How different would IT, cybersecurity, and Americans' average be affected if security was always prioritized more over convenience? Why?

SGT Private RallyPoint Member — Wed, 28 Jun 2017 19:14:19 -0400

Response by CPT Jack Durish made Jun 28 at 2017 7:45 PM

CPT Jack Durish — Wed, 28 Jun 2017 19:45:58 -0400

Security is always inconvenient. I don't care if you're talking about securing people, property, or data. It's also costly. It's just that simple. The only thing more inconvenient is the loss of people, property, or data...

Response by SPC John Lebiecki made Jun 28 at 2017 7:54 PM

SPC John Lebiecki — Wed, 28 Jun 2017 19:54:37 -0400

Great post, especially with the cyber attacks the last month.

Response by SSG Warren Swan made Jun 28 at 2017 9:41 PM

SSG Warren Swan — Wed, 28 Jun 2017 21:41:27 -0400

There would be NO internet access if that was enforced. The NIST framework plainly details what is and should be, but the problem with it is that it leaves large openings for government and businesses to implement it their way... leading to glaring openings, cyber backdoors, and insider threats.

Response by 2LT Private RallyPoint Member made Jun 29 at 2017 7:48 AM

2LT Private RallyPoint Member — Thu, 29 Jun 2017 07:48:17 -0400

Good responses so far. The fact is that if you are on a networked system, inherently it is not perfectly secure. Therefore, adding convience and functionality that increases productivity, user experience, and all those great things should still exist. Convience is an important thing to have because it enables a lot of other functions. For instance, if we were still doing basic mathematics long hand instead of using a calculator, we would be spending the bulk of our time on the basics instead of moving into advanced topics. If you ask nearly all IT professionals, they will tell you Security is their top priority, as it should be and generally they understand they will never be perfectly secure. I think finding the balance of good enough security to deter threats while still enabling convince is where we want to be. Similar to our missile defense system in the Cold War. In reality it would have only been about 60% effective against incoming icbms, however, that was effective enough to deter the USSR from ever launching a first strike. It's has to be a balance I believe

Response by LTC Private RallyPoint Member made Jun 29 at 2017 8:16 AM

LTC Private RallyPoint Member — Thu, 29 Jun 2017 08:16:04 -0400

I'm not a computer guy like most of you seem to be so I'll be the layperson here. I'm already burdened with security either from the military end or the medical field. If you could make the network or computer more secure with a little more effort then I say go for it because losing data or this ransomware stuff will shut down a hospital as we saw in CA and the HIPPA laws will make your network a target.
The primary problem that I see though is the numbskull that opens attachments on their work computer. Even I know not to do that, so how do we protect ourselves from stupid? This seems like a personal issue, not an IT issue.

Response by PO3 Steven Sherrill made Jun 29 at 2017 11:40 AM

PO3 Steven Sherrill — Thu, 29 Jun 2017 11:40:42 -0400

SGT Private RallyPoint Member When "why do we need passwords?" is a question I receive from a compliance principle, it is a problem. When I have people asking why they can't use their name, kids name, or dob in a password it is a problem. People don't understand, and don't want to understand why security is important. Social Media has made security a bigger nightmare than ever. People who wouldn't give a stranger the time of day have no problem with sharing the most intimate details of their life on social media. People take security for granted as opposed to taking an active role in their own digital safety. Front line IT Support would at first be dealing with heightened security related access issues in addition to the typical IT related issues that are currently dealt with. Cybersecurity would become something that is under a greater microscope than it already is. The typical mentality being, how can we have a security problem when we have made security a problem. The dance between the security professionals and the exploiters would continue. The people would be greatly affected. In the day and age of instant gratification, additional security measures would put layers between the user and their gratification. This would cause an uptick in complaints during the adjustment period. I would settle for security just being on an even par with convenience. The real problem is that people want to have it both ways. It is impossible to have both security and convenience. Security by its very nature is designed to put blocks in place to protect the user. Those blocks require a key, entering a key slows down the process.

Response by MAJ Brad Friedlander made Jul 10 at 2017 8:35 AM

MAJ Brad Friedlander — Mon, 10 Jul 2017 08:35:21 -0400

If security were always prioritized, we would have very little functionality and the cost would be prohibitive for most people. Security is important and I've had responsibility to oversee it and architect it in the military and commercial worlds. We should keep in mind that even the military understands that it is mission first and security second. We need to find a good balance that provides the essential access and protection and protects us from those who refuse to take any responsibility for security.