Guest Post - Nick Volpe - Top 10 Information Security Trends for 2010

Nick Volpe is a Spring Semester Intern and Cybersecurity Research Analyst for Fortalice®, LLC.  He is a student at Immaculata University.

Research Outline  

Topic: Top 10 Trends in Information Security
Date: 2/15/2010 

TEASER/TITLE: 2010 – Another Chance For CIOs and CSOs to Catch Up To Information Security Hazards 

SUMMARY PARAGRAPH: This year CEOs, CISOs, and CIOs are being pressured into lowering costs and tightening budgets from the economic downturn. Unfortunately, many cuts come at the cost of information security because there is little to no visible return from investing in such efforts. However, despite this fact, the threats to our vulnerable information online still largely remain. There are still many areas that CEOs, CISOs, and CIOs need to keep their eye on to keep their organization safe and ahead of the game.  

KEY FINDINGS
(List 3-5 bullets)

• CSOs & CIOs: Governance, Risk (Identity Management & Efficiency), and Compliance (Sarbanes-Oxley)¹
• Records Management (How long should a company keep a piece of information?)¹ with files getting bigger and bigger and more and more information being collected from new devices
• Encryption & authentication techniques to combat breach of data²
• Securing mobile devices used to access corporate information systems outside of the enterprise³
• Identity and access⁴
• CEOs: http://www.slideshare.net/prspinster1/7-things-every-ceo-should-know-about-information-security-1476062
• Government: Obama Administration looking into expanding communications and information infrastructure as well as promoting cyber security.³

    
RECOMMENDATIONS
(List 3-5 bullets)

• Specific policy development and employee training³
• Maintain a rigorous security configuration³
• Password protection and authentication
• Encryption
• Firewall software and hardware
• Anti-malware protection
• Operating System and software patches
• Keep company’s Intellectual Property and “ideas” secure because hackers are after it⁶

   
BACKGROUND
2-3 PARAGRAPHS
Information Security is a daunting task but all CIOs, CSO, and CEOs are forced to deal with it in this day and age in some form or capacity. In the early days of information technology and the internet, the worry was about computers and the users of those computers. How will our information stay within the organization with things like email and the World Wide Web? Information security personnel have been very successful in developing strategic and creative methods of securing all necessary information and sometimes even protecting employees themselves to certain information.
The big thing that is heard a lot about on the news lately is stolen mobile devices that expose sensitive corporate or consumer data. Despite some flaws in information security that may always exist (i.e. human error), information security personnel have been doing a good job protecting critical information overall. However, there is much work to be done, because as information gets more complex, elaborate, and expansive, so do the hackers that are out to get that information.
Top 10 Trends in Information Security

1. Looking more into Governance, Risk, and Compliance
2. New and improved encryption and authentication techniques (biometrics, etc.)
3. Promotion of cyber security by the government and security firms (Symantec, McAffee, etc.)
4. The use of Virtual Machines in the corporate environment for securing information
5. Using social media and networking to communicate with the world (consumers, employees, research purposes, etc.)
6. Storing data in the cloud for offsite security, collaboration, and speed/efficiency
7. Stronger, more reliable, and secure mobile platforms
8. Hackers for hire or Professional Hackers
9. Spyware holding data for ransom
10. Botnets hidden in legitimate communications mediums

STRATEGIC PLANNING ASSUMPTIONS:
(3-5 Bullets that talk about any future trends noted for beyond 2010)

• Securing virtual machines from infecting physical machines⁵
• Sending more and more information to the cloud with the adequate security measures in place⁵
• Protecting business from new security threats hiding themselves in legitimate communication vehicles⁵

   
ANALYSIS:
2-3 PARAGRAPHS
Mobile devices and social networking are no doubt two of the major trends this year in information technology. They are really starting to hit at the core of information technology departments in both large and small enterprises. CIOs and CSOs now have to look out for new forms of encryption and authentication to allow its employees to safely access corporate information from within and outside the corporate firewall as well as how to maintain these information systems effectively and securely. CEOs are watching to see how they can secure their information while keeping costs down while CIOs and CSOs are looking at new methods of securing data both inside and outside of the network.
CIOs and CSOs should be concerned about social networking this year and the inside-out aspect of information security breaches. Employees need to be adequately trained and various encryption and authentication schemes need to be put effectively into place.
Despite what many organizations assume or understand about hackers, they are after more than simply financial information. More than money-keeping data and records need to be secured in an organization. Criminals are after intellectual property of the company, sensitive information such as trade-secrets, and utilizing company resources for malicious intent such as Distributed Denial of Service attacks (DDoS).
IMPLICATIONS:
5-10 BULLETS

• Rigorous training programs should be developed to educate employees on information security and the latest threats with social networking, mobile devices, and other communication mechanisms.
• Virtual machines and data storage/computing in the cloud is something CEOs, CIOs/CSOs, and the government alike should all be looking and investing into in order to weather the information security storm of the future. Virtual machines can be an invaluable asset to information security in terms of disposability and efficiency.
• Intellectual Property and sensitive company information needs to be secured within the IT infrastructure.
• Costs should not be cut in the area of information security. The return on investing in this is no loss of information that can be very costly and even detrimental to the business model.

SOURCES:

1. Goodchild, Joan. "Three Big Trends in Information Security: Past, Present and Future." CSO Online. 23 Sep 2008. CXO Media, Web. <http://www.csoonline.com/article/450965/Three_Big_Trends_in_Information_Security_Past_Present_and_Future>.
2. "Top 10 trends in Information Security for 2009." CIOL. 24 Dec 2008. CyberMedia India Online, Web. <http://www.ciol.com/Technology/Security/Feature/Top-10-trends-in-Information-Security-for-2009/241208114170/0/>.
3. "Security Trends Report." Oregon.gov. Jun 2009. Web. <http://www.oregon.gov/DAS/EISPD/ESO/Pub/Trends/Trends_2009_06.pdf>.
4. Banerjee, Prosenjeet. "Top 5 Information security trends." Express Computer. The Indian Express Limited, Web. <http://www.expresscomputeronline.com/20090504/technology04.shtml>.
5. "Top 10 information security trends for 2010." Homeland Security Newswire. 30 Nov 2009. News Wire Publications, Web. <http://homelandsecuritynewswire.com/top-10-information-security-trends-2010>.
6. “The four myths of cyber security” by Richard Kirk - UK Director of Fortify Software - Wednesday, 10 February 2010.