Re: computer security vision for next 3-5 years

[Michael Sinatra <michael () RANCID BERKELEY EDU>]

On 01/12/10 08:24, Youngquist, Jason R. wrote:
> My boss asked me this morning to come up with a computer security vision for the next 3-5 years.  Since it is already 2010, 
> I thought I'd get some input from the community on what would you like to see happen to computer security in higher 
> education, how will your job change (if any), and how can we as computer security professionals in higher education 
> institutions best protect against the growing threats?

In addition to what's been written in this thread already:

o SQL injection attacks and other application-level attacks will
continue to be prevalent, as existing security methods will not be able
to deal with application vulnerabilities as effectively as they have
dealt with other issues.

o Security groups in higher-ed that have a top-down approach to security
will become more agile and will need to integrate more with IT
operations and application development.

o Similarly, we'll see fewer security groups reporting directly to the
CIO and more organizational integration of security.

o Subject-matter experts (e.g. security-aware DBAs, security-aware
application programmers, security-aware network engineers, etc.) will
become more important that straight security experts in dealing with new
rounds of threats, although security experts will still play a role.

o The above changes will not be without controversy, but will probably
be necessary.

michael