|← Assessing Change in an Organization||Communities of Practice →|
In today's world, it is apparent of how some people are just curious in making an attempt to get conversant with information that is actually confidential about other people or organizations. Some of these people require the information not with good intentions but evil ones like blackmailing the individual, or for the case of an organization, posing unfair competition. Moreover, increased experts in hacking systems and increased competition and inadequate resources have made security on information to be aggravated and be made more insecure.
In a way to ensure there is security as pertains to information, Bruce Schneier has come up with a framework of how to create awareness and perfect perception of information security. According to him in his framework, he calls security as a trade off and one need to go into great depth in order to understand how security works psychologically. He also alleges that any gain in matters of security involves one trading off. One trades security with money, liberty, capability or time. People need to make the best security trade off as some things may go wrong when trading off. These things include the magnitude, probability and the severity of risk at hand. Also how desperate the cost and the risks can be compared (Schneier, 2008).
Continuing with the framework, Bruce suggested that people mostly worry about the wrong things as the security perception does not match the security reality. People do ignore the magnitude of the risks at hand hence end up worrying much on the small risks and ignoring the big risks. He states that people underestimate those risks they take willingly and overestimate the ones that they cannot control. This in short is saying that the security trade off are subjective.
On the third point of the Bruce's framework, is that the trade offs of security, in a great way depends on agenda and power. He gives an example where a company just because it has more power and capital, it dumps waste in a river passing through a small village that have no power to oppose that. Still, to ensure that security is enhanced, one needs a working system. The security system can be known whether it is working the moment something goes wrong.
It is hence apparent that one needs to know those who threaten ones security and realizing that the attackers do not change their intentions but they just change the way they do thing. From the Schneier's framework, I would greatly agree that one ought to know what the security situation at hand he is encountering and critically analyze the treat that can be prioritized to be eliminated. Moreover, one needs to keep track of the changing ways of those that would want to know our information.
Scheiner's framework in comparison with that of module one framework does in a great way seem to be connected. Foremost, module one framework suggests one of the ways the government and legal system that can be used to provide better safety hence taking the government or the law as the one controlling the acts of all people. Scheiner's framework has it that it takes the mind as the part that control how one plans to implement and improve security and in which areas.
A second comparison is where the Scheiner's framework takes into caution on the regulatory approaches that one need to use to achieve a full security while module one framework takes the legal alignment to ensure proper and the needed security. It also suggests on development of regulatory framework, approaches on insecurity, nuclear safety regimes similar to the suggestion on Scheiner's framework that suggest development of a full framework.
From Seiden's speech, he talks of the people one need to trust with their information. To him mostly in the business world, no one can be trusted. Mostly in e-commerce due to the intangibility of the goods, fraud rates are usually higher. He adds that companies change their models without informing public in a move to curb insecurity. He goes on to say that, even the inanimate things like networks, hardware and software cannot be trusted. To support this he says that many software end up crushing ones system and hardware malfunctioning.
On the point of trust, he gives suggestions how one can know who to trust by answering some five questions. The question entail one asking themselves if they rely on trust of a given authority, how one can test them, the level of services they apply and how to find out if the people one trust do trust them back. He concludes by stating that using obscurity security method, the frauds of the system are hidden from attackers and hence the system is protected as there is no way the attackers can find out.
From my earlier views that I still hold them even from Seiden's speech on security through obscurity, the reason being that every system has a loop hole and ensuring only those that one can fully trust do know the system's functions, the attackers may try to crack the system but they will never be able hence the safety of the system is maintained. If I were to help managers build security awareness and proper perception in their organizations, I would come up with policies such that no single thing can be operated without two people getting involved and the two people should be from different departments. Also I would ensure employ IT experts to ensure the updating of the system often, hence always ensure the system in use is ahead of the competitors. Moreover, I would advice a central place of storage of crucial data and information where every person that goes in there has authority of the manager.
This two models tries to show how in today's world full of attackers, how security on information is crucial. In addition, the two have outlined the importance of building awareness and good perception of the information security. Every organization needs to build a good awareness perception to ensure proper management and a future for the organization.