2002 predictions from expert Stephen Mencik

Article

2002 predictions from expert Stephen Mencik



We asked security experts to give us their industry predictions for the New Year. Here's what Stephen Mencik had to say.

I've never had a very good crystal ball, but I'll give you my thoughts.

  • 2002 will (again) be billed as the year for public key infrastructure (PKI). Again, PKI will not be widely implemented.

  • There will be greater emphasis on using biometrics for identification and authentication. While this is a good thing and will likely have success in the long run, I don't think the user community at large is ready yet for wide-scale biometric implementations.

  • There will continue to be many virus and worm attacks, and many people and companies will be affected due to continued poor operating practices (not stopping certain types of e-mail attachments, not updating antivirus signatures, etc.).

  • Web site defacements and other Web server attacks will continue. Many people still do not keep up with security patches and other advisories. Even those that do can still get hit. Remember that the attacker's job is easier than the defender. The attacker only needs to find one hole, the defender needs to find (and fix) them all.

  • National Security Telecommunications and Information Systems Security Policy No. 11,

      • Requires Free Membership to View

      Login

      SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

      Michael S. Mimoso, Editorial Director

      By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

  • the National Information Assurance Acquisition Policy, requires that after July 1, 2002, the acquisition of all Commercial Off-the-Shelf Information Assurance (IA) and IA-enabled IT products be limited to those evaluated in accordance with either the Common Criteria, National Information Assurance Partnership Evaluation Program or the Federal Information Processing Standards' validation program. Despite this policy, many waivers will be granted allowing non-evaluated products to be acquired, rendering this policy moot, much as the policy for "C2 by '92" became a non-issue.


    Stephen Mencik
    Stephen is a Senior Infosec Engineer for ACS Defense, Inc. He has worked in computer and network security since 1981, and was a charter member of the DoD Computer Security Center. Stephen answers your network and infrastructure security questions via searchSecurity's Ask the Expert feature.
    Do you agree or disagree with Stephen's predictions? Share your thoughts in our .gIafacuhcha^0@.ee84078!viewtype=&skip=&expand=>anonymous discussion forum.