Enterprise Security Trends Blog | HP Blogs

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Subscribe
Article Options

3 Key Trends in Information Security Management in 2011

by Info_Security on 11-10-2011 02:29 PM - last edited on 11-10-2011 02:31 PM

By John Fitzgerald, Worldwide ISM Services Manager

 

As the volume of information we process in our daily work lives increases, CISOs need to stay on top of information security management. Here are 3 of the latest ISM trends to watch for:

 

1)      The increasing use of mobile and consumer devices in the corporate environment

2)      The accelerating rate of evolution of the threat landscape

3)      The effect of economic instability on the ability of organisations to adequately protect themselves

 

 

561456494_4349b94cfa.jpgThe challenge of mobile devices in terms of security is one of the consequences of their benefit – small and portable is also easy to lose. Mobile devices typically, though there are exceptions:

 

  • Offer less resistance to attack than traditional office or data centre based solutions
  • Have inordinately large and relatively unprotected data storage capacities
  • Will become the attack vector of preference for many attackers

 

 

4348990036_e972e3ec86.jpgAny bystander looking at the progress of technical threats to Information Communications Technology (ICT) will have seen the alarming rate of increase in the complexity and persistence of exploits being brought to bear against corporate and nation-state systems.

 

This rate of increase is unlikely to be slowed because information itself is a form of wealth, as well as being the means to unlock direct financial assets. It will, therefore, require ever more complex automated detection and prevention capabilities.

 

It will also drive the development of more offensive capabilities, firstly to enable the recovery of assets and secondly to deter all but the professional or state-sponsored threat actors.

 

 

5394616925_6f5dd9b5e2.jpgIn any time of financial austerity, commercial organisations and governments seek to minimise spending. History shows that one of the ways they do this is to cut back on what they consider to be non-essential new investment first, then seek to do basic existing functions at a lower cost.

 

Given the two challenges expressed above, this means that information security will be required to do more for less and, therefore, will have to be smarter.

 

Expect to see evidence-based decision-making becoming more prevalent over simple security by rote activities – do we really need to patch everything every week, or should we focus our effort on defence in depth across the entire infrastructure, discuss?

 

 

Download this HP white paper, Rethinking your Enterprise Security: Critical Priorities to Consider, and learn how to start the journey to end-to-end security.

 

If you’d like to find out more information on how HP can help you better manage security policies and governance to provide comprehensive risk mitigation, download our Information Security Management Outsourcing Services fact sheet.

Labels:

We encourage you to share your comments on this post. Comments are moderated and will be reviewed and posted as promptly as possible during regular business hours.

To ensure your comment is published, please follow our community guidelines.

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 

Find HP in Social Media

Facebook Twitter YouTube SlideShare Flickr
About the Author
  • After graduation from Oxford University, Paul developed laser technology for NASA satellites, before moving into IT Security at Cable & Wireless in 2000, where he led the development of Internet Security Services. In 2005, Paul joined Vistorm, now HP Enterprise Security Services, as a Security Architect, where he is technical lead for mobile device and endpoint security solutions. Paul is CISSP and ITPC certified, is a CLAS consultant and M.Inst.ISP. He has recently completed the MSc Information Security at Royal Holloway, University of London.
  • A business first, senior executive, with over 20 years of hands on experience in defending banks, governments and corporations against cyberwarfare. My career in security started when I was employed to crack a secure system, which had locked down the boot process, whitelisting of applications and encrypted disks. I linked TeamOffice (an ICL email and collaboration system) with Microsoft Word to send an email which allowed me to do anything the person reading the email could do and send the results back to me, all without there knowledge. Having proved this vulnerability, I worked with Peter Simpson to create Defuse, a tool that blocked inappropriate actions. This successfully blocked Winword Concept, the first known malicous code in the wild. From these begginings I have investigated all aspects of security to provide an holistic approach to security as a business enabler and currently advising organisations on the suitability of the cloud to their needs.