Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Prime Changes Predicted For IT Security in 2011

ISC Squared : 10 January, 2011  (Technical Article)
John Colley of (ISC)2 is making predictions for how the information security landscape will change in fundamental ways during 2011
People remain the weaki link

As the recent Wikileaks saga makes clear, people continue to be the cause of security breaches.  Firstly, the fact that confidential information is leaking like an old tap out of US governmental departments highlights the people issues of inappropriate access and breach of security policy. Secondly, while Denial of Service (DOS) attacks usually involve people unwittingly, the 60,000 people who took part in the attack on Visa, Mastercard and other web sites points to a disturbing change where people are participating  with intent. A dangerous precedent has now been set by both of these situations  confirming that security is still more of a people than a technology issue. As we move into 2011, education about what is socially acceptable online and in the business environment will become a priority. Voluntarily participating in such attacks must not become accepted behaviour. Freedom of speech is one thing, criminal damage is another. 

 

Security management continues to move out of IT

Information Security professionals continue to move out of the IT organisation and into other parts of the organisation such as legal, internal audit, operational risk and other business units. I expect this trend to continue into 2011 as information security professionals  align themselves more closely with the business functions that they are there to protect and support.  At a recent (ISC)2 conference, less than a third of the audience said they reported through the IT organisation.   This shift was further highlighted in a joint (ISC)2 and PWC whitepaper. It said that CISOs were moving their reporting channel away from the CIO  in favour of the company’s senior decision makers. There is growing recognition that security’s strategic value is more closely aligned with the business than with IT.

 

Security and Risk go hand in hand

In 2011 it will become clearer that information security professionals are in the risk business. This means that we need to make our approach and reaction to information security situations based firmly on the specific risk they pose to the organisation.  The old checklist approach where one size fitted all is no longer appropriate in the way that we deal with information security. 

 

As we move into 2011, the service provided by information security professionals in protecting the business will continue to be valued and demanded.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo