Question

Protecting Information

What is the mindset required to properly protect information? What role does reasoned paranoia play in this mindset and how can an individual keep the proper balance between protecting information and enabling business?

Answer 1

Information nowadays is quite a wide term with the introduction of Laptops, Mobiles, Internet of Things etc, Every other daily product is getting online and the vulnerabilities of leaking information are increasing with it. In this digital age when most of the things are incorporated with some kind of intelligence, they are programmed and connected to the network. Not many individuals expect that the Network or the Device can be over ridden and throw you in series of problem. E.g An Online Home security system, Imagine a system like this getting overridden and giving access to Burglars an easy accesses to your valuables. A lot can be at stake if the Networks are not Firewalled and the secure data is not isolated.

To aim for a secure network or Information protection the an individual should build a Perimeter, classify the data and secure them at different security level. Firewalls and advanced Intrusion detectors should be used. Awareness of security should be provided to the users so that no Loophole is detected for a possible breach. Enforce security rules on everyone equally. Follow layered security practices.

Being Paranoia about security is good as you will be always updated about the security practices being followed. Paranoia is dysfunctional trait but it isn’t defined like this in the topic. But being updated with the security methods and practices is the only way of ensuring security leaks.

To enable a secure system without affecting the business is also difficult as the access to the information becomes restricted and many processes and approvals come in way that increase the lead time. So a proper balance should be adopted where the business is not affected by long processes neither is the security. Data classification and Backup should be enforced where you layer the security level required for each information and device separate process levels for each of them.