How You Can Spot Bad Information Security

by Mitz Pantic from

How You Can Spot Bad Information Security

Few people understand how information security really works. The television shows and movies depict it as a sort of modern wizardry where hackers fight geeks using technobable spells. In reality, information security focuses on building powerful defenses which no hacker can get through, so the infosec expert can go home and sleep at night knowing the hacker has been thwarted.

It’s those defenses which this very minute protect your valuable information on the Internet. Let’s see what makes them so effective:

The Main Information Security Model

When a company or government stores your personal information, they use a three tier model to help keep your information secure:

1. Encryption: your data is saved in a format which is useless to the hacker without a password or other key.

2. Access Control: access to your data is restricted to only the people and programs which need it. This is also called ACL for Access Control List.

3. Logs: whenever someone or something accesses your data, a record is made. This ensures that the access control works and that no program or person is abusing their authority to access your data.

Implementing these three techniques may sound simple, but it’s quite difficult in practice. For example, it’s easy to encrypt data so hackers can’t use it if they get their hands on it. The problem is that any company which loses the password or key to that data can lose all of their customer data in seconds. It’s like keeping your money in a Swiss bank account—it’s safe and anonymous, but if you forget your secret account number all of that money is useless to you.

Access control and logging also have their own problems. Programs require extra complication in order to handle access control correctly, and it costs companies money to write that extra complication. Logs on the other hand must be read periodically by a human being, and that also costs the company hours which could be spent doing something productive.

This extra cost of information security is part of the reason you so often read about companies getting hacked. It’s not that the information security model is bad or that the hackers are that skilled, but that the company didn’t put the effort into security in the first place.

How You Can Spot Bad Information Security

Are you reluctant to give a particular company your credit card number or other information? Here’s a quick tip which can help you determine whether the company uses one of the most basic information security techniques. If they don’t use this technique, I recommend that you don’t trust them with anything important.

First, create an account. Enter your password and do whatever it takes to confirm the account without giving them your personal information. Then log out and activate the password reset.

If they send you your old password by email, they’re information security idiots. Don’t use them. If they send you a random new password or send you a link to click on to reset your password, then they know at least this very basic information security technique.

Article Continued Here

This excerpt appears with permission from

 470 total views,  1 views today

(Visited 1 times, 1 visits today)

One thought on “How You Can Spot Bad Information Security

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.