This page contains a Flash digital edition of a book.
Brave None but the


I


n an industry as fast-moving as ours, change is predicted – and expected – as frequently as Joe Bloggs is informed by email that he has won the Nigerian lottery. As editor of Infosecurity, one thing I have learned is that while threats do evolve, and infosecurity defenses do advance, the industry does have a tendency to revolve in a vicious circle. This is one of the many reasons that I believe information security has more in common with the fashion industry than its inhabitants may believe. Sounds absurd? Let me talk you through this.


First, fashion is trend-driven. It requires designers to create the trends – and celebrities to promote them – and it is then justifi ed by the masses who chose to replicate, and thus confi rm, said ‘trend’. Similarly, information security – rightly or wrongly – is absolutely driven by trends. Whether these are determined by the black hats or the vendors’ marketing teams, the industry gets swept up in waves of cyclical hype and theater. In fashion, trends are constantly predicted and analyzed, as they are


a risk. Amorosi concludes that foreseeing that which has no precedent is the more admirable and useful style of prediction. Perhaps the very fashionable Marilyn Monroe got it spot on when she famously said: “It’s better to be absolutely ridiculous


than be absolutely boring”.


In the same way that fashions from one decade have the remarkable ability to re-surface some thirty, forty years later, information security problems and technologies have a tendency to re-invent themselves in annoyingly consistent


circumstances. The resurgence of a particular information security ‘trend’ can be the result of several happenings. Perhaps a high- profi le security breach has occurred, and a combination of media coverage, marketing teams working in overdrive, and mass panic all collide to create the perfect storm. Alternatively, a development in


information technology can leave a trail of excitement, productivity, and security concerns. In this instance, an historic issue that is believed to have been


‘solved’ – network and perimeter security, for example – is called into question when a corporation’s network suddenly needs to embrace consumerization


and mobile devices. Network security,


Complacency is a one-way ticket to failure, and innovation a high-speed journey to success


in information security. For further confi rmation of this, turn to page six to read Drew Amorosi’s collation of 2012 predictions and his retrospective look at how accurate our editorial board were with their 2011 forecast. As in the world of fashion, some got it right, some got it wrong, some played it safe and others took


4


once considered a ‘closed case’, suddenly needs to be re-opened and re-investigated. If I haven’t yet sold you on this analogy, let me explore one more similarity. In fashion, people mainly remember when you get it wrong. Successes and good judgment frequently get overlooked, but faux pas are noted, and remembered; for celebrities,


perhaps even regurgitated in the ‘what not to wear’ section of various magazines until what seems like the end of time. Just ask Madonna. In security, like in fashion, there is little room for mistakes.


An information security professional can prevent one million data breaches, but the one that they fail to interject will be the one that gets remembered; the one that could end their career or call their judgment and ability into question. Fashion, like information security, is unforgiving and often cruel. You can spend all season seeking out the clothes that will allow you to be labeled fashionable, and on the day that you achieve said label, a new line is released and you’re back to square one. In security, a defense will be carefully executed over time. A team will work on a patch or a fi x to a known vulnerability, and more often than not, succeed. In the time that this process has taken, more holes and insecurities will have emerged. Both industries require its professionals to constantly chase a moving goalpost. Coco Chanel once said that “Fashion is made to become unfashionable”. I believe that the same is sadly true of information security: technology is inherently insecure, and security will, inevitably, become insecure over time as cybercriminals fi nd new holes and vulnerabilities. The best that can be done in both industries is to create, look ahead, and keep moving. Complacency is a one-way ticket to failure, and innovation a high-speed journey to success. It is in this spirit that we have created a brand new Infosecurity website and magazine for you. I hope you love it as much as we do. If you haven’t already had the opportunity, visit www.infosecurity- magazine.com to see how the re-brand has translated online. Feedback, as always, is welcome. Email me: Eleanor.dallaway@ reedexpo.co.uk, or tweet me: @InfosecEditor. Enjoy the issue and take care.


Eleanor Dallaway, Editor January/February 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60