Sunday, January 20, 2013

Purifying Security

The   IT industries in Malaysia generally have been influx with lots of impurity. While it's generally acceptable to be vendor bias, product bias, framework bias etcx3 (otherwise the whole industry would black out if we do not choose a side  [open versus close][open cooperated with close][align with gov or not ]. But we information need to be secured.

The idea of IT is derive from two root words in English which is 

1. Information
2. Technology

It should be noted generally, in no where the words computer pops up in the definition of IT from the word IT itself. However regarding information technology is widely define as a medium or spectrum on how knowledge,records, should be stored.

From historical point of view , we know that information are being passed around for generations to generations via oral recitation. This is a known fact in the history of mankind. It took them millennial years to come out with writing symbols and standards.

Why does this happen ? Since we know when transmitting information via orally, information integrity may be altered, human have the tendencies to forget.In order to preserve the knowledge,transmission the knowledge is preserved in textual/writing forms. While the writings/textual exist it doesn't really altered the fact that oral knowledge is also a form of information transmission. . 


And mankind have enter a new millennial where the age to preserve knowledge can be done digitally. However mankind have late to realize that when data is transform in a bits and bytes manner we found out that every element in the digital world can be compromised and corrupted badly. 

In the old world, a signature or a sealed is used to indicate the originality/integrity of a data. While some may argue that it's full of flaws , the digital world does t help much at all. Abusing so called "trusted" digital certificates happen everywhere. And worst case , some digital forensics doesn`t help much in getting to the truth about and incident. A pathology can estimate the age of a dinosaur bone but a digital forensic investigator may  not know at what time an intrusion occurred if the logs are altered. 

Thus we are living in a dangerous age, in the age where information is thrown upon us without limit, There's not a single effective methods on separating useful/junk information in the Internet. (There's none actually). Truth/Lies/Deception/Scandalous news are being thrown in our faces (literally since u r reading it via dis blogspot/facebook). This creates a lot of partisan in the history of mankind. And worst of all the one who is actually winning is the Cooperation not the community behind it. This is important in a sense that a cooperation wouldn`t  be bother with moral obligation (moral != laws), Shaming,humiliating an individual without actual proof or with prove does not really matter to em. What's more important is that they keep you entertain until you drop dead. But that's not the path of death that we are seeking right?

So the ideal of Network Security from my point of view is not to actually getting rid of viruses in your thumb-drive but to preserve information in a way that is protected in CIA sense.

C = Confidentiality,
I  = Integrity,
A = Availability.

Unfortunately  many people doesn`t get the idea . Security is for em buying a bunch of tools and setup some sort of deception sensory without realizing the fact that what's to be protected the most is left unprotected...
And thus the tribulation age of security descent unto us. 

No comments: