Apparently Osama Bin Laden has been killed by U.S. Forces in Abattobad, Pakistan. There is little evidence for this, as the body was subsequently buried at sea. Of course, we can’t call President Obama a liar as he says he watched the operation unfold live via satellite. But to be honest, they could have shown him a trailer for the next Call of Duty Game and he probably wouldn’t be able to tell the difference.
So what does any of this have to do with information security?
Information doesn’t just need to be secure, but when it is released, it needs to be authentic. You want to make sure that
a. You have a reliable source of information
b. The information from the source hasn’t been changed in any way shape or form.
c. The source may be dependant upon multiple other sources – some of whom may not be as reliable.
d. Even when the source is reliable, supporting evidence will provide .
So in this instance, some people may doubt President Obama as a reliable source, they most likely don’t trust his sources, because they aren’t privvy to insider information and on top of that there has been no evidence provided (e.g. a body) to support the claim. It’s therefore unsurprising that a few people maybe somewhat reluctant to believe the assertion – regardless of whether it’s true or not.
Similarly, if you’re an executive in an organisation and you ask one person whether your company’s data is secure and they say “yes”… what confidence do you have in that answer? How many dead bodies has your CISO buried at sea?
Javvad Malik 