Evolution of Information security threats and countermeasures - Information Security Magazine - Page 1

A Dynamic Decade
Information security has matured as a profession in a mere 10 years, despite waging an endless game of catch-up with threats, legislation and the demands of business.


If you consider yourself an observer of the past 10 years in information security, few would be surprised if you suffer from a touch of whiplash. Things moved pretty quickly, and not many security professionals had the ability to slow things down.

Where to begin? Well, at the start of Information Security's journey in December 1997, there wasn't a security profession. At least not as we understand it today. The chief information security officer was a notion whose time had not yet arrived. Compliance wasn't the bane of corporate security's existence, and macro worms were, well, around.

"The most obvious thing is that 10 years ago, there was no profession," says AT&T senior vice president and chief security officer Ed Amoroso, a veteran of the industry who in his early days at Bell Labs was immersed in a think tank surrounded by UNIX giants Dennis Ritchie and Ken Thompson. "You could be a techie, but there were no CISOs, no senior executives in a company. Now it would be almost impossible to find a large or medium-sized company or government agency that did not have a management-level security staff."

The emergence of the Internet

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

as a ubiquitous business medium touched every facet of IT, and caused the growth of information security as a profession. Guardians like Amoroso and his peers in the enterprise had to learn a whole new lexicon between 1997 and today, and transform the way they looked at their jobs. As more business moved online, it became less of an imperative to protect networks and individual systems, and more about aligning what they do with overall business goals. Risk management became more than a term used by liability companies and financial professionals. Security pros were forced to think in these terms, and build programs to address what has become an organized criminal element targeting not only customer data, but invaluable intellectual property as part of sophisticated corporate espionage. Nations are also suspected of using computers to attack one another, not causing bloodshed but stealing secrets and threatening critical infrastructure.

"We have gone from a lot of malicious, exploratory, vandalism types of hacking to the realm where there is significant economic activity," says luminary Gene Spafford, founder of the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University.

This was first published in January 2008