Instructors at SANS Security West 2012
This is an effort to chronicle what a number of really smart people believe the state of the information security industry to be, and where we are going. A lot of the emphasis is on security threats, but we also consider what is working and what good practice is. We hope you will be able to use this in your strategic planning and also as input for your security architecture.
Some "predictive" input from SANS Security West 2012 instructors on emerging security trends:
Fear and Loathing in Information Security: What we
are doing is not working. We need to review what we are doing
and why. We need to re-evaluate everything, from passwords to
pentests to firewalls to DLP.We have to stop doing the same thing
over and over again. We have to stop being insane. My
prediction? Companies will start looking for alternative
security technologies to augment or outright replace many of
the technologies that have failed time and time again.
- John Strand
I expect to see a sharp increase in attacks against end-users and administrators who are accessing and controlling cloud-based services (both public and private clouds). Much of the focus is on the security of the cloud itself but very often the end-users are left to their own while connecting from less secure public networks. Administrators in particular will be targeted as they hold the keys to the cloud-based kingdom.
- Bryce
Galbraith- John Strand
I expect to see a sharp increase in attacks against end-users and administrators who are accessing and controlling cloud-based services (both public and private clouds). Much of the focus is on the security of the cloud itself but very often the end-users are left to their own while connecting from less secure public networks. Administrators in particular will be targeted as they hold the keys to the cloud-based kingdom.
No profession has ever achieved status and creditability prior to
developing effective metrics showing cause and effect, providing
reliable prognostication and delivering the information needed by
various parts of an organization to make informed decisions.
Information security is no different. While practitioners
frequently lament the profession’s lack of standing with business
executives, we continue to fail to provide credible answers to
essential questions and reliable evidence for the value of our
craft. Most of us only provide management with obscure
technical measures that do little to provide needed answers,
actionable information or comfort, let alone assurance. But
relentless pressure to cut costs, to increase both effectiveness and
efficiency and do more with less will increasingly drive development
and deployment of better metrics in the coming years.
- Krag BrotbyMore...
No hay comentarios:
Publicar un comentario