November 25, 2007

In my previous job, the term information comfort was used frequently, normally without the understanding what it actually meant. Information comfort can mean the level of trust embedded within the information is the same as the level of trust you have by plugging in a television set into the electrical supply. it’s 240volts and 50hz, you know it wont blow up your TV when you plug it in.

Over the past ten years there has been a change in how the “computer department” was seen, moving from the computer department, IT department, information systems department to what is now termed the information management dept. Similarly a shift from data security to information security and now the emergence of information risk is on its way. The treatment of complete systems as holistic and whole maybe a unrealistic concept at the moment for most of us, but to protect the system from malicious or even benign threats this must start to become one of the systems architects fundamental pillars of systems engineering. To engineer in information comfort or trust, and think of the extended systems, processes and people involved.

As we have seen recently with the HMRC data loss the system (possibly) was not looked at as a whole. Whilst it could be argued the the HMRC system is secure and no data loss has occurred its is clear that the NAO systems were (and will probably still be) part of this “whole” system. The TNT internal post carriers are part of the system and the “junior official” was part of the system. The loss of the data did not occur because a super hacker broke into the HMRC databases, it (allegedly) occurred because a human posted a CD-ROM to to another government department via the internal snail mail.




