Home > Information Security, Musings > 2010: A Security Odyssey

2010: A Security Odyssey

January 13th, 2010

So here we are. 2010 – a new, shiny year for things to be as %*# up as ever. <sigh>

OK, OK, that was pessimistic sounding. I do have some thoughts in general on this year in security. Here we go:

  • Compliance will be a hot topic again this year. PCI is growing (MasterCard Level 2 peeps, talking to YOU). HIPAA is being changed, legislators are looking at breach disclosure and other topics, etc.
  • DLP – love it or hate it – will get more mature and could become even more relevant with tie-ins to e-Discovery and compliance mandates. Trust me, I hate buzzwords more than most, but I think the notion of keyword searches and data fingerprinting have merit. Just early in the evolution.
  • Howard Schmidt will do almost nothing. Oh sure, he may *talk* and stuff…but I don’t see anything changing this year. The government is just way too bureaucratic and bloated to change quickly. Not his fault, but I don’t think he’ll be the infosec savior by any means.
  • Cloud computing will start to become more tangible, and we WILL have to secure that beeyotch.
  • On a related (sort of) note, virtualization security will leave the “Chicken Little” phase and assume a normal place as YAICTS (Yet Another Infrastructure Component To Secure).
  • We will have to really address some of the major “gray area issues” in security. For example, the whole PI license for computer forensics issue…WTF?
  • Please please please please PLEASE – can we stop being such geeks and embrace risk management as the cornerstone of information security? I’m all for packets, hacking tools, and the like, too…but businesspeople still look at security folks often times like the 17 year-old that still plays with Legos. We talk all this bullshit about wanting to be more accepted with business folks, but many of us don’t really walk the walk. And no, I do NOT think metrics are the answer. <shudder>.

Some other general thoughts (not security):

  • It is officially time to stop clipping your phone to your belt. You are not Batman. In fact, not even Robin.
  • All movie critics suck. Why do we listen to them at all? I, for one, do not need my movies to be deep and meaningful all the time.

And off we go.

Categories: Information Security, Musings Tags:
  1. Rod
    January 25th, 2010 at 14:28 | #1

    If not our belts, where should we put our phones Dave?
    I don’t like having my phone on my belt, it digs into my side when I sit down, but there is no other safe place to put it where it will always be with me, within easy reach and not falling to the floor. Until they start designing dress pants with an extra phone pocket, the belt is the best place. (I don’t wear a suit jacket)

  2. admin
    January 25th, 2010 at 14:36 | #2

    @Rod
    If it does not fit in your pocket, your phone is too big anyway. The belt clip is just out.

Comments are closed.