Re: computer security vision for next 3-5 years

["Di Fabio, Andrea" <adifabio () NSU EDU>]

Given the current state of virtualization, we will probably start seeing a
lot more virtualization and security technology/attacks emerging.

I am going to take some wild guesses, but I would suspect that AV companies
will start writing AV for the hypervisor so as to be able to scan the hosts
without worry for rootkits and other malicious hooks.  Obviously there will
be attack directed to the hypervisor, its API's etc.  AV companies may even
take the approach of do scheduled offline scanning by rebooting the hosts
(virtual or real) into live AV processes.

More and more appliances such as IDS, IPS, FW, etc., will run virtualized or
use virtual components.  For those who like the 'cloud' terminology, we
might see a boom in attacks and security measures when resources become more
and more decentralized.

Smart device will be become more and more attractive to hackers and security
companies.
Smart appliances such as TV with embedded flash players will become new
targets and a new venue for making money.

My two cents.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Youngquist, Jason R.
Sent: Tuesday, January 12, 2010 11:25 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] computer security vision for next 3-5 years

My boss asked me this morning to come up with a computer security vision for
the next 3-5 years.  Since it is already 2010, I thought I'd get some input
from the community on what would you like to see happen to computer security
in higher education, how will your job change (if any), and how can we as
computer security professionals in higher education institutions best
protect against the growing threats?

If you've seen any blogs/articles on computer security trends in higher
education, please forward them my way.

Here's what I've come up with so far:

*       Social Engineering will still be the easiest way to get confidential
information.
*       Multi-factor security will be prevalent.
*       More data breach regulations.
*       PDAs and smart phones will be encrypted due to the sensitive email/
information that they store and how easily they are stolen.
*       Anti-virus software will be still used, but application
white-listing will become more prevalent.

Some links:
http://media.techtarget.com/searchFinancialSecurity/downloads/FISD09_MainBal
lroom_Session8_StateofComputerSecurity_Ranum.pdf
http://www.sans.org/security-resources/10_security_trends.pdf



Appreciate any thoughts you can provide.
Jason Youngquist
Information Technology Security Engineer, Security+
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu
http://www.ccis.edu

Attachment: smime.p7s
Description: