(ISC)² Links

(ISC)² Twitter Updates

  • (ISC)² Twitter Updates

    CATEGORIES

    Archives

    More...

    About the
    (ISC)² Blog

    • (ISC)² believes in the importance of open dialogue and collaboration, between both (ISC)², its certified members and members of business and society.

      (ISC)² established this blog to provide a voice to its certified members, who have significant knowledge and valuable insights to share that can benefit the information security industry, the people in it and the public at large.

      The postings on this site are the author's own and don't necessarily represent
      (ISC)²'s positions, strategies or opinions. (ISC)² does not control, monitor, or endorse any links provided in this blog and makes no warranty or statement regarding the content on any linked website.

      Those who post comments to blogs should ensure their comments are focused on the topic at hand. (ISC)² reserves the right to remove any post or comment from this site.

      Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org.

      Please click here for FAQs.

      Please click here for the Blog guidelines.

    « Redefining United States Cyber Security: Taking a Holistic View and Machiavellian Approach, part 2 | Main | Keeping Your Information Private: Tips and Tricks for Data Privacy Day »

    24 January 2012

    What´s up for 2012?

    Talking of customers, CSO´s, engineers and other IT security people could give me some insights of what companies are looking for in 2012 in terms of overall IT security.

    Far from a reality or a survey, this is more my personal view of how things will gonna be this year:

     

    Top Challenges

    • Mobile Devices - How to secure so many different devices? How to define borders in a borderless network?
    • Identify Management - How to ensure the proper identity management process and tools when too many systems are moving to outside the organization?
    • Cloud Computing - How to securely take full advantage of it?
    • Incident Response - Some attacks cannot be prevented. How can I detect it earlier and act properly?
    • Log Management - How to proper handle all these logs and how to extract useful information from it?

     

    Top Projects

    • Deployment of Advanced Anti Malware Technologies
    • Deployment of Next Generation Security Devices (Firewall/IPS)
    • Deployment of Endpoint/Network DLP
    • Push for content Encryption
    • Move applications securely to the Cloud

     

    Top Technologies

    • SIEM
    • Intrusion Prevention
    • Secure Communication
    • Anti Malware
    • Strong Authentication Systems

     

    What do you think? Agree, Disagree?

    Le me know your thoughts and comments.

     

    Best Regards and whishes of a great 2012!

    Posted by Alexandre Cezar on 24 January 2012 at 01:40 AM in (ISC)2, Cezar, IT Security, Web/Tech |

    Technorati Tags: , ,

    Comments

    I believe one of the other challenges is the balance between government laws \ regulations, e.g. online privacy and data protection laws, and technological advancements especially in the cloud computing arena for corporations.

    If you look at the "Electronic Communications Privacy Act (1986)", the emails are protected in transit, however once mail is processed and stored it is no longer the same private letter. I think will concern corporations especially those trying to use a SaaS solution for corporate email and web hosting.

    Posted by: Usman | 26 January 2012 at 01:11 PM

    This is all true, as the way I see it. However, another massive challenge, coinsiding with the above comment, there needs to be international standards and laws that enable the standardized investigations, and prosecution of cyber attacks. Information going over multiple countries' borders, each with different laws (some with none) with regards to what is legal/illegal, and poor information sharing, makes it difficult to investigate and prosecute.

    Posted by: Brock Pearson | 02 February 2012 at 10:46 AM

    The question of the legitimacy of data use has always been intended to take into account additional values beyond privacy, as seen in the example of law enforcement, which has traditionally been allotted a degree of freedom to override privacy restrictions.

    Posted by: mspy | 17 February 2012 at 08:31 AM

    Verify your Comment

    Previewing your Comment

    Posted by:  | 

    This is only a preview. Your comment has not yet been posted.

    Working...
    Your comment could not be posted. Error type:
    Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

    The letters and numbers you entered did not match the image. Please try again.

    As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

    Having trouble reading this image? View an alternate.

    Working...

    Post a comment

    Comments are moderated, and will not appear until the author has approved them.

    Enter your email address:

    Delivered by FeedBurner

    Recent Contributors

    Past Contributors