this is just for fun of answering it. 兄弟先抛块砖 [#3930547@0 -ROLIA.NET 相约加拿大网上社区 之 枫下论坛 & 枫下部落, 枫下论坛主坛 ]
this is just for fun of answering it. 兄弟先抛块砖
by
majia007
(万土碎佛法士)
at
2007.9.14 08:29
(#3930547@0)
1) Where do you think IT Security will be in the next 3-5 years and what will drive the changes?
1.
IT security will be going thru change because the many acquisitions and outsourcing practices we have constantly seen today.
IT security has been driven by exposed network/system vulnerabilities, perimeter securing. in the next 3-5 years, it will still be focusing on this but will also be shifting to a more proactive approach. With information security laws and regulations, and advanced technologies, IT security is not gonna be just securing the network, safeguard all the servers and workstation s, doing virus/spyware scan. it will slightly focusing on site survey/code auditing/role-based access control to eliminate potential security loopholes.
also noticed will be that IT Security need to be truly modularized and adaptable , experts in policy making that can quickly understand a target's company's security standard will be hot in job market. and will benefit the corporations as well.
2) There is a significant concern in the business community around the issues of hacking. What kind of policies do you think should be built around the enterprise of preventing the attacks and describe what the key components of the policy should be?
Hacking includes local exploits (a.k.a. cracking) and remote attacking , so the security policies that serves for an enterprise need to focus on both aspects and treat both scenarios equally. co-responding action plans will need to be part of the policy as well.
furthermore
To prevent the "local hacking", IT security should put more focus on IT security education to the staff members, it is the key components in the policy that all employees that have legitimate access to IT resources understand and cooperate with company's security standard.
To prevent the "outsider" attacking. IT security policy has to be very careful with collaborative partners, service providers and clients as well. the policy needs to communicate well with outside world and set on the same or even higher security rating level depending on the actual practice.
3) How would you consider your role in helping to develop and secure validation and “buy-in” to IT policy, strategies and directions?
我就不说了