Tuesday, October 15, 2013

Information Systems Security Primer - Parts I & II

Our good friend, former Court information technology officer and now, Information Security Director at a Fortune 100 multinational corporation, Ken Lobenstein (and author of the popular Twelve Days of Court Tech article) has written a series of short posts on technology security.  Here is the first and second parts of the series.

---

Part I.

The bookshelves are lined these days with tomes about secure computing but who has time to read a book? And all that jargon! Hard to tell a habeas from a corpus! So here’s a simple series of things you should know if you're going to process information in a computer, table, cell phone, whatever. One step at a time. Starting at the beginning. This series will talk about “computers” but everything in the series applies in much the same way to any similar device. So some terminology.

A computer is a machine that stores and processes information in binary form as 0s or 1s, strung together in groups of eight switches. A single switch in the off position is a zero; in the positive position is a one. Nothing fancy.

A computer can be a desktop, a laptop, a tablet, a smartphone, or any of several other nouns used to describe generally how big it is, how portable it is, and what else you can use it for besides computing. It doesn't matter much which one you have; pay attention to security or you could lose all your information, lose your identity, or find your computer turned into someone else’s computing center.

At the simplest level: one computer, connected to nothing, being used by one and only one person. In this form, the only security issue is reliability, or as the security folks insist on calling, availability. Does it turn on when you tell it to turn on, is your information in there, and can you read it? Over time, the electronics inside can wear out, get dirty, get fried by a lightning strike or power spike, or just get out of sorts. Keep it in a relatively clean area, free of liquids, plugged into a hardware store quality power strip that has surge protection, and that’s pretty much it. You have security.

Someday, 5 or 6 years down the calendar, your software programs will be obsolete and nobody will be able to help you reinstall them if something goes wrong, or the storage space inside the computer (techies call them “hard drives”) will die and your information will be lost. But you can't catch a computer virus or be invaded by Trojan horses. Your only concern is the machine or the software just quit working. In the meantime, you're secure.

Part II. 

The next step on the slippery slope of security is the desire to protect your information against the computer “dying” or the software becoming obsolete by making a copy of your information. Now, for those of us who live in the real world, backing up means going in reverse. But to the computer intelligentsia, backing up means making a copy of some or all of the information on your computer. The electronic equivalent of making a carbon copy of what you put through your typewriter or photocopying all the books in your library. That carbon paper was a pain and really messy and who has space to store two copies of every book. But with a computer, a copy of what’s in there fits on a piece of plastic no bigger than a travel pack of tissues. Very easy to handle and very easy to find a place to put it so you can’t find it when you need it.

The bad news is that somewhere along the line, you just might take that piece of plastic and put it in another computer to get a copy of something somebody else has agree to share with you. Bingo. Now you've gone and done it. You've networked. Sneakernet we called it in the old days; meaning you moved the copy around using shoe leather. Problem is, that other computer – you don't know where it’s been or how it’s been used. It might get out more than yours does and it might have picked up a bug somewhere along the line. Now your backup plastic is infected too. So if you do backups, or connect your computer to ANYTHING, you need to add a special program called “antivirus software”. Not very expensive, and worth every penny. So if your computer ever has a backup device connected to it, or gets put on an electronic network, especially if it ever connects to the Internet or makes a phone call, you had better have anti-virus software or someday you're going to find yourself unable to do anything with the computer you’ve been using. And your backup will be infected too, so you may never see your information again.

1 comment:

  1. It's nearly impossible to find knowledgeable people on this subject, however, you sound like you know what you're talking about!

    Thanks

    my website - formation informatique

    ReplyDelete