ABSTRACT
Before we can accurately talk about today’s information
security environment, it is useful to explore how informa-
tion security evolved to the current state. Fig. 1 shows the
evolution over the past 40 years as a progression of issues.
In the early days of information security, the discipline was
focused on the mainframe environment, where the infor-
mation was controlled centrally through a single operating
system. The view of information security at this time was
that it was primarily an information technology (IT) issue.
IT at that time was also seen as an overhead expense to
support the accounting and back-end functions of the organ-
ization (vs. operating as a core business enabler).
Information technology was also viewed as being very
technical and not well understood by senior executives
within organizations, although they understood that it was
necessary. To further distance information security from
the senior executives, it was mainly viewed as the manage-
ment of log-in IDs and passwords. As a result of these
perceptions, information security was located within the
IT departments and typically buried somewhere within the
data center operations management.