ABSTRACT
This chapter examines the increasing importance of security related to information systems, and discusses the four elements of a good security system — business, technical, human, and process. Security professionals devote considerable effort to trying to determine the weakest link. Stealing a person’s social security number makes sense only if it can be used to get something else of value — more information, or physical goods, or any service. In the case of national security, the armed forces are very clear that their objective is to protect the nation’s boundaries and its key infrastructure assets. A healthy balance may emerge through trial and error as customers appreciate the need for security and accept some “inconvenience” while businesses start embedding security as part of their normal deliverables and learn to absorb the associated costs. Software applications become more secure because the underlying layers provide certain security features or models. Security coding guidelines should include technology-specific suggestions because vulnerabilities differ between technologies.
