Disaster-Resource.com

The Future of Information Security in 2008 and Beyond

It won’t be easy to implement a good information security plan in 2008, since the days of just needing firewalls and intrusion detection are now long gone. What will a good plan look like in 2008?

In an article on the CIO.com website, Kevin Richards, with Ernst & Young’s Risk Advisory Services, gives his opinion on the state of information security in 2008. “The complexities of what to protect and when, overlaid with requirements of regulation and compliance, create the need for a new type of information security executive—one with business savvy, sound risk fundamentals and holistic technical understanding. These skills, coupled with a strong strategy, will be necessary for organizations to achieve their 2008 information security goals,” he says.

Richards says data protection and governance, compliance and integrating information security practices into business and risk management are at the top of the list for 2008. “Executives must choose carefully,” he says. He notes that “how the 2008 strategy addresses these three critical items may determine the program’s ultimate success in protecting the business.”

His number one item on the 2008 information security agenda is data protection. While protecting data isn’t new, what’s changing is the type of data we now consider valuable. The data of choice is identity data, he says.

And while data protection might be the toughest challenge of 2008, Richards says it is achieving internal and external compliance goals that will be the most measured part of the program. “Whether it’s a question of complying with Sarbanes-Oxley or with the regulatory requirements of the payment card (PCI) or healthcare (HIPAA) industries, compliance initiatives will continue to be a significant driver for and component of the 2008 information security agenda,” he says.

“The role of information security in 2008 and beyond is to help a company understand the risks to, and effect on, business operations stemming from the current environment,” Richards adds. “That means incorporating risks associated with data, privacy, business resiliency and continuity, technology, third parties and, with the help of corporate counsel, even potential legal risks to enable executives to make better business decisions.”

To read the full article, click here: http://www.cio.com/article/168352/The_Future_of_Information_Security_and_Beyond