The human immune system as an information systems security reference model

The controls an organization places in its information systems are largely determined by its employee's thinking. Employee awareness of system vulnerabilities and the recognition that information is a strategically important organizational resource are two central ideas critical to effective information systems security thinking. For many years a military physical security environment has been the reference model (or a way of thinking) to which people refer when attempting to organize their thoughts about the complex systems security environment. While certainly still of use, this reference model has severely limited the thinking of those of us in the systems security field. This article defines both a new reference model with which people can view information systems security and several reasons why this new reference model should be adopted.