Information Security in the Real World. Confidentiality, Availability, Integrity, Practicality.

Wednesday, 16 February 2011

Information Wants to be Free 2.0.

It's a refrain from the early days of computer hacking. A rallying cry of hackers, anti-censorship activists and just plain anarchists it dates back at least to the mid-80s use by Stewart Brand, while the phrase "Information wants to be free" has been used by bloggers the world over to justify the current Wikileaks phenomenon. But the phrase has a new connotation, a new white paper from Intel quotes the old hackers mantra as one of five new "Irrefutable Laws of Information Security".

Intel's use of the phrase recognises the fact that employees, associates and outside agents regularly find ways around our efforts to contain our data and many do so without malice but in order to get their job done. We should therefore recognise this behaviour and manage it, instead of trying to limit or quash it. This is genuinely refreshing stuff from a big name, and is a timely response to David Lacey's call for new standards and security models. The five "laws" in Intel's model are:

  1. Information wants to be free
  2. Code wants to be wrong
  3. Services want to be on
  4. Users want to click
  5. Even a security feature can be used for harm.
The full article explains these laws and how Intel has devised new models to achieve security within them, including the "Trust Calculation" to provide an access control model flexible enough to support remote working with a variety of portable devices and locations. 

As someone who has been suggesting for a while that compliance does not equal security, and the human factor is much much bigger than most of us credit, I think this is genuinely forward-thinking stuff and I look forward to the Information Security industry's response.

No comments:

Post a Comment