Information Security

Introduction
So where does one start discussing about Security? Unlike apps, video games etc. - information security isn't directly consumed.

Also progress in information technology doesn't directly lead to progress in information security. Part of the problem is that we want to model our digital world security close to real world security. It is innocuos association which makes it hard - in the digital world the constraints and enabling technologies are very different as compared to the real world. For example, in the real world - a person has to break in through a dwelling to steal a fancy piece of jewelry, which in turn may be safely placed in a vault. In the digital world, finding appropriate language for valuable secret information is neither straight forward nor intuitive.

Traditionally, enterprise IT systems have been getting by using poor analogies to enforce broken rules. An example of just such a rule is: all employees need to access enterprise information from within a private network. How come this is more secure? If an employee can get to that information after jumping through hoops (VPN, Multi factor authentications, enterprise owned laptop etc), she still remains just as capable of causing information leaks - wether malicious or accidental.

Why?
A good question for starting is to discuss about information value. Information is valued in the following sense:

1. Being Timely: for example, a government report about unemployment needs to be released at the same time to everyone; so as to provide a fair chance to all investors to react to the new information.
2. Driving Process: for example, a secret recipe to manufacture Coca Cola is crucial for the Coke company's survival
3. Discovering Structure: for example, army deployment bases across a geographical region is key information for an enemy to form an attack strategy
4. Collaboration: for example, communication between two trusted parties gives information about all of the above points
5. Entertainment: for example, providing enjoyment to people through mainly auditory and visual senses

In this sense, points 1, 2, and 3are more static; and point 4 is more about dispersal or creation of information. Point 5 can be both static (pre-recorded), and dynamic (real time).

For?

Data without any use is useless - as can be easily understood from egyptian scrolls lying dormant inside the pyramid for thousands of years. Once deciphered into today's languages, this data becomes information consumed by historians to record and finally help make decisions. In the case of egyptian scrolls, this information lends insight into the rise and fall of the egyptian empire - giving us clues about what we need to do differently today (to not end up with the same fate).

In the next post we will continue to talk more about information and relate it to internet.