Published: 12 Jan 2007
From Nimda to NAC, we've been chronicling the information security industry for a decade.
With a new year at hand and the holidays drawn to a close, I try to reflect, appreciate my accomplishments and all that I have, and look to the future with those silly resolutions aimed at self improvement.
Information Security performed the very same exercise. This month, we look at trends security professionals must contend with today and what they need to keep an eye on for tomorrow.
The first FFIEC deadline passed just a few weeks ago, and contributing editor David Strom looks at strong authentication options that help meet the regulation. David also tackles endpoint security and cuts through one of the most-hyped security categories today: Instead of talking about NAC and NAP, which won't be in products for quite some time, he looks at what third-party offerings can help you secure your endpoints.
Then we look into our crystal ball of sorts and talk about some future technologies that will be sure to have security implications: RFID and virtualization.
Meanwhile, here at Information Security we're proud to be celebrating an anniversary. We are going into our 10th year of publishing the magazine where we've chronicled this fast-moving industry through its early days--from high-profile DoS attacks and mass-mailing viruses, to today's concerns over data security and privacy. We've analyzed security inflection points such as Code Red and Nimda, which opened the door for vulnerability management and patch management markets, and Slammer, which exposed problems in SQL Server and spread so quickly it slowed general Internet traffic. We've followed some of the landmark products like Snort, Nessus and Dragon IDS, and have responded to your needs as a buyer with comparative reviews on products that reflect the influx of new strains of malware, and new management trends.
If you've been a loyal reader for 10 years, I'm sure your responsibilities, too, have grown. No longer are you just installing AV and setting up firewalls; today, you talk to your boss about managing risk. The CSO/CISO has evolved to a corporate management position where business skills are essential. The aftermath of corporate scandals and data breaches has spawned a host of regulations such as Sarbanes-Oxley, GLBA and HIPAA with which you must comply. Meanwhile, hackers are no longer teenagers, but rather part of organized crime groups hacking for profit.
While 10 years may seem like a long time, security is also a relatively new industry, and we're seeing the rapid pace of M&A.
As the market matures, we'll continue to showcase innovative products and offer you learning guides, seminars and technical tips as part of our security portfolio of SearchSecurity.com, Informa-tion Security Decisions and Information Security.
In fact, this year we will have two special issues in which we drill down on particular topics. We'll end the year with an anniversary issue looking at 10 years in the security industry and what the future will bring.
While some things change, others remain the same: Bruce Schneier still has a ponytail, it never was the year of PKI, and Oracle and Microsoft are still security's whipping boys.