This blog entry is the eighth concerning my ten predictions regarding events and trends that I have said will come to fruition in 2008. The eighth is:
8. PCI-DSS compliance will grow in focus and importance to point that it will become one of the top two or three security issues in security practices of organizations that deal with credit card information. The amount of fines for non-compliance will also proliferate greatly as an increasing number of corporations and organizations are found to be out of compliance.
Although I knew something about compliance before I came to High Tower Software, my work here has made me realize how relatively little I actually knew before. My job has necessitated that I become thoroughly acquainted with the major regulations and statutes involving information security issues. Of all the ones with which I have dealt, none has been as complex to both interpret and translate into requirements for the High Tower security event management appliance’s reporting capabilities as PCI-DSS requirements. Read more…
This blog entry explains the seventh of my ten predictions regarding events and trends that I have claimed will come to fruition in 2008. The seventh one is:
7. The trend of CISOs reporting to executive-level management will accelerate due to the increasing importance of information security within organizations.
Not so terribly long ago, the title “Chief Information Security Officer (CISO)” was virtually unheard of. Information security managers were generally buried somewhere at lower levels within organization charts, often two or more reporting levels removed from the Chief Information Officer (CIO). Things have changed drastically over the last six or seven years, however. There has been a growing recognition of the reliance organizations have on information and information processing assets and the critical need to protect both that has greatly expanded the perceived importance and reliance upon the information security function. Read more…
This blog entry addresses the fourth of my ten predictions regarding events and trends that I have predicted will transpire in 2008. This prediction is:
4. There will be a proliferation of rootkits, particularly kernel-level rootkits and rootkits that work as spyware, to the point that a surprisingly large percentage of systems that connect to the Internet will be rootkit-infected without the knowledge of either users or system administrators. Read more…
This blog entry explains the fifth of my ten predictions concerning events and trends that I predict will occur in 2008. This prediction is:
5. Attackers will continue to shift their focus from attacking Windows systems and towards attacking Linux and Macintosh systems.
Over the years patterns of attacks have changed drastically. Two decades ago attacks such as brute force password-guessing attacks were among the most prevalent of attacks. Today few such attacks occur. The same is true for attack targets. Two decades ago VMS systems were the preferred targets of attack. Since the mid- to late-1990s until this year Windows systems have been targeted more than any other type of systems. I predict, however, that Windows systems will soon lose the allure that they have had for attackers for so many years and that Linux and Macintoshes will be the new preferred targets. Read more…
This blog entry elucidates the sixth of my ten predictions regarding events and trends that I have predicted will transpire in 2008. This prediction is:
6. An attacker or group of attackers will for the first time succeed in an attempt to bring the entire Internet down for a period of several hours or possibly even longer.
Denial of service attacks occur frequently—much more often than people realize. The consequences of these attacks varies from minor ones such as temporary unavailability of networking and system freezes to major ones such as the kind of complete network failure that occurs in distributed denial of service attacks. The motivation for launching such attacks also varies greatly. Some attackers are “joy riders” who receive satisfaction by causing disruption in systems in networks; others appear to be “electronic vandals” who are in many ways analogous to people who shatter windows in buildings. Still others are motivated by the desire for financial profit, often by attempting to extort organizations into paying them for leaving their public Web sites undisturbed. Read more…
This blog covers the third of ten predictions regarding events and trends that I have foretold will occur in 2008, namely that:
3. Vendors of eVoting systems will greatly improve the out-of-the-box security of their products to the point that they will be widely deployed with far less concern for their security than has surfaced so far.
In an earlier blog I discussed security in eVoting machines, saying in essence that there has been a marked improvement in the out-of-the-box security of these machines. One of the main reasons for this improvement is the fact that states such as California and Maryland have had such serious security-related concerns with some of these systems that they have refused to allow certain vendors’ products to be used in upcoming elections. Countries such as Ireland have pronounced eVoting machines insufficiently secure and reliable to be used in elections. Read more…
If you have been following developments in the information technology arena, you undoubtedly know of the many problems that have surfaced in connection with electronic voting systems. The accuracy of vote counts in two states (Florida and Ohio) that used electronic voting systems in the 2004 US Presidential Election came under considerably negative scrutiny. Afterwards, elected officials several states, most notably Maryland and California, had the security of these systems analyzed. Results were dramatic; investigators found that every major electronic voting system had significant vulnerabilities that could result in votes being mistallied. Some vulnerabilities that investigators discovered even allowed remote perpetrators to remotely access these systems without authorization and gain complete control of them. Read more…