• United States



What Happens Next

Sep 14, 20073 mins
Data and Information SecurityIT LeadershipSecurity

CSO celebrates its fifth birthday with this issue. This has been a fascinating half decade for observing the evolution of the security profession.

A lot has happened, for better or worse. The CSO position grew in acceptance and prominence. Digital and physical security started talking to each other. DHS took its first wobbly steps. Messrs. Sarbanes and Oxley wielded their mighty hammer. Telephone calls and surveillance videos gravitated onto the IP network. The discussion of security value and security metrics proceeded in fits and starts (and stops). And obviously there’s been tremendous geopolitical turmoil.

None of these trends has reached an end state. Security leaders still get fired. There’s still squabbling over the meaning of the CSO title. DHS needs to grow up. The regulatory landscape remains unsettled; federal data breach disclosure bills languish. But on the balance, I’d say security has matured over the past five years. Wouldn’t you?

Birthdays and anniversaries are good for pausing and looking back in this way. Looking forward is tougher. You can’t predict every event; no one knows that better than security professionals.

Still, let’s look forward. That’s been a key goal for CSO since our inceptionyou’ve got plenty of information sources that tell you what already happened; our objective is to analyze as many inputs as possible and offer intelligent conjecture to help you stay ahead of trends instead of behind them. My predictions:

The connection and communication between security and insurance functions will get stronger. I don’t know if RIMS will exactly join hands and sing Kumbaya with the ASIS/ISSA/ISACA troika, but greater cooperation is the natural and necessary next step in convergence or holistic risk management. Companies are going to save money and become more resilient as a result. Bob Hayes (the guy I always ask when I want to know what happens next) and his Security Executive Council have some great work up their sleeves to help push organizational risk management to new levels of maturity.

The balance of power will shift further away from security vendors and integrators and toward the guys in the corporate trenches. The ultimate effect will be more security spending, with greater benefit. This is precisely what happened on the evolutionary path of the information technology function: As the dominance of mainframe vendors waned, customers won new flexibility and ultimately found themselves able to create much more business value. Then they got bigger budgets to do that.

In the near future, the Internet will reach a crisis point as to its viability as a commercial channel. (See Scott Berinato’s article on Page 20 for a look at a paradigm shift by the bad guys.)

If those predictions turn out to be incorrect, here’s one I know to be true: Next month you’ll see a redesigned issue of CSO land on your desk, with a few new columns and departments and a superclean, updated look courtesy of our art director, Steve Traynor. We look forward to continuing to serve the security community for the next half decade and beyondwhatever those years may bring.

-Derek Slater