THIS SECTION IS ABOUT YOU!
Being rugged is…
1. Understanding that you are inextricably tied to the digital information about you online. It is an increasingly important concept that digital information is an asset like material things are assets and information must be protected like other assets.
2. Being aware of the variety of digital information that can now affect us.
Businesses used to rely on a human being’s knowledge to manage the business. Individuals were repositories of otherwise unavailable information (data).
In the digital age that is changing. The quantity of knowledge has exploded which is changing the relationship between data and people. The quantities of data are so huge that the best way to make use of much of it is by computer analysis. Businesses now depend on employee’s ability to research and manipulate data rather than just rely on what they know. Tim Berners-Lee is the inventor of the World Wide Web. (If you don’t have the most current version of Flash player the below video won’t show. Please use this link instead: http://www.ted.com/talks/lang/eng/tim_berners_lee_on_the_next_web.html )
“Information” is the first topic covered because digital “security” is 100% about information, personally or in business. “Information” is data with meaning added. It covers a variety of types of data, all of which are part of an increasingly important concept on the cyber frontier: a business’s information, and each individual’s information is an asset, it has value, it is worth money! A computer is just a doorstop if it doesn’t have information stored on it (“data at rest”) or moving in and out of it (“data in transit”). A business or organization’s information is an asset, it has value, it is worth money! Digital information is worth protecting, like one would protect money in a bank account or valuables in the home. You are represented by the information about you. A business is dependent on the information about it! There are unscrupulous people who will take information without regard for the inconvenience, trouble, monetary loss, heartbreak, loss of reputation or emotional turmoil stealing it will cause. Just as cyber criminals are remote, hazy, anonymous abstractions to us we are merely pennies in a database to them. But the cost, time, aggravation, and potential legal trouble that loss of personal or other types of information can cause, can be significant.
- Personally Identifiable Information (PII) – any combination of data that can uniquely identify you. Did you know you can be identified with 90-95% accuracy with just 3 pieces of information about you? (Hint: DoB, 90210 and M/F. Guess what information marketers always ask for?) Legal definitions of PII change from state to state. A social security number is supposed to uniquely identify a person and is used in many financial transactions so it is the key to identity theft. However, any combination of information that can be used to pinpoint one individual should be protected (e. g. name plus phone number plus address plus bank account #). It is best not to send combinations of information via email since email is usually not encrypted and is easily intercepted and readable.
- Medical Information – many doctors offices are moving storage of medical records into “The Cloud” (more on the cloud in “V. Internet”). Doctors are not computer security people and often do not understand the complex technical issues involved with securing a patient’s medical records. They may be inclined to accept a sales person’s assurance that “the data are safe” without knowing what questions to ask to be sure patient records really are adequately protected. Are laws protecting medical privacy adequate? FTC Information on Medical Identity Theft (More about that in section X. Legal)
- Privacy – from physical location to Internet browsing habits, to purchasing habits, to movie viewing habits, to search engine habits there is an unprecedented amount of information being collected on each one of us daily. Check the privacy policies of “free” websites, coupon offers, discounts, and “free” applications downloaded onto smartphones. Very often the cost of the “free” application is the very valuable marketing information or your contacts list, that they now have permission to collect, when “I Agree” is clicked. Virtually nothing on the Internet is free. The cost is the privacy of self, friends and family. (Scroogle Scraper http://www.scroogle.org uses the Google search engine but strips information Google collects and saves for two years, about searches and surfing habits ). Time Magazine (3/7/11)http://www.time.com/time/business/article/0,8599,2058114,00.html had an interesting article about how much about us is being tracked. Their conclusion was “So what?” What are the implications for the future? An article 4/22/11 tells about iPhones/iPads tracking the owner’s location . What do you think? Is all this a serious and frightening invasion of privacy or doesn’t it really matter? (Post a comment below).
- Identity Theft – Almost all financial transactions now have a digital component to them whether it’s banking online or credit card purchases. New technology allows payment via codes on smartphones. Identity theft is used to steal financial information. Key findings from a recent article (4/12/2011) in which 42,000 US child ID’s were surveyed and they found that over 10% had someone else using their Social Security number. The average rate for identity theft for adults is 0.2% (but growing) so childrens’ identity is being stolen at a rate 51 times that of adults. The website DataLossDB is a voluntary compilation of known and reported databreaches since 1986, including the latest incidents, the top 10 largest incidents, and information on how the data were lost. Here’s a graphic comparing the recent Sony databreaches with the 10 largest databreaches of all time.
- Personally Meaningful Information – photographs, family videos, stories, recipes, may not be of interest to criminals, but they are increasingly being stored digitally on CDs, DVDs, and computers. Loss of such memorables may cause as much heartache as being the victim of a digital crime. Consider how to protect digital-emotional valuables to preserve them for future generations. Think about the future; did you save any photographs to 5.25 inch floppy disks 15 years ago? Would you be able to view them now? What are your digital photos stored on now? Will you be able to view them in 15 years?
- Intellectual Property – is often in digital form now (downloaded songs, books, photographs, artwork, movies, computer programs) are all protected by copyright laws and illegal copies subject to criminal prosecution if they are found on your computer. When you buy a CD or video of music or movies, you own that physical media and it is yours to give or sell as you wish. But when you download songs, videos and other digital media onto an iPhone, Android, Wii, Xbox or other player, do you still have the right to give it to someone or sell it? (More about that in section X. Legal). Other forms of intellectual property like architectural plans, engineering plans, trade secrets, specific to industry are being stolen in massive quantities and we don’t even know it until they appear in other foreign countries and in other venues. As a society we do not completely understand the depth of the concept that information is an asset.
- Child Pornography – posession of digital pictures of inappropriately clothed minors is a felony crime with mandatory prison time, even if they are pictures of themselves or friends and only stored on the smartphone of your son or daughter.
- Businesses — in addition to protecting employee information, customer lists, processes, suppliers, proprietary data, intellectual property (patents, processes etc) all fall into the type data that is highly critical to a business’ bottom line. The profit motive is motivation to calculate the cost of lost time, lost information, or lack of sales making it easier to estimate how much money should (or shouldn’t) be spent on securing data. Good cyber security is good business.
- Government — The defense and intelligence agencies deal more with espionage and Advance Persistent Threat (APT=China) than civilian government. Civilian agencies, federal, state and local, have (like all employers) an obligation to protect employee data as well as any mission related proprietary or sensitive data . Without a profit motive, civilian government lacks one of the motivating factors to monetize digital assets which causes problems in determining risk to their data. Too often in government IT security is regarded as the function of the IT department and not as the critical business function it is. The time is past when “we can go back to doing it without computers”. IT and IT security people need to find ways to communicate how much of the business is now integrally dependent on IT functions. IT and IT security need to work hand in hand for the benefit of the organization’s mission. The business doesn’t differentiate between IT and IT security. If there is a data compromise, IT gets the blame, not just IT security. It is in our best interest to work together, constructively. Good IT security is good business.
To quote the current CISO of the US Navy: “It’s about the data, stupid!”