by Anton Chuvakin | November 2, 2011 | Comments Off on Security Planning Guide for 2012
Our team (specifically Dan Blum | Phil Schacter | Eric Maiwald | Ramon Krikken | Trent Henry | Mario de Boer | Anton Chuvakin) has just released an annual security planning guide: “2012 Planning Guide: Security and Risk Management.” I wanted to say that everybody should read it, but that would only earn me a Captain Obvious award It’s abstract states that “information security groups face economic volatility, a dangerous threat landscape, compliance and regulatory challenges, and sweeping changes across the IT landscape. In this Planning Guide, VP Distinguished Analyst Dan Blum and the Gartner for Technical Professionals Security and Risk Management team discuss security trends and planning considerations for 2012.”
In the guide, the team tackles the following topics:
- Endpoint security and mobility
- Network and data center security
- Application and software security
- Data security
- Identity and access management
- Cloud security
- Security monitoring
- Security programs and governance
- IT-GRC tools
- Vulnerability management
Overall, this is a super-useful document for everybody fighting the infosecurity war (not to be confused with “cyberwar”). Since Gartner has “identified volatility, multiplicity, versatility, and mobility as the key macro trends driving IT and IT security in 2012”, it is expected that our lives would get even more hectic in 2012 and so a guide should come handy.
Here is another fun quote, on monitoring:
“Enterprises are increasing monitoring efforts, driven by threats and compliance mandates. Both the depth (level of detail) and breadth (new environments, cloud, and virtual) are expanding. IT security staff are trying to get more information from and context on the alerts from network security devices, which are still the low-hanging fruit for monitoring efforts. They are also trying to get more data from server monitoring solutions, or even expand host monitoring to desktops and laptops. However, basic network log monitoring and basic host monitoring don’t provide sufficient information or context to detect many security threats. Enterprises and vendors are trying to go beyond just monitoring the network and increase the depth of network monitoring to analyze flows and behaviors.”
In this and other documents, we also want to encourage more security data/information/intelligence sharing:
“Beyond the walls of a single enterprise, event and incident information sharing exists for some industries (e.g., financial service and government) but is far from a universal practice. Managed security service providers (MSSPs) and cloud-based security services are at the forefront of collective, shared intelligence. For more information on information sharing, see "Threat Assessment in Dangerous Times."”
Finally, I know that some of my readers are upset that I occasionally post links to materials requiring various forms of Gartner subscriptions. Well…mmm…get a subscription already!
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.