Friday, September 17, 2010

New Challenges to Information Security

The world of information security continues to grow more complex and to evolve quickly. Of course, we hear a lot about the cloud, and the threats to security that it poses. Companies and cloud providers are starting to address this issue more effectively, but then there is a lot more going on in information security that need to be addressed as well.

Some of the trends have been obvious for some time. But being obvious doesn't decrease the threat. For example, the increasing sophistication of tools available to hackers, the increased linkages of company systems with those of customers, suppliers and others, that result in importing the security issues of those others to some extent. Not to mention the integration of mobile computing and all that is implied by that. All of these things work together to create an extremely challenging scene.

Some, perhaps many, professionals are saying that under present technology and systems configurations, it simply is not possible to protect against all threats. Although there is nothing new about this basic fact, it does mean that the importance of risk analysis and cost.benefit analysis of security measures has been growing even more important. And managements and boards need to understand this fact of security management. They shouldn't be asking if the systems are secure, but rather what threats have been identified and how have they been ranked in terms of importance. What are the remaining risks and are they acceptable. Boards need to understand the way threats and risks are managed. For a very good article on the current state of security management, see this article.

No comments: