Bowden: Let's be honest about our "security"
By Dan Bowden, Chief Information Security Officer
Security is an illusion.
That’s probably not something you expect to hear from someone who is paid to keep things secure. But if you don’t approach security with that mindset, you’re not doing it right.
Security is really a deterrent, equal to the time, resources and expertise needed to break it.
Think about a typical combination lock used to secure a bicycle to a post. An opportunistic thief isn’t going to have the time or resources available to disable that lock. However, someone with enough time could try every combination an eventually reach the correct one. Someone else with hefty bolt cutters could simply cut the lock or cable. With patience or brute force, the illusion of security is shattered.
Some vulnerabilities are only obvious after a clever person discovers them. Remember when it was announced those expensive, indestructible U-Lock bike locks could be opened with a cheap plastic pen?
What security boils down to is using so many measures to protect your valuables that a thief decides he or she doesn’t have the time, resources, or expertise to take them. This applies as much to physical valuables as it does digital ones. By layering our information security methods and following best practices along several paths, we increase the time, resources, or expertise needed to get to our data.
The Information Security Office is constantly working with areas across campus and the hospital to add more layers of information security. With October being National Cyber Security Awareness Month, we plan to offer a number of reminders for everyone about the importance of building up those layers. We will have information about physical security, mobile security, passwords, two-factor authentication, phishing, malware, social engineering, and more, with resources available for everyone at the university. This is the beginning of a year-round campaign to help make employees and students aware of the risks out there and how they can deter would-be thieves from getting hold of their devices and data.
Look for information starting in October and continuing in the future at it.utah.edu/security. Please join me in not only raising awareness on our campus, but in making a real difference in securing our data.