How important is your information?
How important is your information?
Economically, the cost of security should be lower than the attack cost than the value of the information. If the cost taken to get the information is larger than the value of the information, the information is not meaningful or worthy of extortion. In most cases, general users have no need to consider security much because most information that general users have is not valuable to others.
However, here is another trap of this Web era. The information of network computer users can be abused as a foundation to attack other systems.
The answer? No.
If you disconnect the computer from the network and put it in a safe, then yes, that is the perfect security. However, we know this is impossible. So we need to determine the level of security policy.
If you concentrate on safety only, the availability is lowered. For example, think about the physical security of an entrance door. If you strictly verify the IDs of all visitors, retain all recording devices, and make visitors go through a metal detector, security will be significantly high; however, it would take too much time to enter the site and few people would be able to.
Hence, information security is like the physical security of the entrance door. If you apply a very high security policy as checking the ID of visitors and limiting the behaviors on the website, the availability and convenience of user behavior is lowered, which is besides the point.
And yet another thing to consider, as you use more and more security devices that protect the system, like an IDS/IPS intrusion prevention system, difficult login verification procedures, and encryption of all information, the more resources are consumed and performances like processor processing ratio gets lowered. There is a way to prevent lowering of performance such as purchase of separate dedicated hardware. However, it requires higher cost.
There is a kind of trade-off among security factors, such as security | availability | cost | performance. Considering the relationship among the factors is the foundation of establishing security policies.
These policies are necessary for information security because there are always security threats at hand. Every day, new and unfamiliar attacks are pouring in. Now there’s an error in mindset because many people think that all people who make trouble are malicious cyber attackers. However, in some cases, some people can cause problems unconsciously, and there are many attacks that contain no malicious intent at all.
Therefore, a secured IT system is necessary to keep people from both intentional and unintentional attacks.
All IT systems consist of three layers: application – system – network. An application that handles data is on the system. The systems are connected via a network.
All secured IT system will implement required elements of security in all of the layers, not just one or two. For that, security components need to be implemented in an appropriate way. This system should be designed to ensure end-t0-end service if each element is interoperated.
The design and implementation of this kind of secure IT system is the essence and core of information security. In other words, for perfect security, comprehensive and total understanding of an IT system needs to be the foundation. Penta Security’s goal is to make sure that organizations worldwide can implement this sort of secure IT system in an easy, cost-effective, but comprehensive way.