IT security trends are moving away from a tactical, technical focus on IT operations to "information risk management." Bring in the consultants! The evolution toward information risk management is shaking up the way IT security works at many large organizations.
Jonathan Penn, a security analyst at Forrester Research Inc. in Cambridge, Mass., has singled out five trends in IT security that are on your chief information security officer's agenda in 2008:
- GRC: IT governance, IT risk management and IT compliance (GRC) will converge into one
discipline, with greater attention paid to metrics, staffing and optimal organizational
- IT security operations: As IT security technology becomes commoditized and embedded in
IT infrastructure, security organizations will split into two groups: strategy teams focusing on
business issues of risk management, and operational teams overseeing the technical aspects.
security: Applications are a prime target for attackers because they deal with sensitive
data. A "fix it when danger strikes" approach is giving way to proactive security programs that
span the application lifecycle, from bright idea to operation.
- Datacentric security: In an age of many business partners, this is the mammoth effort to
classify data in order to determine who gets to see it and how to protect it. This cannot be done
in a vacuum and requires close communication with business leaders.
- Digital investigations, forensics and e-discovery: This can be a scary and daunting area -- especially e-discovery, in which organizations are still struggling to figure out what constitutes best practices.
Source: Forrester Research Inc. "Five Trends That Will Shape The IT Security Profession in 2008," Jonathan Penn.