[MUSIC] In today's lesson I'll discuss why information security in the first place. Information security is important to think about in an entire system life cycle. So no matter what system that you are working on, you need to understand a couple key concepts. Number one, we need to discuss why security is important in business. Number two, we're going to discuss how security might impact the bottom line. And number three, I'm going to explain what might impact security. So why do we need to learn about information security? There are three reasons I always come back to when I'm looking at security and building it in. We have threats all over the place, there is risk everywhere. Somebody either always wants to get to your data, someone always puts in a system that may fail and they don't have a good backup, and there's also going to be some time that somebody has poor system management. Or is not doing what they are supposed to do. So let's talk about somebody wanting the data. This could come in the form of hackers or hacktivists, phishers, or even your next door neighbor. Your next door neighbor might want your Wi-Fi password, so that they can get into your internet and use free wireless. Hackers are always trying to get into financial systems, especially organizations that have not only financial systems, but have critical data. So think about a university, for example, student data is important, because everybody is paying for college, so why not try to attack those systems? Or gain some other kind of information on students? Universities tend to have big networks as well. So if they can compromise the network in some way, they may be able to use that network to do other things, like send out spam, for example. Systems fail, someone is always going to put in a system that doesn't have the respective backups that is needed, or the redundancy that is in place. So, information security needs to be thought about from an availability standpoint. And to make sure that when you're building systems, and when other people are building systems, that they are putting safeguards in place for the data, or for the overall system. To make sure that, let's say that there's a power outage and you can't retrieve the data, or let's say a hard drive fails, do you have a backup of the data? So systems fail constantly, and it's always inevitable, they're electronics. Information security, if it's a forethought will help you understand that redundancy needs to be put into everything. Additionally, incorrect configurations, incorrect configurations could lead to system failures. So for example, several weeks ago, there was an Amazon outage, that was due to a configuration error. It cost whoever had their websites on Amazon and conducting business on Amazon, millions and millions of dollars a minute because somebody accidentally mistyped a command. There's always accidental destruction too, systems fail. So if I accidentally drop my laptop and it damages the hard drive, let's say it was on and I had a spinning hard drive and it completely messed up the data, corrupted the data. Then it's a failure, it's a system failure. Lastly, poor system management, this again goes into poor misconfigurations, misconfigurations cause security issues. So if we're always thinking about information security in the first place, we may be able to solve some of those issues right up front. In thinking about how threats have a way of getting into a system, or thinking about how we put safeguards in place so that misconfigurations don't happen. Think about in your home, or think about at a local coffee shop, the Internet of Things. The Internet of Things are things like your Apple TVs, or even your phone, for example, could be considered an Internet of Thing. TVs, these all have the model of install it and forget it. Where people put these devices in place and forget that they are there, so they never update the operating system. So thinking about how we protect those devices when we put them in, will get you further and help you protect your other systems if information security is thought about right up front. What about your noisy neighbors again? Poor system management is something like not setting your password on your wireless, or setting up a insecure password on your wireless, allowing neighbors to get in. When you put systems in place, when you put electronics in place, no matter if it's at your home, or if it's in a business, make sure that you have the forethought of thinking about security. There are more reasons why we need information security. And I briefly talked about and touched on some of the points where we may need to think about information security when we're setting up systems. In the next module I'm going to talk about the CIA triad and what that means for information security.
