Chapter 29. The Future
IN THIS CHAPTER
Understanding the changing landscape
Top issues in network security
Identifying where to go from here
The only way to plan for the future is to understand the changes that are occurring and use that information to build a robust plan for securing an organization's critical information and assets. Remember that security is all about managing, controlling, and mitigating risk to your critical assets. Before you spend an hour of your time or a dollar of your budget you should ask yourself three questions:
What is the risk?
Is it the highest priority risk?
What's the most cost-effective way of reducing the risk?
Approaching the Problem
Every day you can read the paper or watch the news and hear about another security breach that allows controlled information into the hands of those who would use it for criminal purposes. Unfortunately, what you read is only a small portion of what's actually happening each day. One might ask which is in a worse position, the company that reports its data losses and is in the news for a few days, or the company that hides the fact that 10,000 credit card numbers were stolen, and then has this uncovered by the media. In either case, the company is likely to endure not only news coverage, but also government investigations and possibly lawsuits. The bigger question is the impact to the organization and whether it could it have been avoided or minimized.
For years, companies have focused on lessening the impact when an incident ...