Blog post

Security Planning Guide for 2012

By Anton Chuvakin | November 02, 2011 | 0 Comments


Our team (specifically Dan Blum | Phil Schacter | Eric Maiwald | Ramon Krikken | Trent Henry | Mario de Boer | Anton Chuvakin) has just released an annual security planning guide: “2012 Planning Guide: Security and Risk Management.” I wanted to say that everybody should read it, but that would only earn me a Captain Obvious award Smile It’s abstract states that “information security groups face economic volatility, a dangerous threat landscape, compliance and regulatory challenges, and sweeping changes across the IT landscape. In this Planning Guide, VP Distinguished Analyst Dan Blum and the Gartner for Technical Professionals Security and Risk Management team discuss security trends and planning considerations for 2012.”

In the guide, the team tackles the following topics:

Overall, this is a super-useful document for everybody fighting the infosecurity war  (not to be confused with “cyberwar”).  Since Gartner has “identified volatility, multiplicity, versatility, and mobility as the key macro trends driving IT and IT security in 2012”, it is expected that our lives would get even more hectic in 2012 and so a guide should come handy.

Here is another fun quote, on monitoring:

“Enterprises are increasing monitoring efforts, driven by threats and compliance mandates. Both the depth (level of detail) and breadth (new environments, cloud, and virtual) are expanding. IT security staff are trying to get more information from and context on the alerts from network security devices, which are still the low-hanging fruit for monitoring efforts. They are also trying to get more data from server monitoring solutions, or even expand host monitoring to desktops and laptops. However, basic network log monitoring and basic host monitoring don’t provide sufficient information or context to detect many security threats. Enterprises and vendors are trying to go beyond just monitoring the network and increase the depth of network monitoring to analyze flows and behaviors.”

In this and other documents, we also want to encourage more security data/information/intelligence sharing:

“Beyond the walls of a single enterprise, event and incident information sharing exists for some industries (e.g., financial service and government) but is far from a universal practice. Managed security service providers (MSSPs) and cloud-based security services are at the forefront of collective, shared intelligence. For more information on information sharing, see "Threat Assessment in Dangerous Times."

Finally, I know that some of my readers are upset that I occasionally post links to materials requiring various forms of Gartner subscriptions. Well…mmm…get a subscription already! Smile

Comments are closed