Information Security 2020

Back in October, the ISSA-UK Advisory Board, together with some of the UK’s top information security thought leaders, met to discuss the challenges of the next decade of information security. The meeting, held at the House of Commons and chaired by the Rt. Hon. David Blunkett MP, resulted in a fascinating and engaging exchange of views. Last week I presented the results to an ISSA-UK chapter meeting. My report of the findings, with a preface by David Blunkett, has just been published on the ISSA-UK web site.

You can’t of course expect a perfect or complete analysis from a single event, no matter how knowledgeable the contributors. But this one is quite good and compares favourably with existing forecasts from analysts. More importantly, I hope that we can build on this basis over the next year, to produce a more sophisticated road map for the next ten years.

The next decade will be highly significant, as we’ve clearly reached an inflection point in information security, a time beyond which existing practices will progressively fail. Over the next few years we need to encourage the development of new approaches, skills and solutions. And do not accept, as many claim, that we already have enough science, technology and methods. We don’t.

Let’s face it, we haven’t even solved long standing solutions such as how to design secure systems, influence user behaviour, tackle insider threats and secure external supply chains. In the future these challenges will be greatly amplified by step changes in threats, information volumes and in the use of external services.

To respond to these challenges, we have to stop behaving as a herd, and encourage greater innovation. More of the same won’t do. That means governments should sponsor more competitions, institutes should stop stamping out alternative approaches, and security managers should stop complaining about the proliferation of new security products. So let’s stop promoting best practices and start saluting new ideas.  

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

This doesn't seem to add anything helpful at all - I've read it and tried really hard to find something new, but to no avail : ( It's the same people talking to each other about the same stuff and naval gazing. If it is indeed the truth that "we haven't even solved long standing solutions such as how to design secure systems, influence user behaviour, tackle insider threats and secure external supply chains." and that "In the future these challenges will be greatly amplified by step changes in threats, information volumes and in the use of external services." then as professionals surely we should be determinedly finding solutions and continuing to tackle the barriers and human factors issues that have prevented success thus far?? Or we should all just pack up and go home because we haven't been listened to thus far and we are indeed heading for ongoing anarchy and appear to be less in control rather than more. Frankly, I find it all very depressing given the level of repetition over the years and the huge volume of resources available to tackle the challenges most of which are not really new if you lift the veils of rhetoric and acronyms :(
Cancel
What a cynical response, Andrea! There is much that is new and vital, as well as quite a bit that needs to be added. The call for innovation is important, as most of the security community (as well as the instutions and standards bodies) discourage new approaches. Also, the need to address the SME problem. (ISSA-UK are alone in tackling this with a new standard.) Not to mention the key recommendations that Government should not take the lead, and that supply chain security must be addressed. The reason that many security practitioners "haven't been listened to" is because the current crop of approaches and solutions used are neither effective nor compelling.
Cancel
David, I don’t think that that ISSA-UK are tackling this problem of SME security alone. We have been addressing the SME security for several years and have published the Certified Digital Security (CDS) standard which is free for all to use and follow. We have promoted CDS nationally, regionally and internationally conducting presentations at 360IT and even had a stand at the Wales eCrime conference last year where you were speaking. If you are looking for assistance and help (at the ISSA-UK), please drop me a note, as we have been through the pain of writing standards and then trying to implementing them with less than interested and non-technical SMEs. As Andrea suggests it can be depressing and frustrating as they (SMEs) don’t want to listen; in many organisations security still smells of cost and extra work. But then again we don’t do IT Security because it is easy, we do it because of this very challenge and because we think we can make a big difference to the organisations we work with.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close