IT security trends move toward information risk management

Article

IT security trends move toward information risk management

Linda Tucci, Senior News Writer

IT security trends are moving away from a tactical, technical focus on IT operations to "information risk management." Bring in the consultants! The evolution toward information risk management is shaking up the way IT security works at many large organizations.

    Requires Free Membership to View

    Login

    Download Enterprise CIO Decisions for free after registering.

    After registering we will email you the latest issue as well as access to our archive of back issues. Get essential editorial insights that senior IT executives need to run IT operations effectively and efficiently.

    Get Enterprise CIO Decisions Now!

    By submitting your registration information to SearchCIO.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchCIO.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

More on information security

Web services transform security mind-set

E-discovery and litigation for CIOs

Jonathan Penn, a security analyst at Forrester Research Inc. in Cambridge, Mass., has singled out five trends in IT security that are on your chief information security officer's agenda in 2008:

  1. GRC: IT governance, IT risk management and IT compliance (GRC) will converge into one discipline, with greater attention paid to metrics, staffing and optimal organizational structure.

  2. IT security operations: As IT security technology becomes commoditized and embedded in IT infrastructure, security organizations will split into two groups: strategy teams focusing on business issues of risk management, and operational teams overseeing the technical aspects.

  3. Application security: Applications are a prime target for attackers because they deal with sensitive data. A "fix it when danger strikes" approach is giving way to proactive security programs that span the application lifecycle, from bright idea to operation.

  4. Datacentric security: In an age of many business partners, this is the mammoth effort to classify data in order to determine who gets to see it and how to protect it. This cannot be done in a vacuum and requires close communication with business leaders.

  5. Digital investigations, forensics and e-discovery: This can be a scary and daunting area -- especially e-discovery, in which organizations are still struggling to figure out what constitutes best practices.

Source: Forrester Research Inc. "Five Trends That Will Shape The IT Security Profession in 2008," Jonathan Penn.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top