2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
IT security practitioners should understand why the bits, bytes and network connections - the technologies - are important to their organization's goals. Ignorance of the mission, for IT security folks, isn't bliss.
Heavily regulated industries like banking and healthcare have been reluctant to make the virtualized leap to the cloud, fearing a loss of control could open them to unforeseen risk. Are their concerns unfounded?
Looking at the international stock market crash and the impact it's likely to have on future investments in fraud detection and prevention, how much can banks and credit unions reasonably afford, when economic stability is shaky and the financial future uncertain?
CEO Jack Tretton didn't minimize the breach, grouping Sony with others that have been hacked in recent weeks. "If you read the newspapers, you realize that there are companies being bombarded with people trying to hack them all the time."