The Lowering of Security Standards

/// PROMPT /// As a modern day information security professional, write a one page article in markdown format that discusses how our standards for information security have been relaxed over the past three decades. In the opening paragraphs mention, as a clear indicator, the old ‘finger’ network protocol, which allowed computer users to publicly share personal information about themselves, and how in the early years of the Internet the finger protocol was disabled because it might provide clues that could be used in brute force attacks. Then contrast that with the modern day tolerance of social media, which shares a much greater quantity of personal information.

After mentioning the example of our hypocrisy in tolerating the sharing of personal information, mention other areas of information security where security has been relaxed, including reduced emphasis on implementing defense-in-depth, the generation and management of passwords and encryption keys, and a lowering of physical security measures such as lowered emphasis on the use of security cameras, escorting and logging of visitors, and increased us of VPNs and multi-factor authentication.

Mention that there are some areas in which our security standards have improved greatly, including the proliferation of VPNs and the use of multi-factor authentication, the emergence of “zero trust” and stronger network architectures indicated by reduced reliance on “network perimeter security”. Also mention that, since the “good old days”, we have virtually eliminated the use of dangerous unencrypted network protocols such as telnet and FTP.

In closing, remind the reader of our increased security needs due to increased international tensions, and the professional and personal risks we expose ourselves to, including loss of business opportunities due to not meeting the standards of the marketplace, if we do not recommit ourselves to higher information security standards. Mention to the reader that we should never “take our eye off the ball” of information security.