Information and Information Security JAAK HENNO, Tallinn University of Technology Tremendous growth of Information Security issues poses a problem - is most of mankind turning criminals or is something wrong with rules? Are we always trying to secure valuable Information or just data and do the rules correspond to generally accepted behaviour? In order to understand better issues connected with Information Security we have first establish concise meaning of terms 'Information' and 'Information Security'. Information cannot be considered separately from an Information Processing System (IPS); a message is Information only for some IPS and is used by the IPS for achieving its goals. In the paper is considered general model of IPSs and their goals. To get some insight of attitudes of users, the mileu of Massively Multiplayer On-line Games (MMOG) is considered. A 'Security Incident' may be just a curiosity; cheating in a game is not considered serious offence by fellow players. Categories and Subject Descriptors: H.1.0 [General]: Information/Entropy—Information/Processing; H.1.1 [Systems and Information Theory]: Natural Information Processing Systems—Unified view/methodology; H.1.2 [Models and Principles]. General Terms: Information, Entropy, Information Processing Systems, Information Security Additional Key Words and Phrases: data, models, games, MMORG 1. INTRODUCTION Insecurity, threats to information, need to defend information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction are nearly always deliberate. Accidents, which in 90ties were responsible for most Information Security issues - a plane flows into an office building destroying all computers in it, employee mistakes ("Format C:"), fire, flood, earthquake, lightning, shooting or otherwise destroying a computer in fit of anger ("You do not have right to access folder 'My Documents'!), issues with ISP or WAN etc account currently only for tiny part of Information Security problems. According to recent report from Panda Labs [PandaSecurity 2014], in 2013 appeared about 82,000 new malware threats per day and in the whole year - 30 million new malware threats, Kaspersky Lab is detecting 315,000 new malicious files every day [Kaspersky 2014] most of them (>70%) - trojans, especially designed for stealing/damaging Information. Current computerized Information Processing systems are vulnerable, rigid and not adaptive, since the main focus in their development is on computer technology and communication protocols. System environments, culture of system users, reasons for attacks, culture and operating modes of attackers are considered less. Threats to Information are not specific only to computers and computer networks, they are present in nearly any Information Processing System (IPS) - social and business organizations, governments, all kinds of living systems down to simplest ones - cells and bacteria. In order understand mechanisms which provoke misuse of information and design and create adaptive information security systems, which can adequately respond to constantly changing dynamic environment and threats and can secure functioning of IPS under attacks and threats the IPS should be considered on more general level. But we should also re-consider rules and practices – do they agree with general understanding of right and wrong? Author's address: J. Henno, Tallinn University of Technology, Ehitajate tee 5, 19086 Tallinn; email: jaakatcc.ttu.ee Copyright © by the paper’s authors. Copying permitted only for private and academic purposes. In: Z. Budimac, T. Galinac Grbac (eds.): Proceedings of the 3rd Workshop on Software Quality, Analysis, Monitoring, Improvement, and Applications (SQAMIA), Lovran, Croatia, 19.-22.9.2014, published at http://ceur-ws.org 4