Page 4 - Feb 2014
P. 4
RESEARCH, ANALYSIS & TRENDS
A new culture of privacy and trust in the
Internet is urgently needed
Concerns about the safety of Integrity in information security means maintaining
new services on the Internet and assuring the accuracy and consistency of data
are as much part of our virtu- over its entire life-cycle, implying that data cannot be
al life as the carefree spread modified in an unauthorized or undetected manner.
of personal data on social Information security systems typically provide mes-
networks. Obviously, the sage integrity in addition to data confidentiality.
tension between the need
for openness on one hand, Availability is a must for any information system to
and security on the other hand, requires a new culture serve its purpose when it is needed. This means
of privacy and trust on the Internet, and of course an that the computing systems used to store and pro-
appropriate political framework.
cess the information, the security controls used to
protect it, and the communication channels used to
Since the combination of CRM with data from the social access it, must be functioning correctly and be avail-
web is nowadays a key issue for future investments in able at all times, preventing service disruptions due
virtually every industry, it can be expected that in the to power outages, hardware failures, and system
next few years a research team of CRM, social media upgrades. Ensuring availability also involves pre-
and data protection experts will take care of the devel- venting denial-of-service attacks.
opment of a software solution that bridges the current
privacy dilemma. Just think about the Sphere Research That IT security is not a static process but actually very
Project that intends to find a solution for social CRM. dynamic makes the issue more complex and hampers
being highly dependent on the technical developments
Fact is that we are forced to rebalance the relationship and aspects. Of course there are many protection
between freedom of information and privacy on the In- mechanisms that fight known attacks available in the
ternet, as a crisis of confidence in the Internet would market. Depending on the timeliness and completeness
dramatically worsen the entire climate of innovation. of the underlying virus lists, additional protection mech-
Internet users must find an adequate level of privacy anisms, so-called malware programs, are available as
and be able to evaluate risks properly and behave ap- well, which search for Trojans or other malicious soft-
propriately, besides taking into consideration that ethics, ware to neutralize them. What all solutions have in
legislation, economy and technology continue to evolve common and try to achieve is confidentiality and integri-
constantly. ty by transforming the content (encryption) or to prevent
unauthorized access to information or resources. The
Unfortunately, the actual relevance of IT security is of- basis for ensuring the confidentiality, integrity but also
ten only recognized when absent, although the industry the accountability of information is the cryptography as
is working hard nonstop to make the Internet more se- well as its follow-up mechanisms, which means encryp-
cure for users. As business processes and technologies tion of content and the creation and verification of digi-
become more and more complex, it becomes increas- tal signatures.
ingly difficult to gain the users’ confidence and meet
their expectations. However, despite these and other protection mecha-
nisms, not all attacks can be thoroughly and perfectly
I mentioned in a previous article that the confidentiality, blocked. Thus, IT security is the ongoing process of
integrity and availability (CIA) triad is one of the core exercising due care and due diligence to protect infor-
principles of information security, but I believe it is worth mation as well as information systems, from unauthor-
to conjure up its meaning again and again: ized access, misuse, disclosure, destruction, modifica-
tion, disruption, or distribution.
Confidentiality refers to preventing the disclosure
of information to unauthorized individuals or sys- It is a never ending process that involves ongoing train-
tems, enforced usually by encryption or by limiting ing, assessment, monitoring and review, since it is an
the places where it might appear (in databases, log indispensable part of all the business operations across
files, backups, printed receipts, and so on), and by different domains. So it seems like it will be a never
restricting access to the places where it is stored. ending story of learning and trying to be a step ahead
Actually, confidentiality is necessary for maintaining of any criminal intention. ◊
the privacy of the people whose personal infor-
mation is held by the system. By Daniela La Marca
4 Asian eMarketing February 2014 - Security & Privacy Protection
