I had a “discussion” recently with a peer regarding the reach of information security. It is my contention that information security, as its name implies addresses the confidentiality, integrity, and availability of information. Note here what was NOT mentioned… technology. I firmly believe that information security spans well past protecting the computer and its contents. Why shouldn’t our responsibility to protect information push past digital data? If someone stores credit card numbers in a notebook (of the paper variety), should we turn a blind eye? If your medical paperwork is left on the receptionists desk at the doctor’s office, who is responsible?You and I as security professionals have a duty to see that INFORMATION is protected. Yes, binary data is part of that, and quite a majority these days, but so are paper documents and any other media on which information is stored. Protecting information is the foundation of what our profession is built upon. The common perception that security is a technical problem is one that we have yet to overcome on a broad scale. Technology is a predominant aspect of the information security problem; there is no arguing that. The globalization of the economy and our current state of “connectedness” makes technology move to the forefront of our security To Do list. Unfortunately, many of us stop there. You and I know that information is critical to the economic survival of our society. You and I do a disservice when we don’t further ensure economic survival by protecting that information on which we depend.The Department of Homeland Security has a number of infrastructure protection programs designed to help secure those assets critical to the operation of our government as well as ensuring our own health and safety. I must say that many of us have not followed that good example. You have seen it, one system administrator with no backup staff responsible for maintaining 50 or more servers. We see that those servers are critical and we shore them up with every technical bell and whistle we can find. What have we missed? I know what you’re going to say, “information security doesn’t cover people”. You are wrong. What about the knowledge that your system administrator has amassed over the years? Is that not information? Is that information not critical to the survival of your organization? I’ll bet that information is not documented. What happens if he quits? Where has your information gone? It certainly is no longer available to you. You and I must realize that in protecting information, not just technology, we need to think bigger. Push past the paradigm of securing technology and work to build a culture that values information in any form. You’ll have a much easier time convincing the big shots upstairs that your role is critical if they see you protecting an asset that has value to them. Related content opinion Security - It’s Just a Job Putting it all in perspective... By Chad McDonald Feb 26, 2012 4 mins Technology Industry IT Jobs Careers opinion John Strand Slapped Me In the Face By Chad McDonald Aug 30, 2011 4 mins Data and Information Security IT Leadership opinion Shiny New Security Shoes By Chad McDonald Mar 29, 2010 4 mins Careers IT Leadership opinion Insecure but Safe - The Mayberry Paradox By Chad McDonald Mar 27, 2009 4 mins Data and Information Security Physical Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe