Chapter 5. Gathering Information

Information is your business and controlling access to it is what security is all about. Computer security is but one piece of information security. And it is complete information security that the company wants. Information must be protected in all its forms and everyone who has access to the information is responsible for its security. Everyone in the company must understand his or her role in information security ” executives, managers, engineers , office workers, maintenance personnel ” everyone. The employee's understanding of information handling procedures and security reporting procedures should be evaluated as part of an employee's performance review. It is the company's responsibility that each employee understand these things. There must be a continuing security awareness program aimed at all the employees of a company. A visible reporting process to record security incidents is required. Physical access procedures must be in place and followed. All the rules must apply to every rung on the corporate ladder ” from the very top to the very lowest rung. Violations of security principles in order to make things easier for system managers or corporate executives just make it easier for hackers to hack at the highest level of the company.

The hacker gathers information to improve his chances of successfully attacking the system and achieving his goal. Hackers will use a wide variety of methods of gathering information and will be looking for information about the company, its employees, and the computer systems it uses. The computer systems will give up some information, and people will give up even more.