- Continued attention and increasing pressure on the U.S. government to commit more resources to cybersecurity and, possibly, consolidation of information security oversight and budgetary authority within the executive branch.
- More emphasis on securing data at rest, in transit, and in use, with relatively less emphasis on system and network security as environment boundaries become less and less well defined due to increased levels of information exchange, inter-organization integration and cooperation, and use of hosted services like cloud computing.
- Movement in the direction of proactive security, instead of the reactive posture that dominates security programs in both private and public sector organizations today. With any luck this will manifest itself in less security-by-compliance and more testing and validation that implemented security measures are effective.
- Without diminishing the importance of guarding against insider threats, a resurgence in intrusion detection and prevention, in conjunction with efforts to achieve greater situational awareness to combat increasingly sophisticated and persistent threat sources.
- A steady stream of breaches and other incidents to highlight the importance of backing up appropriate security and privacy policies with the means to enforce them.
- Creative approaches and new solutions proposed to address trust among connected entities, including areas such as claims-based identity management, federated identity approaches, stronger identification, authentication, and authorization assertion models, and means to negotiate, establish, maintain, and revoke trust among different entities with widely varying trust requirements in terms of regulations, standards, and risk tolerances.
Friday Squid Blogging: Being a Jumbo Squid
6 hours ago