.

Чтение книги онлайн.

Читать онлайн книгу - страница 20

Автор:
Жанр:
Серия:
Издательство:
 -

Скачать книгу

      These frameworks, and many more, have their advocates, their user base, and their value. That said, in the interest of consistency, we'll focus throughout this book on CIANA+PS, as its emphasis on both nonrepudiation and authentication have perhaps the strongest and most obvious connections to the vitally important needs of e-commerce and our e-society to be able to conduct personal activities, private business, and governance activities in ways that are safe, respectful of individual rights, responsible, trustworthy, reliable, and transparent.

      It's important to keep in mind that these attributes of systems performance or effectiveness build upon each other to produce the overall degree of trust and confidence we can rightly place on those systems and the information they produce for us. We rely on high-reliability systems because their information is correct and complete (high integrity), it's where we need it when we need it (availability), and we know it's been kept safe from unauthorized disclosure (it has authentic confidentiality), while at the same time we have confidence that the only processes or people who've created or modified it are trusted ones. Our whole sense of “can we trust the system and what it's telling us” is a greater conclusion than just the sum of the individual CIANA+PS, Parkerian, or triad attributes.

      Let's look further at some of these attributes of information security.

      Confidentiality

      Confidentiality refers to how much we can trust that the information we're about to use to make a decision with has not been seen by unauthorized people. The term unauthorized people generally refers to any person or any group of people who could learn something from our confidential information and then use that new knowledge in ways that would thwart our plans to attain our objectives or cause us other harm.

      Confidentiality needs dictate who can read specific information or files or who can download or copy them; this is significantly different from who can modify, create, or delete those files.

      One way to think about this is that integrity violations change what we think we know; confidentiality violations tell others what we think is our private knowledge.

      Business has many categories of information and ideas that it needs to treat as confidential, such as the following:

       Proprietary, or company-owned information, whether or not protected by patent, copyright, or trade secret laws

       Proprietary or confidential information belonging to others but shared with the company under the terms of a nondisclosure agreement (NDA)

       Company private data, which can include business plans, budgets, risk assessments, and even organizational directories and alignments of people to responsibilities

       Data required by law or regulation to be kept private or confidential

       Privacy-related information pertaining to individual employees, customers, prospective customers or employees, or members of the public who contact the firm for any reason

       Customer transaction and business history data, including the company's credit ratings and terms for a given customer

       Customer complaints, service requests, or suggestions for product or service improvements

      In many respects, such business confidential information either represents the results of investments the organization has already made or provides insight that informs decisions they're about to make; either way, all of this and more represent competitive advantage to the company. Letting this information be disclosed to unauthorized persons, inside or outside of the right circles within the company, threatens to reduce the value of those investments and the future return on those investments. It could, in the extreme, put the company out of business!

      Let's look a bit closer at how to defend such information.

      Our intellectual property are the ideas that we create and express in tangible, explicit form; in creating them, we create an ownership interest. Legal and ethical frameworks have long recognized that such creativity benefits a society and that such creativity needs to be encouraged and incentivized. Incentives can include financial reward, recognition and acclaim, or a legally protected ownership interest in the expression of that idea and its subsequent use by others. This vested interest was first recognized by Roman law nearly 2,000 years ago. Recognition is a powerful incentive to the creative mind, as the example of the Pythagorean theorem illustrates. It was created long before the concept of patents, rights, or royalties for intellectual property were established, and its creator has certainly been dead for a long time, and yet no ethical person would think to attempt to claim it as their own idea. Having the author's name on the cover of a book or at the masthead of a blog post or article also helps to recognize creativity.

      Financial reward for ideas can take many forms, and ideally, such ideas should pay their own way by generating income for the creator of the idea, recouping the expenses they incurred to create it, or both. Sponsorship, grants, or the salary associated with a job can provide this; creators can also be awarded prizes, such as the Nobel Prize, as both recognition and financial rewards.

      The best incentive for creativity, especially for corporate-sponsored creativity, is in how that ownership interest in the new idea can be turned into profitable new lines of business or into new products and services.

      Besides

Скачать книгу