IT Security Industry 2008 -Trends and Analysis

Get Started. It's Free
or sign up with your email address
Rocket clouds
IT Security Industry 2008 -Trends and Analysis by Mind Map: IT Security Industry 2008 -Trends and Analysis

1. What is the source of trends?

1.1. Surveys

1.1.1. Big 4

1.1.1.1. Deloitte

1.1.1.1.1. 2007 Deloitte TMT survey

1.1.1.2. E & Y

1.1.1.2.1. Report: Security Becoming Business Tool E & Y, and in CIA article

1.1.1.3. PwC

1.1.2. Security Firms

1.1.2.1. Symantec

1.1.2.2. McAffee

1.1.2.2.1. Avert Labs

1.1.2.3. F-Secure

1.1.2.3.1. malware detections

1.1.3. Technology Firms

1.1.3.1. IBM ISS

1.1.3.1.1. x-force_2007_trend_statistics_report.pdf

1.1.3.2. Google

1.1.4. Industry bodies

1.1.4.1. SafE survey

1.1.4.1.1. Aussies more worried about outbound email than SPAM

1.1.4.2. Comp TIA

1.1.4.2.1. IT sec shortage

1.1.4.3. American Management Association (AMA)

1.1.4.3.1. over 50% fire people for email probs

1.1.4.4. The ePolicy Institute

1.1.4.4.1. over 50% fire people for email probs

1.2. Incidents

1.3. Opinion

1.3.1. DarkR top problems of 2007

1.3.1.1. storm

1.3.1.2. TJX

1.3.1.3. UK data breaches

1.3.1.4. inter-gov cyber attacks

1.3.2. Venture cap

1.3.2.1. what we need

1.3.3. 50 most influential sec people thing

1.4. Technology

1.4.1. how changes in tech gives rise to trends

1.5. Industry

1.5.1. IT Industry

1.5.1.1. Outsourcing

1.5.1.2. Forums

1.5.1.2.1. Jericho

1.5.1.3. ISPs

1.5.1.3.1. privacy monitoring?

1.5.1.4. magazine and trade pubs

1.5.1.5. conferences

1.5.1.6. Intellishield Cyber report

1.5.2. Security industry

1.5.2.1. Tech

1.5.2.1.1. examples

1.5.2.2. Industry

1.5.2.2.1. endpoint security under investment

1.5.2.2.2. Arcsight IPO and logging

1.5.2.2.3. McAfee China threat report

1.5.2.2.4. de-perimeter

1.5.2.2.5. wasted investments

1.5.2.3. Malware

1.5.2.3.1. Examples

1.5.2.4. Security bodies

1.5.2.4.1. SANS

1.5.2.4.2. ISSA

1.5.2.5. magazine and trade pubs

1.5.2.6. conferences

1.5.3. Business

1.5.3.1. Examples

1.5.3.1.1. online banking

1.5.3.1.2. online gambling

1.5.3.1.3. healthcare

1.5.3.1.4. Credit Card

1.5.3.2. magazine and trade pubs

1.5.3.3. conferences

1.6. Government

1.6.1. Cybercrime

1.6.2. US

1.6.2.1. FTC

1.6.2.1.1. FTC consumer fraud statistics

1.6.2.2. FCC

1.6.2.3. FDIC

1.6.2.3.1. bank intrusions rise

1.6.2.4. Congress

1.6.2.4.1. Cybersecurity plan

1.6.2.4.2. budget spend

1.6.2.5. GOA

1.6.2.5.1. art

1.6.3. UK

1.6.3.1. New awareness forum

1.6.3.1.1. Irish program

1.6.3.1.2. comment

1.6.3.1.3. comment

1.6.3.2. can't handle sec problems

1.6.3.3. DOS act of terrorism

1.6.4. EU

1.6.4.1. art

1.6.4.2. making the net safer for kids

1.6.5. Germany

1.6.5.1. online surveillance

1.6.5.1.1. art

1.6.5.2. legal firewall

1.6.5.2.1. art

1.7. Academia

1.7.1. ID theft study

1.7.2. boost own security

1.7.3. ENISA

1.8. Standards

1.8.1. ITU

1.8.1.1. national cybersecurity study

2. Trends Data

2.1. to what extent is hard data used?

2.2. what is hard and soft data?

2.3. Drivers

2.3.1. what are they?

2.3.2. what are the factors?

2.3.3. how do they change and evolve?

2.3.4. factors that effect various sectors

3. Topics

3.1. Privacy

3.1.1. not sorted with own topic

3.1.2. privacy monitoring for ISPs

3.1.3. nat sec trump privacy

3.1.3.1. art

3.1.4. solove online book

3.2. ID theft

3.2.1. ID theft study

3.2.2. US ID theft declines

3.2.3. nice art

3.3. Data Loss and Breach

3.3.1. great article with losses and their causes

3.3.2. companies must be more responsible

3.3.3. are companies hurt by data breaches?

3.3.4. increase at edu

3.3.4.1. dedicated site for edu incident analysis

3.3.5. process failures

3.3.5.1. I'd already since quiet some time would like to see added as questions: why was that data sensitive?; are there no better ways to do what that data does (e.g. SSNs are IMHO abused when used to authenticate you, it's like having your password and your loginname the same)?; why was sensitive data stored on a portable device?; where was the absolute need to have the sensitive data?; why was the sensitive data mixed in with less sensitive data?; why was sensitive data allowed out of the organization that collected it?; why was a laptop containing sensitive data left unattended?; ... There usually is a long chain of failures before such data gets leaked. Assuming all of them are normal except the last link that was missing on the chain isn't the right -nor fair- reaction.

3.3.6. UK report

3.4. Online Fraud

3.4.1. FTC consumer fraud statistics

3.4.1.1. nice table

3.4.2. 2008 Feb art

3.4.2.1. The percentage of online revenue lost to fraud in 2007 held steady with 2006 at 1.4%—but as e-commerce grows, the total dollar loss from online payment fraud is growing at the rate of about 20% a year and is estimated at $3.6 billion in 2007, up from $3.1 billion in 2006, according to CyberSource Corp.’s 2008 Online Fraud Report.

3.4.3. art

3.4.3.1. says market bigger than drugs

3.5. Cybercrime and Cyber Security

3.5.1. Illegal Downloads

3.5.1.1. UK crackdown on illegal downloads

3.5.1.1.1. ISP monitoring

3.5.1.1.2. comment

3.5.2. trend

3.5.3. trend

3.5.4. trend

3.5.5. arms race

3.5.6. cyber crime increases

3.5.6.1. cyber terror as well

3.5.7. how it works

3.5.8. Cybersecurity plan

3.5.9. Analyzing the Threat of Cyber Attack

3.5.10. what they are doing

3.5.11. national cybersecurity study

3.5.12. untold war

3.6. Internet

3.6.1. DOT AU boom

3.6.2. censorship

3.6.2.1. Gates

3.6.3. online businesses

3.6.3.1. eBay

3.6.3.1.1. slowdown

3.6.4. Wikileaks

3.6.4.1. art

3.6.5. scams

3.6.5.1. book of scams

3.6.5.2. top scams in last two years

3.6.5.3. scams increasing

3.6.6. availability and outages

3.6.6.1. large scale failure

3.6.6.1.1. outage comment

3.6.7. ISPs

3.6.7.1. privacy monitoring?

3.6.7.2. stop piracy?

3.6.8. what are the risks of searching?

3.6.9. DOS act of terrorism

3.6.10. making the net safer for kids

3.6.11. art

3.6.12. traffic discrimination

3.6.13. email risk

3.6.13.1. MS and Bill

3.6.13.2. that billion $ email

3.6.14. China biggest internet user

3.6.15. Web as Desktop

3.6.16. 5% of traffic DDoS

3.6.17. mobile operator problems

3.6.18. data source

3.6.18.1. pew

3.7. User attitudes

3.7.1. Aussies more worried about outbound email than SPAM

3.7.2. online shoppers worried about data

3.7.2.1. clueless

3.7.3. perceptions are flawed

3.7.4. women over 50 left behind

3.7.5. 70% p2p would stop if warned by ISP

3.7.6. good

3.7.7. F-secure customer attitudes

3.7.8. web shoppers want sec

3.7.9. young less aware of fraud

3.7.10. effectiveness of consumer warnings

3.7.11. data grazing

3.7.12. data trust

3.7.13. malware pain

3.7.14. millenial attitudes

3.7.14.1. baseline ppt

3.7.14.2. more

3.7.14.3. more

3.7.15. UK people not trust gov with data

3.7.15.1. more

3.7.16. online groups become a force to be reckoned with

3.7.17. UK people feel powerless

3.7.18. don't bother them too much

3.7.19. US people feel safe

3.7.20. social engineering

3.7.20.1. art

3.7.21. 71% don't know about botnets

3.7.22. bypassing security to do work

3.7.23. unaware of threats

3.8. Technology

3.8.1. BluRay wins

3.8.2. Firefox 3 improvements

3.8.2.1. can learn about some flaws fixed

3.8.3. example vulns in security software

3.8.4. EV SSL to stop phishing?

3.8.4.1. art

3.8.5. demise of CAPCHTAS

3.8.5.1. art

3.8.5.2. art

3.8.5.3. breaking for $3 a day

3.8.6. Mac

3.8.6.1. less optimistic on sec

3.8.7. vm

3.8.7.1. risk analysis

3.8.7.2. Year of Virtual Security

3.8.8. patching

3.8.8.1. zero day becoming a myth

3.8.9. Sun adopts MAC from NSA

3.8.10. Web

3.8.10.1. Legitimate sites serving up stealthy attacks

3.8.10.1.1. mentions the Random JS toolkits

3.8.10.1.2. seems this was discovered by Finjan and they have other interesting stuff on their site

3.8.10.1.3. client-side honey pots

3.8.10.2. Google Drive-by Malware increase

3.8.10.2.1. comment

3.8.10.2.2. comment

3.8.10.3. Web App 2007 Summary 70% of Web Hacks Are Financially Motivated

3.8.10.3.1. source

3.8.10.3.2. feb 08

3.8.10.3.3. article

3.8.10.3.4. findings

3.8.10.4. more searches lead to malware sites

3.8.10.5. 1 in 1000 sites has malware

3.8.10.6. art

3.8.10.7. OWASP

3.8.10.8. more search results get iframed

3.8.10.9. 90% sites vulnerable

3.8.10.9.1. art

3.8.10.9.2. art

3.8.10.10. question sets auth

3.8.11. authentication

3.8.11.1. art

3.8.12. problems with anon proxies

3.9. Security Industry

3.9.1. policies

3.9.2. endpoint security under investment

3.9.2.1. good comments and stats

3.9.3. Arcsight IPO and logging

3.9.4. McAfee China threat report

3.9.4.1. looks good, nice diagrams

3.9.5. cost of securing

3.9.6. hall of fame

3.9.7. security economics

3.9.8. McNealy call for security standards

3.9.8.1. more

3.9.9. quote

3.9.9.1. "Someone tasked with trying to influence the activities of an organization without the authority to do so."

3.9.10. leaders

3.9.10.1. how great sec leaders succeed?

3.9.10.2. CSO talk in FS

3.9.10.3. CSO concerns

3.9.10.4. no lines in the sand

3.9.10.5. CISO soft skills

3.9.10.6. next career

3.9.10.7. 10 things learnt

3.9.11. Industry Conundrums

3.9.11.1. art

3.9.11.2. wasted investments

3.9.11.3. security ergonomics

3.9.11.4. where do we belong?

3.9.11.5. we need to learn more about business

3.9.11.6. bruce and marcus

3.9.11.7. security disables business

3.9.11.7.1. art

3.9.11.8. who guards security?

3.9.11.9. lacking best practices

3.9.11.10. don't bother me with facts

3.9.11.11. sec is a drag on business

3.9.11.12. top 10 issues

3.9.12. de-perimeter

3.9.12.1. art

3.9.12.2. art

3.9.13. People

3.9.13.1. Lack of good IT jobs turns to hacking

3.9.13.2. What we as security people are bad at

3.9.13.2.1. an aversion to self deception

3.9.13.3. Whitehat low tech hacking

3.9.13.4. ISC2 100K scholarships

3.9.13.5. looking to hire hackers

3.9.13.6. hard working CISOs

3.9.13.7. all about people

3.9.13.8. weakest link

3.9.13.8.1. still

3.9.13.9. our only problem?

3.9.13.10. unauthorized apps

3.9.14. skills problems

3.9.14.1. IT sec shortage

3.9.14.2. Shortage of Security Skills

3.9.14.3. more

3.9.14.4. lack of skilled IT sec people, despite demand

3.9.15. awareness

3.9.15.1. CISCO CISO

3.9.15.2. better than tech

3.9.15.3. does it work?

3.9.16. pundits

3.9.16.1. top 5 things sec pros should know

3.9.16.2. conference obs

3.9.17. No future - IBM at RSA

3.9.17.1. art

3.9.18. ROI

3.9.18.1. scanning

3.9.19. information-centric

3.9.19.1. symmantec CEO says yes

3.9.19.2. art

3.9.20. threat index

3.9.20.1. Ann Arbour

3.9.20.2. Symantec

3.9.20.3. SANS

3.9.21. what are the biggest everyday sec threats

3.9.22. vendor reports

3.9.22.1. Panda report Q1

3.9.23. conferences

3.9.23.1. RSA

3.9.23.2. that InfoSec thing

3.9.24. security as insurance

3.9.24.1. art

3.10. Work behaviour

3.10.1. over 50% fire people for email probs

3.10.2. monitoring and surveillance

3.11. IT industry

3.11.1. IT failure

3.11.1.1. Qantas

3.11.1.2. how to avoid

3.11.1.3. using portfolio management

3.11.1.4. Billion Dollar failure at Census Bureau

3.11.2. Microsoft

3.11.2.1. Yahoo

3.11.2.2. Vista

3.11.2.2.1. Vista conspiracy

3.11.2.2.2. art

3.11.2.3. Google

3.11.2.3.1. obsession

3.11.2.4. general comment

3.11.2.4.1. here

3.11.2.4.2. art

3.11.2.5. hosted services offering

3.11.2.5.1. art

3.11.2.6. Windows on a Stick

3.11.2.7. PC not dead (yet)

3.11.2.8. Open source formats

3.11.2.8.1. how much of a threat is a good MS?

3.11.2.8.2. art

3.11.2.8.3. MS releases formats

3.11.2.9. Antitrust

3.11.2.10. what spooks MS CSO?

3.11.2.11. windows demise

3.11.2.11.1. art

3.11.2.11.2. art

3.11.3. Google

3.11.4. SaaS

3.11.5. licensing

3.11.5.1. unfair licensing

3.11.5.2. more

3.11.6. Outsourcing

3.11.6.1. 3rd party handling of data

3.11.6.2. Sec not good in India

3.11.6.3. Outsourcing and Privacy

3.11.6.3.1. 2008 Feb art

3.11.7. spending

3.11.7.1. art

3.11.7.2. budget cuts

3.11.7.3. to increase

3.11.8. Software

3.11.8.1. OSS

3.11.8.1.1. OSS eval in NZ

3.11.8.1.2. dispelling myths

3.11.8.1.3. dot bomb 2.0?

3.11.8.1.4. Moore's law

3.11.8.2. art

3.11.9. Green IT

3.11.9.1. nice ppt from conf

3.11.9.2. malware increase power consumption

3.11.10. comscore and google

3.11.11. 10 mistakes that CIOs make

3.11.12. fast computers

3.11.13. data outstrips storage first time

3.11.14. more worried about data leakage than open networks

3.11.14.1. again

3.11.14.2. again

3.11.15. this year's agenda

3.11.16. vendors should be liable for insecure software

3.11.17. online ad growth

3.11.18. clean customer data

3.11.19. Intel moving to 6 cores

3.11.20. data leaving the enterprise

3.11.21. motivating them to get safe

3.11.22. weak data archiving

3.11.23. Report: Security Becoming Business Tool E & Y, and in CIA article

3.11.23.1. Compliance, privacy and data protection, and meeting business objectives are top three drivers for security

3.11.23.2. don't follow

3.11.23.2.1. "Many organizations now view information security as a critical factor in meeting business objectives and significant performance improvements are resulting from this increased interaction with corporate leadership and other key stakeholders," said Paul van Kessel, global leader of Ernst & Young's Technology and Security Risk Services. "This alignment has a positive impact on the bottom line and elevates information security from a technology deployment function to a strategic imperative. Organizations that aren't fostering these relationships are missing a key opportunity to move their businesses forward."

3.11.23.2.2. not such a clear statement after 10 years

3.11.23.3. Security and risk management are merging

3.11.23.3.1. Some 82 percent of the survey respondents say they have either partially or fully integrated their information security initiatives with their risk management ones, a big jump from 43 percent in last year's report. And the number of organizations that have fully integrated security and risk management doubled, from 15 percent to 29 percent.

3.11.23.4. Still, there's an apparent discrepancy between the inroads gained by security in business and the actual interaction between security and business execs.

3.11.23.4.1. clear I would say: dependecy but not strategic

3.11.23.4.2. measure relevance or üower in terms of meetings or face time

3.11.23.5. And finding experienced IT and security staffers is still one of the biggest challenges to delivering security projects.

3.11.23.6. based on E & Y survey

3.11.23.7. security becomes business tool

3.11.24. cybersquatting

3.11.25. sec challenges

3.11.26. IT extinction

3.11.27. lack of security market forces

3.11.28. marketing to C-level

3.11.29. Unburied from the org chart

3.11.30. IT does Matter

3.11.31. 25 disruptive forces

3.12. China

3.12.1. McAfee threat report

3.12.1.1. looks good, nice diagrams

3.12.2. Great Firewall of China

3.13. Economy

3.13.1. Cxx attitudes

3.13.1.1. what Cxx people want and what they do

3.13.1.2. art

3.14. social networking

3.14.1. Harvard Task Force

3.14.1.1. Internet Scholars

3.14.2. decentralisation

3.14.3. facebook economy and widgets

3.14.4. the real deal for business

3.14.5. Tim Berners Lee, people haunted by what they post

3.15. BCM and DR

3.15.1. ireland hopeless

3.15.2. SteelEye

3.16. Business sector

3.16.1. online banking

3.16.1.1. art

3.16.1.2. bank intrusions rise

3.16.2. online gambling

3.16.2.1. Online gambling phishing

3.16.2.2. art

3.16.2.3. chinese spend alot

3.16.3. healthcare

3.16.3.1. Health care threats

3.16.3.1.1. list weaknesses, attack surface

3.16.3.2. art

3.16.3.3. art

3.16.4. Credit Card

3.16.4.1. PCI

3.16.4.1.1. art

3.16.4.2. card fraud up

3.16.5. Aussie SMBs

3.16.6. ebay fraud

3.17. Gov

3.17.1. Germany

3.17.1.1. online surveillance

3.17.1.1.1. art

3.17.1.2. legal firewall

3.17.1.2.1. art

3.17.2. US

3.17.2.1. budget spend

3.17.2.1.1. metric to some extent

3.17.2.2. GOA report

3.17.3. UK

3.17.3.1. sec push

3.17.3.2. New awareness forum

3.17.3.2.1. Irish program

3.17.3.2.2. comment

3.17.3.2.3. comment

3.17.3.3. can't handle sec problems

3.17.3.4. top worries

3.18. Malware

3.18.1. blended threats

3.18.2. targetted malware

3.18.3. new malware economy

3.18.3.1. more

3.18.3.2. black market

3.18.4. Auscert

3.18.5. cost of getting compromised machines

3.18.6. botnets

3.18.6.1. exploding

3.18.6.2. on demand

3.18.6.3. large ones control one million

3.18.7. AV (on the way out)

3.18.7.1. comment

3.18.7.2. comment

3.18.7.3. av decline, rise of anti.bots

3.18.8. phishing

3.18.8.1. growth

3.18.8.2. bleak outlook

3.18.9. virus

3.18.9.1. added at factory

3.18.10. drive-by downloads

3.18.10.1. art

3.18.11. spam

3.18.11.1. why SPAM not going away

3.18.11.1.1. Sym: State of SPAM

3.18.11.2. spammer convicted

3.18.11.3. email inventor did not see spam coming

3.18.11.4. top relay countries

3.18.11.5. rising

3.18.12. encrypted and obfuscated attacks rise

3.18.12.1. javascript main culprit

3.18.13. going rates for zombies

3.19. Insider threat

3.19.1. art

3.19.2. art