When it comes to enterprise information security, it's never easy to know what's in store. That, however, hasn't kept us at SearchSecurity.com from asking our panel of experts about their predictions on what they see as this year's emerging security trends.
Some problems of the past, like VoIP technology vulnerabilities, poor application software development and PCI compliance headaches, have not disappeared and have yet to be effectively addressed in many organizations' information security policies. The articles below -- written by professionals whose experience ranges the full spectrum of enterprise security -- explain what can be done to take on these common concerns.
But 2008 won't just be a year of the same old network, application and compliance issues. New malware has hit the scene, cyberterrorist attacks have become more common, and virtualization technology has presented different enterprise network security challenges. Mike Chapple, Michael Cobb, Joel Dubin, Mike Rothman and Ed Skoudis explore various information security areas and point out the new threats that every organization needs to be ready for.
ENTERPRISE SECURITY 2008 LEARNING GUIDE
Emerging Information Security Threats
Malware trends suggest new twists on old tricks
Taking hints from last year's range of cyberattacks and malicious code, information security expert Ed Skoudis reveals how enterprises can prepare for five key threats that are likely to dominate headlines in 2008.
Addressing VoIP and virtualization
In this tip, network security expert Mike Chapple takes a look into the crystal ball and examines the future of virtualization and VoIP, two technologies growing in popularity -- and perhaps security vulnerabilities as well.
Identity and Access Management
Assessing access management
Access management troubles were hardly few and far between in 2007, and according to IAM expert Joel Dubin, access management challenges aren't going away in 2008. Dubin outlines this year's key issues, including remote access, provisioning and Web authentication.
Building trust into the application development process
The Storm botnet, launched a year ago, proved that malicious hackers were developing more sophisticated botnets -- and more sophisticated business strategies. As Michael Cobb explains, it's just one reason why application security pros need to keep a closer eye on their organizations' code-builders in 2008.
Security management in 2008: What's in store
Looking back on 2007, compliance and PCI DSS preoccupied the minds of most security management professionals. Security expert Mike Rothman outlines what information security managers can expect to be the hot management topics for the year to come and how CISOs and security professionals alike can prepare for 2008.
About the authors:
Ed Skoudis is a SANS instructor and a founder and senior security consultant with Intelguardians, a Washington, DC-based information security consulting firm. As an expert on SearchSecurity.com, Ed answers your questions related to information security threats.
Mike Chapple, CISA, CISSP, is an IT security professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Chapple is also SearchSecurity.com's resident network security expert.
More predictions for 2008
The SearchSecurity.com editorial Security Squad discusses whether a massive cyberattack will strike in 2008.
Executive Editor Dennis Fisher reveals this year's crop of dangerous, new malware.
Art Coviello, CEO of RSA Security, sees sweeping changes ahead for security professionals.
Joel Dubin, CISSP, is an independent computer security consultant. The Microsoft MVP and author of The Little Black Book of Computer Security is ready to answer your identity management and access control questions.
Michael Cobb, CISSP-ISSAP, is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and regularly answers platform security and application security questions for SearchSecurity.com.
- Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Rothman also offers SearchSecurity.com readers advice on security management.
This was first published in February 2008