SystemExperts, a security consultancy in Sudbury, Mass., reviewed its clients' experiences to cite these information security trends for 2005 1. Complying with government rules: From Sarbanes-Oxley to California’s consumer data privacy law and European Union privacy mandates, regulations elevated the importance of information security.2. Security tasks commoditized: Security skills became more prevalent than products, turning activities that once required expertsperimeter scanning, patch monitoring, virus alertsinto routine tasks.3. Work time frames accelerated: Software patches and virus protection required monitoring by the hour or day, not weeks.4. Network perimeter made obsolete: The extension of networks to encompass outside service providers and business partners made the enterprise perimeter concept obsolete. Some organizations now think of security architectures as “zones of risk” and “zones of trust.” 5. Dashboards became vogue: Many adopted security dashboards to track activities and to align priorities across multiple departments.6. Identity management and authentication re-emphasized: To comply with Sarbanes-Oxley, for example, many organizations deployed identity management, and created single sign-ons to regulate user access to IT resources. 7. Hackers go pro, attacks get tougher: Attacks often came from offshore, sometimes sponsored by organized crime. Phishing and spyware were costly and difficult headache.8. Securing outsourced application development curbed savings: Many organizations realized that implementing security controls on offshore contractors ate into cost savings.9. Connections to ASPs neglected: While many businesses used application service providers, they too often neglected to secure their network links to these partners.10. Security certifications lost punch: Buzzword credentials became more important than in-depth knowledge or experience, a confusing situation for businesses and practitioners. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Network Security Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe