Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

IT Security Industry 2008 -Trends and Analysis by Mind Map: IT Security Industry 2008 -Trends and Analysis
0.0 stars - reviews range from 0 to 5

IT Security Industry 2008 -Trends and Analysis

What is the source of trends?

Surveys

Big 4, Deloitte, 2007 Deloitte TMT survey, expectations, help to provide factors, not for financial services, great shark graphics, tech, media, telecomms, source, over 100 global TMT, see p2 for the split, objectives, understand security challenges that the industry currently faces, what is on the horizon, provide underatnding to improve own position, provide benchmarking, areas, governance, investment in infosec, risk, use of sec tech, quality of ops, privacy, DRM, public comments, Tech, Media, Telco Companies Stink At Security, feb 08, from Deloitte survey, take away, Woeful preparedness for security breaches and a reactive mindset prevail among industries that collectively should really know better, findings, no strategy, In the survey, Deloitte found 46 percent of companies did not have any formal information security strategy in place. Yet nearly 70 percent felt very or extremely confident about being ready for external security challenges., reactive, The technology, media & entertainment and telecommunications industries are still in a reactive mode when it comes to their approach to security," Rena Mears, Deloitte global and U.S. privacy and data protection leader, said in a statement., "A prerequisite for effective information security is the implementation of a proactive information security strategy that is closely linked to the company's overall business strategy, business requirements, and key business drivers.", future - the same, However, Deloitte sees a little opportunity for optimism in 2008. More companies in the tech, media, and telco fields should have dedicated chief information security officers overseeing security and governance issues., conclusion, they need CSOs, E & Y, Report: Security Becoming Business Tool E & Y, and in CIA article, Compliance, privacy and data protection, and meeting business objectives are top three drivers for security, don't follow, "Many organizations now view information security as a critical factor in meeting business objectives and significant performance improvements are resulting from this increased interaction with corporate leadership and other key stakeholders," said Paul van Kessel, global leader of Ernst & Young's Technology and Security Risk Services. "This alignment has a positive impact on the bottom line and elevates information security from a technology deployment function to a strategic imperative. Organizations that aren't fostering these relationships are missing a key opportunity to move their businesses forward.", not such a clear statement after 10 years, Security and risk management are merging, Some 82 percent of the survey respondents say they have either partially or fully integrated their information security initiatives with their risk management ones, a big jump from 43 percent in last year's report. And the number of organizations that have fully integrated security and risk management doubled, from 15 percent to 29 percent., Still, there's an apparent discrepancy between the inroads gained by security in business and the actual interaction between security and business execs., clear I would say: dependecy but not strategic, measure relevance or üower in terms of meetings or face time, he report found that 32 percent of the organizations never meet with the company's corporate board or audit committee, and that monthly meetings between the IT and information security teams are three times more likely to occur than meetings between security and corporate officers or business heads. Those security departments that do get face time with the boardroom mostly meet less than once a quarter., And finding experienced IT and security staffers is still one of the biggest challenges to delivering security projects., based on E & Y survey, PwC

Security Firms, Symantec, McAffee, Avert Labs, another SAGE, F-Secure, malware detections, 1000000 detections by the end of 2008, Wing Fei Chia, Security Response Team Manager, - F-Secure Security Labs mentioned the following information. “At the end of 2006 we had about 250 thousand detections in total. That took 20 years to accumulate. (From 1986 to 2006. At the end of 2007 we had doubled our total number of detections to just over 500 thousand. So it only took one year to double the previous twenty year’s accumulation. Taking a look at today’s numbers, we have close to 560 thousand total detections. It’s February 12th. That’s an additional 59000 detections added in 43 days at an average of 1372.093 per day’., as in Future Shock, we live in the middle lane

Technology Firms, IBM ISS, x-force_2007_trend_statistics_report.pdf, looks detailed, comment, #vuln decreased but high sev increased 28%, comment, comment, comment, web browsers under siege, Google

Industry bodies, SafE survey, Aussies more worried about outbound email than SPAM, Comp TIA, IT sec shortage, American Management Association (AMA), over 50% fire people for email probs, The ePolicy Institute, over 50% fire people for email probs

Incidents

Opinion

DarkR top problems of 2007, storm, TJX, UK data breaches, inter-gov cyber attacks

Venture cap, what we need

50 most influential sec people thing

Technology

how changes in tech gives rise to trends

Industry

IT Industry, Outsourcing, Forums, Jericho, ISPs, privacy monitoring?, magazine and trade pubs, conferences, Intellishield Cyber report

Security industry, Tech, examples, patching, zero day becoming a myth, AV on the way out, comment, comment, example vulns in security software, EV SSL to stop phishing?, art, Industry, endpoint security under investment, good comments and stats, Arcsight IPO and logging, McAfee China threat report, looks good, nice diagrams, de-perimeter, art, wasted investments, Malware, Examples, Legitimate sites serving up stealthy attacks, mentions the Random JS toolkits, seems this was discovered by Finjan and they have other interesting stuff on their site, finjan.com, client-side honey pots, securityfocus.com > News > 11376, siteadvisor.com, article mentions MS honeymonkeys for crawling the net, mentions U Wash crawling paper, strategy for testing where a site produces malware on the desktop, cf. Web fountain for caching the web, Google Drive-by Malware increase, comment, comment, Web App 2007 Summary 70% of Web Hacks Are Financially Motivated, source, Breach Labs, feb 08, article, findings, 40 percent of attacks were waged to harvest personal data. Sixty-seven percent of all attacks in 2007 were “for-profit” motivated. Claiming over 20 percent of the total, SQL injections dominate as the most common techniques used in the attacks, more than 44 percent of incidents over the course of the year were tied to non-commercial sites such as government and education, more than 44 percent of incidents over the course of the year were tied to non-commercial sites such as government and education, On the commercial side, poorly designed or vulnerable web applications were most commonly exploited from Internet-exclusive businesses such as social networking, search engine and hosting providers., targetted malware, more searches lead to malware sites, 1 in 1000 sites has malware, new malware economy, more, black market, spammer convicted, Security bodies, SANS, ISSA, magazine and trade pubs, conferences

Business, Examples, online banking, art, online gambling, Online gambling phishing, healthcare, Health care threats, list weaknesses, attack surface, art, Credit Card, PCI, art, questions if self-reg is enough, no gov, magazine and trade pubs, conferences

Government

Cybercrime

US, FTC, FTC consumer fraud statistics, nice table, ID theft stats, nice chart, FCC, FDIC, bank intrusions rise, Congress, Cybersecurity plan, budget spend, metric to some extent, GOA, art

UK, New awareness forum, Irish program, comment, comment, can't handle sec problems, DOS act of terrorism

EU, art, making the net safer for kids

Germany, online surveillance, art, legal firewall, art

Academia

ID theft study

boost own security

ENISA

Standards

ITU, national cybersecurity study

Trends Data

to what extent is hard data used?

what is hard and soft data?

Drivers

what are they?

what are the factors?

how do they change and evolve?

factors that effect various sectors

Topics

Privacy

not sorted with own topic

privacy monitoring for ISPs

nat sec trump privacy, art

solove online book

ID theft

ID theft study

US ID theft declines

nice art

Data Loss and Breach

great article with losses and their causes

companies must be more responsible

are companies hurt by data breaches?

increase at edu, dedicated site for edu incident analysis

process failures, I'd already since quiet some time would like to see added as questions: why was that data sensitive?; are there no better ways to do what that data does (e.g. SSNs are IMHO abused when used to authenticate you, it's like having your password and your loginname the same)?; why was sensitive data stored on a portable device?; where was the absolute need to have the sensitive data?; why was the sensitive data mixed in with less sensitive data?; why was sensitive data allowed out of the organization that collected it?; why was a laptop containing sensitive data left unattended?; ... There usually is a long chain of failures before such data gets leaked. Assuming all of them are normal except the last link that was missing on the chain isn't the right -nor fair- reaction.

UK report

Online Fraud

FTC consumer fraud statistics, nice table

2008 Feb art, The percentage of online revenue lost to fraud in 2007 held steady with 2006 at 1.4%—but as e-commerce grows, the total dollar loss from online payment fraud is growing at the rate of about 20% a year and is estimated at $3.6 billion in 2007, up from $3.1 billion in 2006, according to CyberSource Corp.’s 2008 Online Fraud Report.

art, says market bigger than drugs

Cybercrime and Cyber Security

Illegal Downloads, UK crackdown on illegal downloads, ISP monitoring, comment

trend

trend

trend

arms race

cyber crime increases, cyber terror as well

how it works

Cybersecurity plan

Analyzing the Threat of Cyber Attack

what they are doing

national cybersecurity study

untold war

Internet

DOT AU boom

censorship, Gates

online businesses, eBay, slowdown

Wikileaks, art

scams, book of scams, top scams in last two years, scams increasing

availability and outages, large scale failure, outage comment

ISPs, privacy monitoring?, stop piracy?

what are the risks of searching?

DOS act of terrorism

making the net safer for kids

art

traffic discrimination

email risk, MS and Bill, that billion $ email

China biggest internet user

Web as Desktop

5% of traffic DDoS

mobile operator problems

data source, pew

User attitudes

Aussies more worried about outbound email than SPAM

online shoppers worried about data, clueless

perceptions are flawed

women over 50 left behind

70% p2p would stop if warned by ISP

good

F-secure customer attitudes

web shoppers want sec

young less aware of fraud

effectiveness of consumer warnings

data grazing

data trust

malware pain

millenial attitudes, baseline ppt, more, more

UK people not trust gov with data, more

online groups become a force to be reckoned with

UK people feel powerless

don't bother them too much

US people feel safe

social engineering, art

71% don't know about botnets

bypassing security to do work

unaware of threats

Technology

BluRay wins

Firefox 3 improvements, can learn about some flaws fixed

example vulns in security software

EV SSL to stop phishing?, art

demise of CAPCHTAS, art, art, breaking for $3 a day

Mac, less optimistic on sec

vm, risk analysis, Year of Virtual Security

patching, zero day becoming a myth

Sun adopts MAC from NSA

Web, Legitimate sites serving up stealthy attacks, mentions the Random JS toolkits, seems this was discovered by Finjan and they have other interesting stuff on their site, finjan.com, client-side honey pots, securityfocus.com > News > 11376, siteadvisor.com, article mentions MS honeymonkeys for crawling the net, mentions U Wash crawling paper, strategy for testing where a site produces malware on the desktop, cf. Web fountain for caching the web, Google Drive-by Malware increase, comment, comment, Web App 2007 Summary 70% of Web Hacks Are Financially Motivated, source, Breach Labs, feb 08, article, findings, 40 percent of attacks were waged to harvest personal data. Sixty-seven percent of all attacks in 2007 were “for-profit” motivated. Claiming over 20 percent of the total, SQL injections dominate as the most common techniques used in the attacks, more than 44 percent of incidents over the course of the year were tied to non-commercial sites such as government and education, more than 44 percent of incidents over the course of the year were tied to non-commercial sites such as government and education, On the commercial side, poorly designed or vulnerable web applications were most commonly exploited from Internet-exclusive businesses such as social networking, search engine and hosting providers., more searches lead to malware sites, 1 in 1000 sites has malware, art, OWASP, more search results get iframed, 90% sites vulnerable, art, art, question sets auth

authentication, art

problems with anon proxies

Security Industry

policies

endpoint security under investment, good comments and stats

Arcsight IPO and logging

McAfee China threat report, looks good, nice diagrams

cost of securing

hall of fame

security economics

McNealy call for security standards, more

quote, "Someone tasked with trying to influence the activities of an organization without the authority to do so."

leaders, how great sec leaders succeed?, CSO talk in FS, CSO concerns, no lines in the sand, CISO soft skills, next career, 10 things learnt

Industry Conundrums, art, wasted investments, security ergonomics, where do we belong?, we need to learn more about business, bruce and marcus, security disables business, art, who guards security?, lacking best practices, don't bother me with facts, sec is a drag on business, top 10 issues

de-perimeter, art, art

People, Lack of good IT jobs turns to hacking, What we as security people are bad at, an aversion to self deception, Whitehat low tech hacking, ISC2 100K scholarships, looking to hire hackers, hard working CISOs, all about people, weakest link, still, our only problem?, unauthorized apps

skills problems, IT sec shortage, Shortage of Security Skills, more, lack of skilled IT sec people, despite demand

awareness, CISCO CISO, better than tech, does it work?

pundits, top 5 things sec pros should know, conference obs

No future - IBM at RSA, art

ROI, scanning

information-centric, symmantec CEO says yes, art

threat index, Ann Arbour, Symantec, SANS

what are the biggest everyday sec threats

vendor reports, Panda report Q1

conferences, RSA, that InfoSec thing

security as insurance, art

Work behaviour

over 50% fire people for email probs

monitoring and surveillance

IT industry

IT failure, Qantas, how to avoid, using portfolio management, Billion Dollar failure at Census Bureau

Microsoft, Yahoo, Vista, Vista conspiracy, art, Google, obsession, general comment, here, art, hosted services offering, art, Windows on a Stick, PC not dead (yet), Open source formats, how much of a threat is a good MS?, art, MS releases formats, Antitrust, what spooks MS CSO?, windows demise, art, art

Google

SaaS

licensing, unfair licensing, more

Outsourcing, 3rd party handling of data, Sec not good in India, Outsourcing and Privacy, 2008 Feb art

spending, art, budget cuts, to increase

Software, OSS, OSS eval in NZ, mention OSS TCO tool, dispelling myths, dot bomb 2.0?, Moore's law, art

Green IT, nice ppt from conf, malware increase power consumption

comscore and google

10 mistakes that CIOs make

fast computers

data outstrips storage first time

more worried about data leakage than open networks, again, again

this year's agenda

vendors should be liable for insecure software

online ad growth

clean customer data

Intel moving to 6 cores

data leaving the enterprise

motivating them to get safe

weak data archiving

Report: Security Becoming Business Tool E & Y, and in CIA article, Compliance, privacy and data protection, and meeting business objectives are top three drivers for security, don't follow, "Many organizations now view information security as a critical factor in meeting business objectives and significant performance improvements are resulting from this increased interaction with corporate leadership and other key stakeholders," said Paul van Kessel, global leader of Ernst & Young's Technology and Security Risk Services. "This alignment has a positive impact on the bottom line and elevates information security from a technology deployment function to a strategic imperative. Organizations that aren't fostering these relationships are missing a key opportunity to move their businesses forward.", not such a clear statement after 10 years, Security and risk management are merging, Some 82 percent of the survey respondents say they have either partially or fully integrated their information security initiatives with their risk management ones, a big jump from 43 percent in last year's report. And the number of organizations that have fully integrated security and risk management doubled, from 15 percent to 29 percent., Still, there's an apparent discrepancy between the inroads gained by security in business and the actual interaction between security and business execs., clear I would say: dependecy but not strategic, measure relevance or üower in terms of meetings or face time, he report found that 32 percent of the organizations never meet with the company's corporate board or audit committee, and that monthly meetings between the IT and information security teams are three times more likely to occur than meetings between security and corporate officers or business heads. Those security departments that do get face time with the boardroom mostly meet less than once a quarter., And finding experienced IT and security staffers is still one of the biggest challenges to delivering security projects., based on E & Y survey, security becomes business tool

cybersquatting

sec challenges

IT extinction

lack of security market forces

marketing to C-level

Unburied from the org chart

IT does Matter

25 disruptive forces

China

McAfee threat report, looks good, nice diagrams

Great Firewall of China

Economy

Cxx attitudes, what Cxx people want and what they do, art

social networking

Harvard Task Force, Internet Scholars

decentralisation

facebook economy and widgets

the real deal for business

Tim Berners Lee, people haunted by what they post

BCM and DR

ireland hopeless

SteelEye

Business sector

online banking, art, bank intrusions rise

online gambling, Online gambling phishing, art, chinese spend alot

healthcare, Health care threats, list weaknesses, attack surface, art, art

Credit Card, PCI, art, questions if self-reg is enough, no gov, card fraud up

Aussie SMBs

ebay fraud

Gov

Germany, online surveillance, art, legal firewall, art

US, budget spend, metric to some extent, GOA report

UK, sec push, New awareness forum, Irish program, comment, comment, can't handle sec problems, top worries

Malware

blended threats

targetted malware

new malware economy, more, black market

Auscert

cost of getting compromised machines

botnets, exploding, on demand, large ones control one million

AV (on the way out), comment, comment, av decline, rise of anti.bots

phishing, growth, bleak outlook

virus, added at factory

drive-by downloads, art

spam, why SPAM not going away, Sym: State of SPAM, spammer convicted, email inventor did not see spam coming, top relay countries, rising

encrypted and obfuscated attacks rise, javascript main culprit

going rates for zombies

Insider threat

art

art