Time for a revolution in security management

Information security management has reached a strategic inflection point: a time from which the effectiveness of traditional countermeasures will decline sharply. Our approach to security governance has not changed in the last two decade. Today’s methods are rooted in an inward-focused, industrial age perspective. Yet the problem space has shifted dramatically. We need a new approach that is more dynamic and externalized.    
How should we respond? For my take on this issue, read my latest white paper: “Responding to the New Information Security Landscape: New Priorities, New Skills and New Technologies” just published by Qualys. It’s time for no less than a revolution in our approach to information security management.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I must agree that things must change, and fast. One of the biggest paradigm shifts in IT I expect to see over the next few years is the increase in uptake of Cloud services or SaaS. As such, the outsourcing of services effectively removes your control, security measurability and due diligence. We know that cloud services are going to be targeted and exploited due to their nature. Notably, the Google Apps cloud was exploited in 2009 by a Botnet network. Due to the size of the target, they're going to be prone to further attack and exploitation. Whether these have short term service effects or long term depends purely on the level and competency of the attacker. Social networking is a nightmare to govern and can be the source of exploits and privacy breaches. Twitter recently has also been exploited by botnet networks and is still vulnerable.