With it being an election year here in the U.S. we’re surrounded by all this talk of big promises by power-hungry politicians. This nauseating process made me start to think about the difference between information security and personal security.
Let’s start with personal security. The politicians say “Elect me and I’ll give you the things you need! I’ll take someone else’s money – by force – and give it to you for your own personal security.” What’s not to like about that!!?? Many people would much rather have the government take care of them – that is, create personal security for them – than be forced to work hard and be a responsible contributor to society. This personal security is “free”. Of course, at the cost of the people who actually pay taxes, individualism, and our long-term freedom.
Contrast this with information security. Let’s say you want – no need, through laws and regulations – to create an environment where your “information” and your business are secure…well, that’s gonna cost you! There’s human resources, technology expenditures, business process changes (and all the related costs that go along with that), the hiring of vendors and consultants for specialized expertise, audit dollars, and on and on.
Now, imagine if businesses today could turn to the government with all their information security needs. WOW. Our networks, our apps, our databases, our laptops, our smart phones, our business processes, you name it, would all be VERY, VERY secure. It’d be unlimited security. To the point where information security professionals and a lot of network administrators wouldn’t be needed – at least after all the fancy systems were put in place.
I’ve always struggled with the word “security” in my job description…I don’t like being associated with dependence, mediocrity, and reliance on others – what personal security is all about. Now that I’ve thought it through though, I see there’s a clear difference.
Uh-oh, I’d better get back to work…
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”