 Hello everybody, my name is Steve Putnam. I've been asked to talk a little bit about what is security? When we start entering into discussions about what security is that falls into three primary categories. If you take all of our coursework and all of the things that we put together and all of the things that we're trying to develop for students to learn how to do and to be proficient in, it boils down into three things. Data or information security falls into trying to protect your information in three ways. And no, we're not going to make you members of the CIA, but that is a good acronym to remember the thing that you need to keep in mind when you're talking about information security. And that is that the first thing you have to be cautious of or aware of is that you're protecting your information from the standpoint of is your information confidential? You hear a lot today about the confidentiality. This is one of the things that the press picks up on very quickly when one of our favorite retailers or one of our, you know, information providers has a lapse in security and all of our confidential information spills out all over the internet. That is big news, sells a lot of things on the internet websites and sells a lot of newspapers, but it's a tragic headache for us who get caught up in this. And so the first thing that companies have to do so that they won't have an extinction level event in their company is to make sure that whatever data they're collecting about the public maintains confidential. They not only have a moral responsibility to keep your data confidential, they now have in our country at least a legal responsibility in almost every environment. So we explore that in our curriculum as well because it's now not just the right thing to do. Sometimes it's the thing that you must be able to prove in court that you've maintained a reasonable, you know, a reasonable attempt to make sure that information was kept confidential or else you're held liable. The second thing that we have here is integrity. When you think of security and you think of data, a lot of what we do in our security courses and a lot of what we will do in our curriculum and just about every course is the data that's being kept, is it maintained in such a way that you can trust that data over time? This is something that has to be taken into account over time. If you're collecting data today, is it going to be kept in such a way that when you access that data that has been archived or it has been maintained in a certain way, is that data going to remain the same today, tomorrow, a year from now, two years from now, 10 years from now, whenever it needs to be accessed? So is that data going to remain exactly the way that it was kept and be able to be reproduced in exactly the way it was originally designed? And that can become a challenge as computer platforms change over time as well. So it's one of the things that have to be considered by companies that are going to keep data over a long period of time. Am I going to be able to look at this blueprint drawing 10 years from now with whatever software is being provided at that time? And that blueprint drawing still reproduced accurately what I created 10 years ago. That's something that you didn't used to have to worry about when you printed this all out on paper. You open the book 10 years from now, it's going to look exactly the same as it did except maybe a little yellowing on the paper 10 years prior. But if you try to open up any file that you created on any computer system 10 years ago on your system today, what kind of trouble are you going to run into with that? And that's something that you have to keep in mind when you're talking about data integrity. The last thing is closely related to that and that is availability. The data has to be available. If it's not available at the time that it's needed, then collecting the data was useless at the point of collection. So if you have information that you've stored, if you have information that you need to make available, is it available when it's needed? This gets into disaster recovery. It gets into elements of how what are we going to plan for in terms of what is the environment going to do to our physical systems? What are people going to do to our physical systems? How can they deny service or access to the things that we've created and the things that we've established to maintain hold and process our data? And are we going to be able to reach that data when the time comes to need it and the time comes to need be able to do what we need to do with it? So when we're considering security, we have to first consider confidentiality, we have to consider integrity, and we have to consider availability. And pretty much everything else that we'll outline or that we will approach from the policy standpoint or the technical standpoint in all of security that we try to pursue in information system security will revolve around one of these three aspects. Is your data confidential? Is your data going to maintain its integrity over time? And is it going to be available when we need it?