Ponemon Institute recently released their Cyber megratrends as listed below. While I agree with these I think there were a couple that could easily be added to the list. First I would either add or modify Web 2.0 into Web 3.0. Lets look to what is going to happening versus what is happening and just changing. Secondly, I suggest adding Vendor Risk Management. The vendor does not have to be offshore to pose a problem. Vendors are so integrated into companies and business processes that they are like an employee but are not subjected to the same network security assessment requirements in many cases.
Managed Security Services
Managed Vulnerability Scanning
Cyber Security Mega Trends Study
Prepared by Dr. Larry Ponemon, November 18, 2009
The Cyber Security Mega Trends Study was conducted by Ponemon Institute and sponsored by CA to better understand if certain publicized IT security risks are, or should be, more or less of a concern for organizations in the federal sector. We believe the results of our study will be helpful to organizations struggling to understand how they should allocate resources to help ensure their information systems are adequately protected.
Based upon in-depth interviews with IT security experts of Application security risk assessment and prior Institute research, we focus on 10 cyber security mega trends in this study. Each mega trend is believed to affect significantly an organization’s security ecosystem.
Cloud computing – refers to distributed computing solutions that can be owned by thirdparties on data center locations outside the organization’s IT infrastructure.
Virtualization – refers to enabling technologies that allows end-users to access multiple secure networks from a single computer, wherein the PC or laptop essentially acts as the authenticating device.
Mobility – refers to a workforce with access to information no matter where they work or travel and wherein employees can use mobile devices when they travel or work at home: laptops, smart phones, PDAs, memory sticks and more.
Cyber crime – usually describes criminal activity in which the computer or network is an essential part of the illegal criminal activity. This term also is used to include attacks in which computers or botnets are used to enable illicit activity such as data theft or denial of service attacks.
Cyber terrorism – is a specific form of cyber crime in which the end goal is to disrupt or harm a targeted country or region of the world. This term also is used to describe attacks that attempt to steal national secrets including information that minimizes a nation’s defense or economic posture.
Open source – is computer software for which the source code and certain other rights normally reserved for copyright holders are provided under a software license that is in the public domain. This permits users to change, improve the software, and redistribute software in modified or unmodified forms.
Data breach – is defined as the loss or theft of information about people and households. A majority of U.S. states now require organizations to notify individuals when their information is lost or stolen.
Unstructured data – is electronic information on file servers and other storage devices that are not stored in a database or other structured formats, usually resulting from workplace collaboration tools such as SharePoint.
Outsourcing – usually pertains to the transfer of sensitive and confidential information to third parties for data processing or other activities. Outsourcing is done to reduce processing costs and improve operating efficiencies.
Web 2.0 – refers to a plethora of Internet tools that enhance information sharing and collaboration among individuals. These concepts have led to the evolution of web-based communities and hosted services, such as social networking, social messaging, wikis and blogs.