Credo | InfoSec Perception

Welcome to the new home of the InfoSec Perception column, a weekly commentary on information assurance (IA) topics.

To start the new series, I’d like to articulate some of the key ideas about writing on IA that I have accepted or developed in thirty years of work in the field.

To start with, the InfoSec Perception column is aimed primarily at programmers, analysts, network and security administrators, information security officers, security consultants, and C-level information executives (e.g., Chief Information Officers). However, beginners, such as students, are warmly welcomed and therefore technical jargon will be kept to a minimum; for example, all acronyms will be spelled out on first occurrence and their acronym defined at that time. Readers unfamiliar with basic concepts will be able to find definitions and articles easily online; more specialised concepts and terms will usually be defined or provided with explicit references.

I think that clear definitions of professional terminology are useful; for example, the Parkerian Hexad defined by Donn Parker in the 1980s and described in detail in his 1998 book, Fighting Computer Crime: A New Framework for Protecting Information (Wiley) provides a structure for experts to discuss the effects of security breaches with economy and clarity. Similarly, John D. Howard and Thomas A. Longstaff’s “A Common Language for Computer Security Incidents” provides an excellent structure for clear delineation and discussion of the attackers, tools, vulnerabilities, actions, targets, unauthorized results and objectives of security breaches. InfoSec Perceptions will include articles pointing to research and ideas that support common terminology and conceptual models.

InfoSec Perception articles will rarely focus on news of the day, although sometimes readers will find references to recent events in a discussion of wider topics. This will be an educational series, not a news column. Incidents will be discussed to draw attention to principles that can improve security if readers think about their applicability to the systems for which they are responsible or even for their personal use of information technology. Some articles will focus on security information important to the general public and will urge readers to share their knowledge with family, friends, colleagues and schools.

Interdisciplinary research can provide valuable insights for IA – for example, a review of the implications of social psychology for IA opened up new approaches to implementing IA policies. This column will sometimes include discussions of topics in the physical and social sciences, engineering, literature, history, and even music; all such discussions will bring to light ideas that can improve the practice of IA.

Humour can bring to light aspects of any subject that may be viewed as plebeian and boring. InfoSec Perception will occasionally feature satire, fiction or even poetry if it makes a point about IA well for the readers.

For additional information about InfoSec Perception, see the Guidelines posted elsewhere on this site.

I hope that readers will learn from the column and will enjoy reading it.