We all understand that risk is a function of both likelihood and impact. Generally, when we think about our security posture we're thinking about likelihood - how probable is it that our security will fail and bad things will happen to the businesses we protect. This is of course a valid and important perspective, but it allows us at times to ignore the other dimension of risk - the potential impact when something bad happens.
One of the less appreciated victims of security failures is ‘trust’. Trust in digital systems is the product of resilience, which in turn is the result of an effective and consistent implementation of appropriate security. When we fail at any element of security and thus fail to assure the resilience of our information systems, there is a breach of trust.
Trust is not just the philosophical goal of information security; it is the concrete and essential infrastructure that any free and prosperous society requires to operate. Trust in healthy societies defines the relationships between peoples and their governments, allows us to race down motorways at dangerous speeds, and enables banks to profit by holding our hard-earned savings for us. Without trust, nothing works. Information systems are no exception; businesses and people need to believe that they can trust the technologies and systems they depend on. Without such trust, information technology would be effectively useless to us and modern society as we know it would collapse.
If consumers of digital information can’t trust the origin or accuracy of important information, it threatens the wellbeing and smooth running of society as a whole. Integrity is an Information Security problem, and we need to build a world in which information can be trusted.
In this presentation, we make the argument that information systems need to be trusted, to be trusted they need to be secure, and to be secure they need us to think about risk in a different way. To fail in that, is to fail not only our businesses, but the customers and communities who depend on us, and who we depend on to survive.