In the coming months we’ll be commenting on some of the key news trends in the world of Cyber Security Assurance and posting a number of papers and eBooks for downloading.
As I spend increasing amounts of time as an Expert Witness for Cyber Assurance I have been struck by the frequency with which the same scenarios and failings of management are repeated. The lessons learned from previous mistakes are lost, and history repeats itself. Bismarck said: “Fools learn from their own mistakes, a wise man learns from the mistakes of others and does not repeat them.” How much of what is currently hyped in the security world can be seen as the Emperor’s New Clothes, and how much is genuinely ground-breaking and pushing forward not only technology but management skills and business opportunity? The industry which has grown up around Big Data alone is worth more than $100 billion and growing at almost 10% a year – roughly twice as fast as the software business as a whole (The Economist. 25 February 2010. http://www.economist.com/node/15557443.)
Key trends that we’ll be looking at:
“Big Data”: what is it, is it marketing hype, a challenge, a genuine opportunity for the data owner (rather than the analysts) or a combination of all of these?
“Intelligent Buildings and structures” are increasingly developed as hybrid structures combining power, communications, management and storing personal information with some interesting compromises between security, privacy and unfettered access.
“Cyber” has been a much hyped and misunderstood phenomenon but one of massive significance to us all, in business it is far too important to be left to the IT department, it is an Executive responsibility and function: getting it wrong is not an option.
“The Cloud” has been a marketing triumph, but is nothing new – it’s Distributed Architecture re-branded. The Cloud brings potential cost savings, but like so many other things, if misunderstood, mis-sold and implemented casually also brings serious shortcomings.
“UK Government re appraisal of its protective marking scheme” – driven by potential cost and complexity savings this will be an interesting development with an underlying attempt at ‘personal accountability’: we’ll be “in the thick of it” for a very “Yes Minister” experience
And lastly, but maybe first:
“To patch or not to patch?” – we have seen more panic and hot air around ‘patching’ or the application of a manufacturer’s fix to a known failing than most other factors in ICT. What most people do not fully comprehend is that patches have to be applied to real systems that are complex and all different – the law of unintended consequences applies here more than most other places. Patching is both an art and a science and has to be very carefully tested before being applied to an operational system, or there can be tears.