Talk:Information security/Archive 1

This page can use a lot of work.
This page needs a lot of work. -- ZeWrestler  Talk 20:30, 22 February 2006 (UTC)
 * Feel free to dive in and help out, or to make suggestions about how to fix things. &mdash; Matt Crypto 21:05, 22 February 2006 (UTC)
 * As sooon as i finish grad school aps and midterms, I will. -- ZeWrestler  Talk 05:59, 23 February 2006 (UTC)

I think the statement A simple way to express this is "the right information to the right people at the right time". has the wrong emphasis. It says what the system should do (function), instead of saying what the system should not do (security). A system that gives all information to all users at all times is at least giving the right information to the right people at the right time. The problem is that it's doing more than that as well. -- John Yesberg, 8 April 2006
 * I disagree with you interpretation of the language. I think that sentence, and particularly the use of the word "right", implies "and not wrong." I.e., the right info to the right people at the right time, and not the wrong info, wrong people, or wrong time.--The Yar 19:11, 12 June 2006 (UTC)

Regarding the phrase "right info to right person..." it maybe better to express this as "this is often summarised as giving the right info to the right...". If you google for that phrase you will find many reputable examples of its use, so that could be presented as a fact.

I think that the article gets of to confusing start by implying that info systems security is the same as info security, then in the third paragraph saying that it is a misunderstanding to think they are the same.

This is my first time editting in wiki, and I want to show respect for the effort that someone clearly went to create this page, but I suggest rewriting the main text to:

"The international standard for information security management, ISO/IEC 17799:2005, says that "Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities" and points out that information can exist in many forms, printed, electronic, shown in films or spoken in conversation.

"Three aspects of security generally have to be considered; confidentiality, integrity and availability. This is often summarised as giving the right information to the right party at the right time.  Other authorities also argue for explicit consideration to assurance, that is being able to demostrate acceptable levels of security particularly around complying with legal requirements.

"Until recent years, information security practice has focussed on confidentiality. For example, the long standing UK Goverment classification scheme names the levels of sensitivity of information as RESTRICTED, CONFIDENTIAL, SECRET and TOP SECRET.  It is now more generally recognised that a lot of critical information may be widely available, but still must be correct, for example the prices displayed on an on-line shopping site or corporate accounts, or must be available when required such as emergency response plans.

"Confidentiality and availability, in particular, require a balance to be struck between conflicting priorities. In addition, in most circumstances the security measures have to be cost effective.  As a result, risk management is a fundemental part of information security."

Should I be bold and just bung it in, or will howls of protest arise?

(Yakheart 18:14, 8 December 2006 (UTC))

With your permission, I would like to work on this page. I have put together an outline of my ideas for this article on my user page.

WideClyde 03:49, 8 January 2007 (UTC)


 * The above comments are fairly old and so you are less likely to receive a response. Anyway, you don't need permission to edit pages. See Be bold in updating pages and Ownership of articles. —Centrx?talk &bull; 15:34, 8 January 2007 (UTC)

committed to total rewrite
Monday 8 January 2006. Convinced myself to commit to total rewrite of article. Developed an outline for the article on my User page.

Tuesday 9 January. Inserted "Underconstruction" template at top of article and updated Wikipedia:WikiProject_Laundromat#Cleaning in progress page.

Wednesday 10 January. Replaced introductory paragraphs and included table of contents (affectively a proposed outline). Also started work on the Brief history section - need some help with this. Most history deals only with computer security. I believe Information Security is broader and older than computer security.

Should try to add a statement about why Info Sec is important into introductory paragraph.

Basic principles section may need to be reordered and trimmed down a little. Could fold some subjects together as section is filled in.

Need info about Info Sec laws outside of USA.

Need info about professional organizations outside of USA.

WideClyde 18:33, 10 January 2007 (UTC)