Information Security: Where We’ve Been and Where We Need to Go

##AUTHORSPLIT##<--->

Patrick HinojosaInformation security management consists of identifying an organization’s electronic informational assets, as well as the planning and programs that must be carried out to ensure its continued availability, confidentiality and integrity. Whether the organization is a commercial enterprise, governmental agency or educational institution, these goals are the same. What differs is the type of assets and to what degree they are critical to the continued operation of the entity.

The Threat Situation

Fulfilling these requirements used to mean having a unique logon and password for employees to control access to the system. As use of the Internet began to grow, organizations started to deploy firewalls at the perimeter to keep hackers from gaining access to the systems within. Most thought that we had handled the situation. Then the rise of the computer virus forced the development and deployment of anti-virus software onto workstations in order to protect the integrity of the data and the availability of systems themselves.

Today, the situation is not so simple. The current threats are entering from the Internet through our firewalls and landing directly onto PCson the network. These threats include e-mail worms, remote access Trojans, spyware, adware, network worms, blended threats, as well as multistage, incremental infections using all of the above.

Any machine that has direct or indirect access to the outside world is at risk, and puts all assets connected to the network in danger. Automated attacks can and do spread across the Internet faster than traditional reactive technology can be updated - this includes conventional anti-virus and IDS (intrusion detection system) solutions.

Laws have been enacted mandating that certain levels of confidentiality, accessibility and integrity of data be maintained. Whether it is the privacy of medical records, student records, personal financial data or simply e-mail archiving, there are laws covering it. The penalty for noncompliance can be fines and/or lawsuits.

Proactive Technologies

However, the threat situation d'es not appear to be getting any better. In fact, it is actually worsening due to the addition of criminal elements that are now hiring technical experts to develop new attack methods on a for-profit basis.

Top 10 Viruses of 2004

So what do we do? Up until now, security has been reactive - providing protection against the known threats. If a new threat appears, it then develops a new defense. This is clearly no longer workable. The common viewpoint of security vendors that “some systems must die so that others may be protected” is outdated. This is the methodology of signature-based defense in which some systems had to get infected before the threat could be found. Well, if those were your systems, it was no fun being a guinea pig.

Proactive technologies that can protect against new, unknown threats without human intervention must be deployed to ensure the integrity of IT systems. This must fit into existing security budgets and must not increase the workload in already overstretched IT departments.

In the case of information security, a dollar of prevention is worth a thousand dollars of IT man-hours.

Featured

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Introduces Stand-Alone AI App

    Meta Platforms has launched a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • robot waving

    Copilot Updates Aim to Personalize AI

    Microsoft has introduced a range of updates to its Copilot platform, marking a new phase in its effort to deliver what it calls a "true AI companion" that adapts to individual users' needs, preferences and routines.