Information security forecast: Security management in 2009

Information security forecast: Security management in 2009

Tags:   cloud computing  Market trends, predictions and forecasts  SaaS  Software-as-a-Service  virtualization

By David Mortman, Contributor | Jan 26, 2009

This year was an interesting year in privacy and information security, and by looking back, we can clearly discern trends that will likely be a major part of the security management landscape in 2009.

More and more states passed breach-notification laws and several enhanced or extended existing legislation. Software-as-a-Service (SaaS) and virtualization really took off, and compliance's looming presence grew with PCI DSS version 1.2 and some actual enforcement of HIPAA.

Of particular note was Massachusetts' data breach law 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. This is to date the most comprehensive law of its kind, setting a new standard for what breach-notification laws should look like; it covers both paper and electronic records, it mandates appropriate security awareness training as well as security and risk assessments and, most importantly, requires companies to make changes to their security programs in accordance with the findings of those risk assessments.

Similarly, California enhanced the well-known CA-1386 to include not just traditional financial information, but also health care and health insurance data as well.

With new mandates popping up all the time, it's no wonder compliance was one of the biggest focus areas for enterprise information security teams in the past year, and this trend will clearly continue in 2009; there will be more regulation on both the state and federal levels, and stronger enforcement of existing regulations. Fines and other penalties for violations of PCI DSS and HIPAA will continue to rise, along with the inevitable rise in discoveries of malfeasance. As a result, there will be an even larger focus on compliance by upper management, which also means decreased time and budget for necessary security controls that don't clearly fall under a compliance umbrella.

Two other major trends that will continue into 2009 are increased use of virtualization, particularly on the outsourcing side, and an increased focus on the security of Web-based applications. IT shops are always looking for ways to reduce costs and leverage the full value of their existing hardware investments. In 2008, many enterprises finally reached a comfort level with server virtualization in production environments. This trend will continue in 2009 until managers find creative ways of handling this technology dynamic, since there will be a corresponding drop in security as the traditional controls -- such as VLANs and firewalls -- prove less effective. For this reason, during the transition to a virtualized environment, security managers should pay particular attention to systems that contain critical data like corporate financials or source code.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Comments

Comments

ECCI’s Documentation Tool

Submitted by Rose Cariaga on 10 March 2009 - 4:52pm.

ECCI’s Documentation Tool Kit contains all the necessary documents to implement an Information Security Management System in any typical organization. The documents contained comply with all the requirements of the ISO 27001:2005 - Information Security Management System, the best system available for benchmarking globally to assess the information security practices of any organization. This documentation kit contains the complete list of policies, procedures, guidelines, templates, forms, checklists, PowerPoint presentations (with explanatory notes) necessary for implementing an Information Security Management System in line with the International Standard – ISO 27001:2005.
The documents are highly customizable and hence this kit saves your time and effort and resources can be deployed elsewhere. Our conservative estimate is that this kit can help you save at least 35% of time spent on documentation in your journey towards an information security management system. Your goal of achieving the ISO 27001 certification is 100% possible since the complete requirements of an ISMS is mapped in this kit.
This kit is designed by ….
Contents:
• Information Security Manual
• Information Security Policies (Indicate the # and if possible list of documents)
• Information Security Procedures (Indicate the # and if possible list of documents)
• Information Security Guidelines (Indicate the # and if possible list of documents)
• Information Security Forms (Indicate the # and if possible list of documents)
• Comprehensive glossary of information security and computer terms
• ISO 27001 Audit Checklists
• Training Materials
o Awareness Training
o Documentation Training
o Risk Management Training
o Internal Audit Training
• Awareness Campaign Materials
o Quick Reference Cards
o Quick Reference Posters

Rose Cariaga
Mobile No: 09202100742
Email: rose@eccinternational.com

Suite 19- Tower
6784 Ayala Ave. cor. VA St.,
1223 Makati City, Philippines
Telephone No.: 750-5671 to 73
Fax No.: 750-5670
Website: www.eccigroup.com
PHILIPPINES • MALAYSIA • SINGAPORE • INDIA • CHINA • VIETNAM

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
WhiteHat Security reveals top 10 Web hacking techniques
Top 10 tips for protecting sensitive data from malicious insiders
Today's top security priorities
Rustock botnet increases spam traffic
UTM product offers Logansport Savings Bank superior protection

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS