1 / 27

The Threat Horizon 2010

The ISF Threat Horizon Report 2010 provides a critical examination of emerging threats to information security over the next 24 months. Written for both information security professionals and business leaders, the report identifies key risk factors, including cyber-terrorism and organized crime, and emphasizes the importance of modernizing security strategies in response to evolving threats. With insights into technological advancements and socio-economic trends, the ISF guides organizations on reassessing their risk profiles and adapting their security plans to succeed in a rapidly changing environment.

dionne
Télécharger la présentation

The Threat Horizon 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Threat Horizon 2010 Jason CreaseyHead of Research

  2. The Information Security Forum (ISF) • An international association of over 300 leading global organisations, which... • addresses key issues in information risk management through research and collaboration • develops practical tools and guidance • is fully independent and driven by its Members • promotes networking within its membership.

  3. What the ISF provides for its Members • …and much more besides!

  4. What is the threat horizon? • A report that... • identifies new and changing threats that are likely to impact information security over the next 24 months • is written for both information security and business audiences • informs information security strategy.

  5. Threat horizon methodology Consider the world of the future and how this may give rise to information security threats

  6. The process…

  7. Looking forwards from 2006…

  8. 2006 headlines • Unintentional actions will have the biggest business impacts • It’s not outside… it’s inside as well • More malware • Organised crime muscles in • Threats aren’t single anymore… they’re clustered • Look both ways – inside and out to the near horizon

  9. Source Various, including BBC / The Register 2007 / InsideIDTheft.info And here’s the proof….

  10. Record Mgt Terrorism Energy Compliance Political Legal Discovery Instability 2008 Economic Technical E-economy Extreme Weather Device convergence Digital convergence Organised crime New products Socio-cultural Gen Y Remote Working Home vs. work 2006 predictions for 2008

  11. ID theft Terrorism Lack of trust Intellectual property Political Legal Electronic evidence Cyber- terrorism 2010 Economic Technical Emerging economies Complex ownership Web 2.0 Process control Organised crime Socio-cultural Solar flares Terrorism and organised crime are the only two threats to stay on the list Corporate loyalty Demo- graphics 2008 for 2010… What changed?

  12. Harsherpenalties Protectionism Government More legislation Political Legal Privacy vs.security Inter-dependence 2011 Economic Technical Less R&D Moreoutsourcing CloudComputing Corporate /Home systems Crime Socio-cultural Encryption Internet orreality? Haves vs.have nots Homeworking What will the world look like in 2011?

  13. Information security threats for 2011….

  14. Top five threats in detail

  15. How does the downturn affect information security?

  16. The world has changed… very quickly Espionage, lack of public trust, cyber-terrorism Intellectual property, electronic evidence, identity theft Long-term threats are in the here and now Emerging economies, complex ownership, organised crime Corporate loyalty, demographics Web 2.0, solar flares, process control

  17. Welcome to the new world…

  18. Succeeding in the new world order...

  19. Responding to a changing risk profile • Actions • Adapt to changes in the organisation’s risk profile • Reassess information risk • Use your ‘nose for risk’ • Develop a more agile new security plan ISF report about ‘Profit driven attack’

  20. Managing down the greater impact of incidents • Actions • Change your thinking about the threats • Look beyond historical data • Develop and rehearse responses to a range of events

  21. Keeping up with business change • Social environment(demographics, attitudes, cultures) • Business environment(activities, operations, markets) • Economic environment(credit crunch, realignment of world economy, rise of China) • Global environment(global warming, interconnectivity, competition for resources) • Technological environment(mobile phones, nanotechnology, pervasiveness) Actions • Engage with the business • Question the beliefs • Craft a new security strategy • Plan for uncertainty • Prepare for change

  22. Surviving reductions • Information security will be affected • Spending on information security will reduce • But the reduction will lag the downturns in the economy and organisation • New threats and risks will emerge • Sophistication will increase Nearly two thirds of ISF Members (63%) expect their budget to decrease in 2009 Source: ISF MX Quick Vote Actions • Revise information security arrangements

  23. Building for the future • Actions • Prepare for increased compliance requirements • Maintain level of resources • Make best use of your networks, membership and professional bodies

  24. Beyond 2011..

  25. Beyond the horizon • Biometrics • Embedded chips • Quantum computing • SPIT • Nano technology • AI • New computing interfaces • Everyone connected to everything

  26. What do I do now? • Re-assess the risks to your organisation and its information • Inside and outside… • Change your thinking about threats • Don’t rely on trends or historical data • Revise your information security arrangements • Question ‘security as usual’ • Focus on the basics • That includes people, not just technology! • Prepare for the future • Be ready to support initiatives such as cloud computing

  27. Questions Jason Creasey Head of Research Information Security Forum Tel: +44 (0)207 213 1745 E-mail: jason.creasey@securityforum.org Web: www.securityforum.org

More Related