Thursday, July 20, 2006

What Security Do You Do?

Warning: philosophical content ahead! :-) Here is a question: what security do you do? The common answers that I've heard are:

  1. "Computer security"
  2. "System security"
  3. "Network security"
  4. "IT security"
  5. "Data security"
  6. "Information security"
In addition, "information assurance", "IT risk management" (which is likely to be a bit different though) and other less common responses are there. So, why ponder this obtuse subject? I think in this case what you think you do affects how you approach security. For example, if you do "network security" you likely tend to think in terms of packets, flows, IDS signature strings, etc. If you are into "system security" you "harden", "securely configure", "patch", etc.

Where am I getting at? Is there the best choice? Yes, it is "information security"! Information encompasses data, resides on systems, flows through the network, etc. My advice is to do "information security" since it allows for a broader view (but without sacrificing depth) and to make you more future-proof, as far as our profession is concerned...

Dr Anton Chuvakin