Saying Something Nice About Information Security

Opportunities and reasons for complaining about the state of information security are plentiful. Yet, life goes on despite the various doom’s day scenarios that have been predicted for our organizations, networks, computers and applications. Seeing how easy it is to get stressed out about information security, it may be worth to outline a few things that seem to be working OK in the industry:

  • Internet users are becoming increasingly aware of information security risks and of the need to be cautious during on-line interactions. Mainstream news discusses security breaches, attacks and precautions more often now than a just few years ago.
  • Operating systems and client-side applications are strengthening their security posture. Just compare the security posture of Windows 8, Office 2015, Adobe Reader XI and Google Chrome to that of their predecessors.
  • Security compliance regulations and contracts, despite all their faults, are causing companies to pay greater attention to protecting data than they probably would have otherwise.
  • Information about security incidents is increasingly available, in part due to the data breach notification laws. This helps us understand the nature of Internet attacks and defenses.
  • Security products, such as antivirus tools, are incorporating smarter algorithms to decrease their reliance on static signatures to identify attacks and malicious artifacts.
  • The information security community is collaborating much more than now than in the past, using blogs, online social networks, formal and informal gatherings, industry groups, etc. This helps us learn from each other.
  • The information security profession is seeing an infusion of newcomers who seek to expand their professional responsibilities and bring new backgrounds and perspectives to the world of infosec.

Do you have something nice to say about information security? Perhaps the non-security video above from Improv Everywhere will inspire you.

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He presently oversees the financial success and expansion of infosec services and SaaS products at NCR. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more