… and , if so, what are the consequences?
My July 23, 2012 column, “It’s About Availability and Integrity (not so much Confidentiality)” caused something of a stir when I claimed that availability is often more important than confidentiality, as illustrated by the case of the Ulster Bank debacle. Ken Belva responded to comments by Jim Bird and others with an excellent analysis of the importance of context, in his July 26, 2012 blog “The CIA Triad: Theory and Practice.” I still maintain that, when it comes to highly visible, dramatic events, those related to confidentiality, including privacy, often trail far behind those incidents that result from loss of availability and integrity. A recent example of a huge integrity loss is the Knight Capital system meltdown.
First, I wish to point out that I do indeed recognize the huge importance of confidentiality in today’s networked world and do not wish to diminish its importance in any way. However, I also believe that infosec professionals should expand their horizons, and responsibilities, to include other aspects of IT, including availability and integrity … and I am not alone.
Consider a recent piece by Hewlett Packard with the title “Improve Security with an Ops Alliance,” which claims that “a partnership between security and IT ops is the first of four steps to greater security and reliability.” I would particularly like to present the following quotes from the article:
“Inspired by DevOps principles, the SecOps movement seeks to remove information silos that prevent Ops and Security from collaboratively working to reduce business risk.”