Page 8 - index
P. 8
RESEARCH, ANALYSIS & TRENDS
Integrity by default
for the sake of security
The Internet has lost its innocence and a healthy mis- is therefore not a static state but a process, strategical-
trust is more than advisable nowadays as scams and ly defining the security objectives of an enterprise and
spams attack anytime and anywhere. Certain media, the relevant general framework, such as building a se-
such as email, is hit particularly hard. curity infrastructure and risk management.
In fact, emails are already so compromised that a lot of Based on a proper threat and vulnerability analysis, it is
institutions, such as banks, explicitly disclaim sending therefore essential to evaluate available security
digital messages to their customers. Banks usually try to measures to then decide on their implementation, carry
avoid customers’ uncertainty, safeguarding them from it out at the operational level and monitor with respect
having to assess whether an email they received comes to its impact. This procedure equates to the usual quali-
from the bank or is a scam. Such a decision to forgo ty standard approach PDCA (Plan-Do-Check-Act) and
email communication is tantamount to surrender. How- is used, for example, in the widely used standard ISO /
ever, the problem of reliability and safety is not easy to IEC 27001 for information security management sys-
solve. tems for applications.
The Internet has become too complex and too many ap- Guidelines for data protection can provide a useful ba-
plications and systems are closely intertwined. In fact, sis for security concepts as well, such as considering:
the principle that with increasing complexity the uncer-
tainty and the probability of error grow, applies to the 1. Awareness: Participants should be aware of the
Internet in particular. Errors may have even global impli- need for security of information systems and net-
cations, as exploitation of vulnerabilities in client soft- works and what they can do to enhance security.
ware has already been proven many times with devas-
tating consequences. 2. Responsibility: All participants are responsible
for the security of information systems and net-
IT security is not just a matter of discovering vulnerabili- works.
ties or defending attacks. The protection of information
systems usually requires the intervention of various 3. Response: Participants should act in a timely
measures, such as the simultaneous use of several pro- and co-operative manner to prevent, detect and
tection mechanisms and a constant adaptation of respond to security incidents.
measures to change current circumstances. IT security
8 Asian eMarketing - August 2016: Security meets Real-Time Marketing Challenges
Integrity by default
for the sake of security
The Internet has lost its innocence and a healthy mis- is therefore not a static state but a process, strategical-
trust is more than advisable nowadays as scams and ly defining the security objectives of an enterprise and
spams attack anytime and anywhere. Certain media, the relevant general framework, such as building a se-
such as email, is hit particularly hard. curity infrastructure and risk management.
In fact, emails are already so compromised that a lot of Based on a proper threat and vulnerability analysis, it is
institutions, such as banks, explicitly disclaim sending therefore essential to evaluate available security
digital messages to their customers. Banks usually try to measures to then decide on their implementation, carry
avoid customers’ uncertainty, safeguarding them from it out at the operational level and monitor with respect
having to assess whether an email they received comes to its impact. This procedure equates to the usual quali-
from the bank or is a scam. Such a decision to forgo ty standard approach PDCA (Plan-Do-Check-Act) and
email communication is tantamount to surrender. How- is used, for example, in the widely used standard ISO /
ever, the problem of reliability and safety is not easy to IEC 27001 for information security management sys-
solve. tems for applications.
The Internet has become too complex and too many ap- Guidelines for data protection can provide a useful ba-
plications and systems are closely intertwined. In fact, sis for security concepts as well, such as considering:
the principle that with increasing complexity the uncer-
tainty and the probability of error grow, applies to the 1. Awareness: Participants should be aware of the
Internet in particular. Errors may have even global impli- need for security of information systems and net-
cations, as exploitation of vulnerabilities in client soft- works and what they can do to enhance security.
ware has already been proven many times with devas-
tating consequences. 2. Responsibility: All participants are responsible
for the security of information systems and net-
IT security is not just a matter of discovering vulnerabili- works.
ties or defending attacks. The protection of information
systems usually requires the intervention of various 3. Response: Participants should act in a timely
measures, such as the simultaneous use of several pro- and co-operative manner to prevent, detect and
tection mechanisms and a constant adaptation of respond to security incidents.
measures to change current circumstances. IT security
8 Asian eMarketing - August 2016: Security meets Real-Time Marketing Challenges
