IT Security Industry 2008 -Trends and Analysis

Get Started. It's Free
or sign up with your email address
Rocket clouds
IT Security Industry 2008 -Trends and Analysis by Mind Map: IT Security Industry 2008 -Trends and Analysis

1. What is the source of trends?

1.1. Surveys

1.1.1. Big 4 Deloitte 2007 Deloitte TMT survey E & Y Report: Security Becoming Business Tool E & Y, and in CIA article PwC

1.1.2. Security Firms Symantec McAffee Avert Labs F-Secure malware detections

1.1.3. Technology Firms IBM ISS x-force_2007_trend_statistics_report.pdf Google

1.1.4. Industry bodies SafE survey Aussies more worried about outbound email than SPAM Comp TIA IT sec shortage American Management Association (AMA) over 50% fire people for email probs The ePolicy Institute over 50% fire people for email probs

1.2. Incidents

1.3. Opinion

1.3.1. DarkR top problems of 2007 storm TJX UK data breaches inter-gov cyber attacks

1.3.2. Venture cap what we need

1.3.3. 50 most influential sec people thing

1.4. Technology

1.4.1. how changes in tech gives rise to trends

1.5. Industry

1.5.1. IT Industry Outsourcing Forums Jericho ISPs privacy monitoring? magazine and trade pubs conferences Intellishield Cyber report

1.5.2. Security industry Tech examples Industry endpoint security under investment Arcsight IPO and logging McAfee China threat report de-perimeter wasted investments Malware Examples Security bodies SANS ISSA magazine and trade pubs conferences

1.5.3. Business Examples online banking online gambling healthcare Credit Card magazine and trade pubs conferences

1.6. Government

1.6.1. Cybercrime

1.6.2. US FTC FTC consumer fraud statistics FCC FDIC bank intrusions rise Congress Cybersecurity plan budget spend GOA art

1.6.3. UK New awareness forum Irish program comment comment can't handle sec problems DOS act of terrorism

1.6.4. EU art making the net safer for kids

1.6.5. Germany online surveillance art legal firewall art

1.7. Academia

1.7.1. ID theft study

1.7.2. boost own security

1.7.3. ENISA

1.8. Standards

1.8.1. ITU national cybersecurity study

2. Trends Data

2.1. to what extent is hard data used?

2.2. what is hard and soft data?

2.3. Drivers

2.3.1. what are they?

2.3.2. what are the factors?

2.3.3. how do they change and evolve?

2.3.4. factors that effect various sectors

3. Topics

3.1. Privacy

3.1.1. not sorted with own topic

3.1.2. privacy monitoring for ISPs

3.1.3. nat sec trump privacy art

3.1.4. solove online book

3.2. ID theft

3.2.1. ID theft study

3.2.2. US ID theft declines

3.2.3. nice art

3.3. Data Loss and Breach

3.3.1. great article with losses and their causes

3.3.2. companies must be more responsible

3.3.3. are companies hurt by data breaches?

3.3.4. increase at edu dedicated site for edu incident analysis

3.3.5. process failures I'd already since quiet some time would like to see added as questions: why was that data sensitive?; are there no better ways to do what that data does (e.g. SSNs are IMHO abused when used to authenticate you, it's like having your password and your loginname the same)?; why was sensitive data stored on a portable device?; where was the absolute need to have the sensitive data?; why was the sensitive data mixed in with less sensitive data?; why was sensitive data allowed out of the organization that collected it?; why was a laptop containing sensitive data left unattended?; ... There usually is a long chain of failures before such data gets leaked. Assuming all of them are normal except the last link that was missing on the chain isn't the right -nor fair- reaction.

3.3.6. UK report

3.4. Online Fraud

3.4.1. FTC consumer fraud statistics nice table

3.4.2. 2008 Feb art The percentage of online revenue lost to fraud in 2007 held steady with 2006 at 1.4%—but as e-commerce grows, the total dollar loss from online payment fraud is growing at the rate of about 20% a year and is estimated at $3.6 billion in 2007, up from $3.1 billion in 2006, according to CyberSource Corp.’s 2008 Online Fraud Report.

3.4.3. art says market bigger than drugs

3.5. Cybercrime and Cyber Security

3.5.1. Illegal Downloads UK crackdown on illegal downloads ISP monitoring comment

3.5.2. trend

3.5.3. trend

3.5.4. trend

3.5.5. arms race

3.5.6. cyber crime increases cyber terror as well

3.5.7. how it works

3.5.8. Cybersecurity plan

3.5.9. Analyzing the Threat of Cyber Attack

3.5.10. what they are doing

3.5.11. national cybersecurity study

3.5.12. untold war

3.6. Internet

3.6.1. DOT AU boom

3.6.2. censorship Gates

3.6.3. online businesses eBay slowdown

3.6.4. Wikileaks art

3.6.5. scams book of scams top scams in last two years scams increasing

3.6.6. availability and outages large scale failure outage comment

3.6.7. ISPs privacy monitoring? stop piracy?

3.6.8. what are the risks of searching?

3.6.9. DOS act of terrorism

3.6.10. making the net safer for kids

3.6.11. art

3.6.12. traffic discrimination

3.6.13. email risk MS and Bill that billion $ email

3.6.14. China biggest internet user

3.6.15. Web as Desktop

3.6.16. 5% of traffic DDoS

3.6.17. mobile operator problems

3.6.18. data source pew

3.7. User attitudes

3.7.1. Aussies more worried about outbound email than SPAM

3.7.2. online shoppers worried about data clueless

3.7.3. perceptions are flawed

3.7.4. women over 50 left behind

3.7.5. 70% p2p would stop if warned by ISP

3.7.6. good

3.7.7. F-secure customer attitudes

3.7.8. web shoppers want sec

3.7.9. young less aware of fraud

3.7.10. effectiveness of consumer warnings

3.7.11. data grazing

3.7.12. data trust

3.7.13. malware pain

3.7.14. millenial attitudes baseline ppt more more

3.7.15. UK people not trust gov with data more

3.7.16. online groups become a force to be reckoned with

3.7.17. UK people feel powerless

3.7.18. don't bother them too much

3.7.19. US people feel safe

3.7.20. social engineering art

3.7.21. 71% don't know about botnets

3.7.22. bypassing security to do work

3.7.23. unaware of threats

3.8. Technology

3.8.1. BluRay wins

3.8.2. Firefox 3 improvements can learn about some flaws fixed

3.8.3. example vulns in security software

3.8.4. EV SSL to stop phishing? art

3.8.5. demise of CAPCHTAS art art breaking for $3 a day

3.8.6. Mac less optimistic on sec

3.8.7. vm risk analysis Year of Virtual Security

3.8.8. patching zero day becoming a myth

3.8.9. Sun adopts MAC from NSA

3.8.10. Web Legitimate sites serving up stealthy attacks mentions the Random JS toolkits seems this was discovered by Finjan and they have other interesting stuff on their site client-side honey pots Google Drive-by Malware increase comment comment Web App 2007 Summary 70% of Web Hacks Are Financially Motivated source feb 08 article findings more searches lead to malware sites 1 in 1000 sites has malware art OWASP more search results get iframed 90% sites vulnerable art art question sets auth

3.8.11. authentication art

3.8.12. problems with anon proxies

3.9. Security Industry

3.9.1. policies

3.9.2. endpoint security under investment good comments and stats

3.9.3. Arcsight IPO and logging

3.9.4. McAfee China threat report looks good, nice diagrams

3.9.5. cost of securing

3.9.6. hall of fame

3.9.7. security economics

3.9.8. McNealy call for security standards more

3.9.9. quote "Someone tasked with trying to influence the activities of an organization without the authority to do so."

3.9.10. leaders how great sec leaders succeed? CSO talk in FS CSO concerns no lines in the sand CISO soft skills next career 10 things learnt

3.9.11. Industry Conundrums art wasted investments security ergonomics where do we belong? we need to learn more about business bruce and marcus security disables business art who guards security? lacking best practices don't bother me with facts sec is a drag on business top 10 issues

3.9.12. de-perimeter art art

3.9.13. People Lack of good IT jobs turns to hacking What we as security people are bad at an aversion to self deception Whitehat low tech hacking ISC2 100K scholarships looking to hire hackers hard working CISOs all about people weakest link still our only problem? unauthorized apps

3.9.14. skills problems IT sec shortage Shortage of Security Skills more lack of skilled IT sec people, despite demand

3.9.15. awareness CISCO CISO better than tech does it work?

3.9.16. pundits top 5 things sec pros should know conference obs

3.9.17. No future - IBM at RSA art

3.9.18. ROI scanning

3.9.19. information-centric symmantec CEO says yes art

3.9.20. threat index Ann Arbour Symantec SANS

3.9.21. what are the biggest everyday sec threats

3.9.22. vendor reports Panda report Q1

3.9.23. conferences RSA that InfoSec thing

3.9.24. security as insurance art

3.10. Work behaviour

3.10.1. over 50% fire people for email probs

3.10.2. monitoring and surveillance

3.11. IT industry

3.11.1. IT failure Qantas how to avoid using portfolio management Billion Dollar failure at Census Bureau

3.11.2. Microsoft Yahoo Vista Vista conspiracy art Google obsession general comment here art hosted services offering art Windows on a Stick PC not dead (yet) Open source formats how much of a threat is a good MS? art MS releases formats Antitrust what spooks MS CSO? windows demise art art

3.11.3. Google

3.11.4. SaaS

3.11.5. licensing unfair licensing more

3.11.6. Outsourcing 3rd party handling of data Sec not good in India Outsourcing and Privacy 2008 Feb art

3.11.7. spending art budget cuts to increase

3.11.8. Software OSS OSS eval in NZ dispelling myths dot bomb 2.0? Moore's law art

3.11.9. Green IT nice ppt from conf malware increase power consumption

3.11.10. comscore and google

3.11.11. 10 mistakes that CIOs make

3.11.12. fast computers

3.11.13. data outstrips storage first time

3.11.14. more worried about data leakage than open networks again again

3.11.15. this year's agenda

3.11.16. vendors should be liable for insecure software

3.11.17. online ad growth

3.11.18. clean customer data

3.11.19. Intel moving to 6 cores

3.11.20. data leaving the enterprise

3.11.21. motivating them to get safe

3.11.22. weak data archiving

3.11.23. Report: Security Becoming Business Tool E & Y, and in CIA article Compliance, privacy and data protection, and meeting business objectives are top three drivers for security don't follow "Many organizations now view information security as a critical factor in meeting business objectives and significant performance improvements are resulting from this increased interaction with corporate leadership and other key stakeholders," said Paul van Kessel, global leader of Ernst & Young's Technology and Security Risk Services. "This alignment has a positive impact on the bottom line and elevates information security from a technology deployment function to a strategic imperative. Organizations that aren't fostering these relationships are missing a key opportunity to move their businesses forward." not such a clear statement after 10 years Security and risk management are merging Some 82 percent of the survey respondents say they have either partially or fully integrated their information security initiatives with their risk management ones, a big jump from 43 percent in last year's report. And the number of organizations that have fully integrated security and risk management doubled, from 15 percent to 29 percent. Still, there's an apparent discrepancy between the inroads gained by security in business and the actual interaction between security and business execs. clear I would say: dependecy but not strategic measure relevance or üower in terms of meetings or face time And finding experienced IT and security staffers is still one of the biggest challenges to delivering security projects. based on E & Y survey security becomes business tool

3.11.24. cybersquatting

3.11.25. sec challenges

3.11.26. IT extinction

3.11.27. lack of security market forces

3.11.28. marketing to C-level

3.11.29. Unburied from the org chart

3.11.30. IT does Matter

3.11.31. 25 disruptive forces

3.12. China

3.12.1. McAfee threat report looks good, nice diagrams

3.12.2. Great Firewall of China

3.13. Economy

3.13.1. Cxx attitudes what Cxx people want and what they do art

3.14. social networking

3.14.1. Harvard Task Force Internet Scholars

3.14.2. decentralisation

3.14.3. facebook economy and widgets

3.14.4. the real deal for business

3.14.5. Tim Berners Lee, people haunted by what they post

3.15. BCM and DR

3.15.1. ireland hopeless

3.15.2. SteelEye

3.16. Business sector

3.16.1. online banking art bank intrusions rise

3.16.2. online gambling Online gambling phishing art chinese spend alot

3.16.3. healthcare Health care threats list weaknesses, attack surface art art

3.16.4. Credit Card PCI art card fraud up

3.16.5. Aussie SMBs

3.16.6. ebay fraud

3.17. Gov

3.17.1. Germany online surveillance art legal firewall art

3.17.2. US budget spend metric to some extent GOA report

3.17.3. UK sec push New awareness forum Irish program comment comment can't handle sec problems top worries

3.18. Malware

3.18.1. blended threats

3.18.2. targetted malware

3.18.3. new malware economy more black market

3.18.4. Auscert

3.18.5. cost of getting compromised machines

3.18.6. botnets exploding on demand large ones control one million

3.18.7. AV (on the way out) comment comment av decline, rise of anti.bots

3.18.8. phishing growth bleak outlook

3.18.9. virus added at factory

3.18.10. drive-by downloads art

3.18.11. spam why SPAM not going away Sym: State of SPAM spammer convicted email inventor did not see spam coming top relay countries rising

3.18.12. encrypted and obfuscated attacks rise javascript main culprit

3.18.13. going rates for zombies

3.19. Insider threat

3.19.1. art

3.19.2. art