my previous posting I cited a study that put a dollar amount "per record" on the cost of security breaches. I think the number is higher than many businesses realize.

No comments: