What is Information Security?

As I have mentioned before, security is nothing new. The basic tenets of information security are well defined and only articulate, in digital terms, what many of us do in a variety of transparent and automatic ways. By breaking down security into its constituent components, I believe it’s easier to design these components into our modern day electronics so that they are not only easier and more convenient, but more secure because of it.

Protecting the confidentiality, integrity and availability of information are the main objectives of information security; however, when implementing a product, service or system to the marketplace, it is important to also think of continuing to maintain a secure system once it has been deployed. Protecting a system from the affects of Murphy’s Law – which occurs more often than one expects – is also an important consideration.

The following are the security objectives to keep in mind when designing a system. Some examples below play multiple roles. For example, wax seals and Chinese/Japanese chops (inkan/hanko) can be used for both integrity and authenticity.

Static, passive, pervasive security – done once:

  • Confidentiality/Privacy – Your data/service provides no useful information to unauthorized people and ensures the protection of sensitive and private data.
    • Historically – Egyptian hieroglyphics, Enigma, etc., envelope
    • Biologically –
    • Modern – Encryption
  • Integrity – Ensures that the data has not been (maliciously or accidentally) altered, manipulated or deleted. Furthermore, if anyone tampers with your asset it will be immediately evident.
    • Historically – Wax seals, inkan, medicine caps
    • Biologically – DNA sequences
    • Modern – Digital hash
  • Authenticity – We can verify that an asset is attributable to its owner, author or caretaker.
    • Historically – Drivers license, passport, stamps, watermarks
    • Biologically – Smell, sight, hearing, virus lock-and-key
    • Modern – passwords, smart cards, biometrics, GPS, public key
  • Identity – We can verify who is the specific individual entity associated with your asset.
    • Historically – biologically, birds imprint who their mothers are; historically – many, notary
    • Modern – meta tags, XML
  • Non-repudiation – Ensures that information cannot be “disowned.” The author or owner or caretaker of the asset cannot deny that they are associated with it.
    • Historically – signing a document, getting a return receipt, etc., time clock, odometer
    • Modern – typing an acknowledgment, taking a biometric, digital signature

Dynamic, active, transient security – the system needs to be checking these items constantly:

  • Authorization – It is clear what actions are permitted with respect to your asset
    • Historically – dual missile silo keys
    • Modern – ACL’s,
  • Loss – Asset is irrecoverably lost (or the cost of recovery is too high)
    • Historically – cancelling a check, filing an insurance claim
    • Modern – Remote disable/erase
  • Availability/Denial of access or service – Ensures that authorized users have access to information when required.
    • Historically – embargos, laying siege to a city, cancer

Your comments are always welcome.

William Saito
Special Advisor at Cabinet Office (Govt. of Japan)
Named by Nikkei as one of the “100 Most Influential People for Japan,” Saito began software programming at an early age and started his own company in high school. By the time he was named Entrepreneur of the Year in 1998 (by Ernst & Young, NASDAQ and USA Today), he was recognized as one of the world’s leading authorities on encryption, biometric authentication and cyber security.

After selling his business to Microsoft, he moved to Tokyo in 2005 and founded InTecur, a venture capital firm and consultancy that identifies innovative technologies, develops global talent and helps entrepreneurs become successful. In 2013, Saito was appointed a Special Advisor to the Cabinet Office for the Government of Japan.

Similarly, in 2012 he served as a council member on national strategy for the Cabinet-level National Policy Unit, and prior to that, was named as the Chief Technology Officer for the Fukushima Nuclear Accident Independent Investigation Commission (NAIIC). He is a Foundation Board Member at the World Economic Forum (WEF), and has been named by the WEF as both a Young Global Leader and Global Agenda Council member.

Saito also advises several national governments around the globe. In Japan, he has also served as an advisor to METI, MIC, MEXT, MLIT, AIST, IPA and the Japan Society for the Promotion of Science (JSPS), among others.

He teaches at multiple universities, serves on several corporate boards, appears as a commentator on national TV and is the author of numerous publications in addition to writing a weekly column for a prominent Japanese business newspaper. His best-selling management book, The Team: Solving the Biggest Problem in Japan, was published by Nikkei BP in 2012, his follow-on book, Is Your Thinking up to Global Standards?, was published by Daiwa Shobo in late 2013 and his autobiography, An Unprogrammed Life: Adventures of an Incurable Entrepreneur, was published in 2011 by John Wiley & Sons.

Posted by whsaito

Leave a Reply

Your email address will not be published. Required fields are marked *