nCircle.com >> 360 Security

« 2007 Predictions | Main | SCADAGard SIG To Be Established »

++2007 Predictions

Thanks to terlin for starting off the rounds of the calculated crystal ball gazing into 2007 a.k.a our 2007 predictions. You can look forward to a number of us posting today and tomorrow, so keep reading and read often.

Traditional vulnerability Scanning Is Dead

Organizations will embrace the idea that simply scanning for vulnerabilities is not effective. The sheer volume of vulnerability data, the inability to prioritize and the ever increasing complexity of networks with application interdependencies has already risen as major stumbling factor for corporations. Instead, organizations will shift their efforts to the broader practice of security risk management.

Vulnerabilities, network topology, information assets, security policies and configurations will together be assessed in a context-rich process to help companies focus their efforts on reducing the most important risks to their global information systems, based on business value.

We will begin to see Vulnerability, Compliance, Configuration and Identity Management all fusing together.


Nationally Recognized Security Rating

In today’s financial markets investors rely on analyst reports and metrics. Often time simply referred to by the company providing the metric – Moody’s, Morningstar, Fitch and others. As an investor, these rankings and metrics generally weigh heavily in decision factors. However, we have no security index or rating systems. If as a consumer, you had a choice to take a loan from two companies with varying different security index ratings, you might think twice. Would you want to risk your personal information being negligently handled in return for a lower rate or take a slightly higher rate knowing your information is safer?

The US government will begin to discuss legislation to mandate a consumer oriented “security readiness” index or scoring system for commercial entities—designed to help consumers make an informed decision on which organizations they choose to do business with. This will assist consumers by creating a unified metric that enterprises would be required to report against.

The most interesting part to watch will be the political jockeying. Will the government make a mandate, perhaps the existing analysts will make the move on their own or will the companies themselves try it alone in a self-regulation mantra?

Posted by storms on December 28, 2006 9:09 AM |

Search


About

This page contains a single entry from the blog posted on December 28, 2006 9:09 AM.

The previous post in this blog was 2007 Predictions.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]