Philosophical Thoughts on Information Security

To begin this series of posts on computer and information security, I wanted to pose an interesting philosophical question: namely, why is information security necessary? Although many of the investments that are made into information privacy and security are not related to malicious attacks, there is nevertheless an extraordinarily large amount of investment in information privacy and security mechanisms that is targeted toward protecting systems against attacks by malicious parties. From a philosophical perspective, it’s important to consider what this says about humanity. On the one hand it shows that we are certainly curious creatures, but on the other hand it shows that we as a species are not particularly trustworthy or scrupulous, and we also seem to be quite greedy.

There are many people, organizations, and even governments in the world that would be very happy to steal personal, private information from you or your organization for their own gain. In light of the widespread proliferation of these would-be attackers, such behavior appears to be a natural trait of human beings in virtually all cultures. It is, I believe, important to note that if humans did not behave in this way, then the quantity of time, money, and other resources that individuals, organizations, and governments must invest into protecting their information assets would be much less than it is today.