What is Information Security?

As I have mentioned before, security is nothing new. The basic tenets of information security are well defined and only articulate, in digital terms, what many of us do in a variety of transparent and automatic ways. By breaking down security into its constituent components, I believe it’s easier to design these components into our modern day electronics so that they are not only easier and more convenient, but more secure because of it.

Protecting the confidentiality, integrity and availability of information are the main objectives of information security; however, when implementing a product, service or system to the marketplace, it is important to also think of continuing to maintain a secure system once it has been deployed. Protecting a system from the affects of Murphy’s Law – which occurs more often than one expects – is also an important consideration.

The following are the security objectives to keep in mind when designing a system. Some examples below play multiple roles. For example, wax seals and Chinese/Japanese chops (inkan/hanko) can be used for both integrity and authenticity.

Static, passive, pervasive security – done once:

  • Confidentiality/Privacy – Your data/service provides no useful information to unauthorized people and ensures the protection of sensitive and private data.
    • Historically – Egyptian hieroglyphics, Enigma, etc., envelope
    • Biologically –
    • Modern – Encryption
  • Integrity – Ensures that the data has not been (maliciously or accidentally) altered, manipulated or deleted. Furthermore, if anyone tampers with your asset it will be immediately evident.
    • Historically – Wax seals, inkan, medicine caps
    • Biologically – DNA sequences
    • Modern – Digital hash
  • Authenticity – We can verify that an asset is attributable to its owner, author or caretaker.
    • Historically – Drivers license, passport, stamps, watermarks
    • Biologically – Smell, sight, hearing, virus lock-and-key
    • Modern – passwords, smart cards, biometrics, GPS, public key
  • Identity – We can verify who is the specific individual entity associated with your asset.
    • Historically – biologically, birds imprint who their mothers are; historically – many, notary
    • Modern – meta tags, XML
  • Non-repudiation – Ensures that information cannot be “disowned.” The author or owner or caretaker of the asset cannot deny that they are associated with it.
    • Historically – signing a document, getting a return receipt, etc., time clock, odometer
    • Modern – typing an acknowledgment, taking a biometric, digital signature

Dynamic, active, transient security – the system needs to be checking these items constantly:

  • Authorization – It is clear what actions are permitted with respect to your asset
    • Historically – dual missile silo keys
    • Modern – ACL’s,
  • Loss – Asset is irrecoverably lost (or the cost of recovery is too high)
    • Historically – cancelling a check, filing an insurance claim
    • Modern – Remote disable/erase
  • Availability/Denial of access or service – Ensures that authorized users have access to information when required.
    • Historically – embargos, laying siege to a city, cancer

Your comments are always welcome.

William Saito
Special Advisor at Cabinet Office (Govt. of Japan)
Named by Nikkei as one of the “100 Most Influential People for Japan,” Saito began software programming in elementary school and started his own company while still in high school and was named Entrepreneur of the Year in 1998 (by Ernst & Young, NASDAQ and USA Today). As one of the world’s leading authorities on cybersecurity.

After selling his business to Microsoft, he moved to Tokyo in 2005 and founded InTecur, a venture capital firm. In 2011, he served as the Chief Technology Officer of the National Diet’s (Parliament) Fukushima Nuclear Accident Independent Investigation Commission. Later that year, he was named as both a Young Global Leader and Global Agenda Council member for World Economic Forum (WEF) and subsequently been named to its Foundation Board. In 2012, Saito was appointed to a council on national strategy and policy that reported directly to the Prime Minister of Japan.

Saito also advises several national governments around the globe. In Japan, he has served as an advisor to Japanese ministries; the Japan Society for the Promotion of Science; the National Institute of Advanced Industrial Science and Technology (AIST); the Information Technology Promotion Agency (IPAS); the 2020 Tokyo Olympic and Paralympic Games, among others. He is currently the Special Advisor to the Ministry of Economic Trade and Industry (METI) and the Cabinet Office for the Government of Japan.

He went to medical school at UCLA and Harvard Kennedy School; serves on various boards of Global 2000 companies; frequently appears as a commentator on TV and is the author of seven books in addition to writing several weekly newspaper columns. His management book, The Team: Solving the Biggest Problem in Japan, was published by Nikkei BP and became a best-seller in 2012. In 2016, Saito received the Medal of Honor from the Government of Japan for his work in the field of education.

Posted by whsaito

Leave a Reply

Your email address will not be published. Required fields are marked *