Chapter 29. The Future


  • Understanding the changing landscape

  • Top issues in network security

  • Identifying where to go from here

The only way to plan for the future is to understand the changes that are occurring and use that information to build a robust plan for securing an organization's critical information and assets. Remember that security is all about managing, controlling, and mitigating risk to your critical assets. Before you spend an hour of your time or a dollar of your budget you should ask yourself three questions:

  • What is the risk?

  • Is it the highest priority risk?

  • What's the most cost-effective way of reducing the risk?

Approaching the Problem

Every day you can read the paper or watch the news and hear about another security breach that allows controlled information into the hands of those who would use it for criminal purposes. Unfortunately, what you read is only a small portion of what's actually happening each day. One might ask which is in a worse position, the company that reports its data losses and is in the news for a few days, or the company that hides the fact that 10,000 credit card numbers were stolen, and then has this uncovered by the media. In either case, the company is likely to endure not only news coverage, but also government investigations and possibly lawsuits. The bigger question is the impact to the organization and whether it could it have been avoided or minimized.

For years, companies have focused on lessening the impact when an incident ...

Get Network Security Bible, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.