THE EVOLUTION OF INFORMATION SECURITY

We have been thinking about information security for thousands of years. But as the world continues to evolve, Information Security must evolve to keep up with it.

Information security is a complex system, made up of hardware, software, and wetware. Hardware primarily includes the computer systems that we use to support our environments. Software includes all of the code, databases, and applications that we use to secure the data. Wetware includes policy, procedure, training, and other aspects that rely on people. Information Security is part science, part art, and to some I am sure it seems like part mysticism. But it is not new.
We have been thinking about information security for literally thousands of years. Yes, thousands of years ago we did not have computers, but we had other mechanisms. Back many moons ago, when mankind was just learning to walk upright, Cronk wanted to keep a secret so he hit Zonk on the head with a rock, and information security was born.
Eunuchs were assigned to protect harems because they were, well, eunuchs. In a similar fashion, many early messengers could not read to make it harder for them to copy the message they were delivering. Some had their tongues removed so that they could not speak of their message, just deliver it. Scrolls were sealed in wax or lead seals so that the recipient would know if the scroll or package were opened. If you read Dan Brown’s The DaVinci Code, or saw the movie, you may have seen the cryptex, a sealed tube with a combination that could expose an included parchment to acid if it were forced open, destroying the contents. Yes, they were real.
The world has evolved since Zonk and Cronk, as has, thankfully, information security. Regardless of the exact mechanism used, the goals have always been the same – protect the information. We like to think that we keep evolving. That is one of the secrets to a long lifespan of a species – the ability to evolve. The birth of the Internet brought huge changes in the way people consume data, and along with it a giant evolution in the world of information security. We had computers in the 1940s, but was there any such thing as a computer virus then?
But these are mostly Confidentiality issues. We cannot forget about the other two parts of the basic security triumvirate, Availability and Integrity. I once worked for a government agency which had an 11 second unplanned outage one Sunday morning. Two and a half years later it was still called “Black Sunday”. I also worked with a large retailer who determined that a prolonged outage of their web retail site could cost them $176,000 per minute in lost sales. I am sure the Southeast Asian villagers who were promised six tons of rice were more than slightly dismayed when the “r” was dropped during communication and the trucks pulled up with six tons of ice. And I am sure that when Greg got 2 mg of morphine instead of .2 mg that it really did matter. So, yes all of these things are important elements in the complex system that makes up Information Security.
Yet, the world continues to evolve. Go to SecurityWeek.com to read the full evolution of information security.