In ancient cultures security meant the protection of the tribe's physical safety and critical resources like food, water and tools. That is pretty straightforward compared to the way our definitions of security have evolved in scope and complexity over the millennia. The modern challenge of protecting the privacy of communications has been around as long as political intrigue and war, and many innovative ways have been developed to assure that security. Think invisible ink, parchment that dissolves in water after reading, wax seals on scrolls, cryptography and "This tape will self destruct in five seconds."

Now, we stand hip deep into the Information Age where the compiling, sharing and securing of critical resource information has become a business lifestyle. There is no longer the option of transmitting that information on water soluble paper, dropping it into a nearby lake when you're done with it and (poof!) it's a done deal. Technology has changed so much that any bit of data can now be stored, tracked and shared electronically via computers. How do we protect and secure that information that can so easily be transmitted, stored, copied, manipulated, and destroyed? That is the question that information security or "infosec" answers.

Information security in a nutshell defines "what is protected", "how it is protected" and "what it is protected from". It refers to all the strategies, policies, procedures, mechanisms and technical tools used for safeguarding information and information systems from unauthorized access, alteration, theft and physical damage. It differs from privacy in our context in that it mostly refers to the technology side of your business: Your laptop and desktop computers, servers, routers, and switches that form a computer network, although information technology also includes fax machines, phone and voice mail systems, cellular phones, and other electronic systems.

Why is information security important? Remember the ChoicePoint incident of data theft? Did you hear about what may be the biggest bank security breach yet? Did you know that California law states that if any of the people in your database are Californians you must notify them of a security breach? Did you know the federal government has national security breach legislation pending right now? Can you imagine the expense on all levels of informing people affected and attempting to mitigate a public relations catastrophe?

How does your information security measure up to protect you from potential liability? A vulnerability assessment will analyze your system and provide recommendations as to how to best protect you, your customers, your members, your associates, your employees, your strategic partners and consumers from potential disaster.

Some essential components of information security include:

• Virus protection, Spyware and Adware detection and removal software- Some of the most easily accessible tools to have in your security arsenal. Make sure you have up to date protection on your computer, with the automatic update function turned on if possible. Run a full system scan weekly.
• Authentication & Encryption- How users identify themselves to the network, often with a password, is authentication. Encryption of a message protects it from being read from anyone other than the intended recipient.
• Firewall- Firewalls control all inbound and outbound traffic. Application level firewalls or stateful inspection firewalls, analyze, most commonly by packet filtering, what passes through the router as it forwards data packets along the network.
• Intrusion detection- An intrusion detection system inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from an attempt to break into or compromise a system.
• Internal policies and procedures- A wide variety of policies and procedures help prevent and/or limit liability for internal theft or unauthorized access to data, among many other things.

The task of protecting yourself with state of the art information security technology is a very complex process. Systems need to be continually updated. Policies, processes and procedures need to be constantly reviewed. Don't let your business get caught with your firewall down! The consequences can be devastating to your bottom line.

Darity Wesley is CEO and Legal Counsel for Privacy Solutions, Inc. a San Diego based consulting firm. Her team of Privacy Gurus® work with you to create policies and procedures to establish the expectation of privacy for your members, clients, customers, prospects, affiliates, associates, employees and vendors. You can reach her at (619)670-9462 or Darity@privacygurus.com