This past Wednesday I gave a session at Infosec09 in Omaha, Nebraska.
What a great event and venue! If you get a chance to attend next year, I highly encourage you to do so.
After my session, “The Convergence of Information Security, Privacy and Compliance,” I had a nice young man in attendance come up and ask me a really great question; love this question!
“If you could change one or two things in computing history that would have a positive effect on privacy and security, what would they be and why?”
Isn’t that an awesome question?
Here is my answer…
I really love this question; so many possibilities. It is always easy to look back with 20/20 clarity, but at those historical point(s) in time you just don’t know what you don’t know.
Going back to the early days of computer development, it was not even dreamed of that computers would be linked together. They were largely created and architected as stand-alone machines. If they would have been created with the possibility in mind that someday they could be connected to other computers, then I believe it would have made a big difference in how information security and privacy was viewed and handled today. Those early pioneers were documented to have thought a lot about controls. But the controls they thought about were confined to their isolated computer system. They built in and planned for backups, internal logging, access controls for authorized users, and so on. The access controls, though, were only for the defined users of each particular system. The logging was also basically for authorized events. They did not plan for unauthorized access to the computer systems. They did not anticipate so many people would actually be using the computers, and that significant numbers of those individuals would attempt to do malicious acts. If they had, they probably would have pioneered the use of logs to check for unauthorized activities, and for access controls that went beyond just system-defined users. And so much more; but this should give you a good idea of the issues.
Another key point in computer development history, where privacy and security could have been greatly improved upon, was in the development of mobile computers. The focus was on getting mobile computing features addressed and establishing ease of use for those using mobile computers. Ease of use, speed and high functionality were of foremost importance. Unfortunately, very little attention was given to mobile computing security and privacy protections beyond boot and login password features. If those creating the first mobile computing technologies and architectures had also created robust information security and privacy features, that were transparent to users and were also very, very easy for any required end-user interfaces, there would likely be far fewer incidents and breaches today.
What are your thoughts?
Tags: awareness and training, computer history, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy training, risk management, security awareness, security training