IT security is usually associated with guaranteeing the integrity and privacy of data as well as assuring that it will be available when needed. Now, however, a leading expert in cybersecurity, Steve Chabinsky, who serves as a deputy assistant director at the Cyber Division of the FBI, is suggesting that IT security goals should be more expansive. Chabinsky recommends that the core tenets for IT security should also include an aspect he refers to as ‘assurance’.
Chabinsky defines assurance as an organization's ability to have "trust in your software, your hardware, your data," and admits that in the past, assurance has not been a terribly emphasized quality in the IT security field. Organizations sometimes have no way of knowing if their hardware has been modified. Similar problems can occur in the realm of software.
Chabinsky points out that while vendors will often guarantee what functions their programs will perform, they are much less diligent in general about making sure that the programs will not allow digital mischief to occur. Many programs inadvertently allow activity to take place that is not in the best interests of the business organization. Without proper safeguards in place, companies may not even realize that a given software program can represent a risk or play into the firm's IT vulnerabilities.
The need for assurance is one reason why IT consulting can be such a critical factor in the success of a business that relies on information systems to carry out some or all of its core competencies. IT consultants can offer both a threat analysis of risks inherent to a program or system and can suggest ways to reduce the risks.