SC Magazine Twentieth Anniversary

Tenacious, bold and dependable, SC Magazine has helped set the pace for the information security industry over the last two decades. That's why come November, we'll be celebrating both the dauntless efforts we at the publication have taken to keep on the bleeding edge of this fast-paced marketplace and the many challenges that intrepid information security professionals have tackled everyday to transform this former technical trade into a huge part of today's business world. You will not want to miss November's SC Magazine 20th Anniversary special issue, which will be filled with the most influential people, the top entrepreneurs, the most outstanding products and the most pivotal happenings over the last 20 years.

Formalized development of information assurance

Kris Rowley, system security director, Department of Information and Innovation, State of Vermont August 20, 2009

One could look at a wide view of information security and see numerous events, applications and incidents that could be defined as catalyst for critical changes in information security. However, I believe that the overarching critical evolution is in the formalized development of the field of information assurance (IA)/security.
 

Data stewardship, accountability: Expanding roles of the security professional

Craig Spiezle, executive director, Online Trust Alliance August 20, 2009

Looking to where we are today, the biggest change is the convergence of security, privacy and data stewardship. No longer does the security professional need to consider intrusions, but the boarder impact of data governance, consumer rights as well as regulatory obligations.
 

From blocking bad to enabling good

Gerhard Eschelbeck, CTO and VP, engineering, Webroot Software August 24, 2009

During the past two decades malware has evolved significantly and has continuously raised the bar in terms of sophistication and pervasiveness.
 

The last 20 years and the evolution of IT security

W. Hord Tipton, executive director, (ISC)2 September 04, 2009

Twenty years ago, IT security was just an afterthought at the bottom of everyone's priority list. The mischief that ensued was primarily for bragging rights and personal satisfaction. As businesses have transitioned to conducting 99+ percent of their essential functions electronically, the motivation has also shifted from egotistical to monetary. To say that IT security practices have not kept pace is an understatement.
 

Better metrics are vital to success

Jeremiah Grossman, chief technology officer, WhiteHat Security September 14, 2009

In the last twenty years, the internet has made everyone equidistant. Today's technology-savvy crooks do not have to be physically near their victims; they may remain comfortable hundreds or thousands of miles away while they act. Through automation, they can perform reconnaissance on a large number of targets within minutes. They also don't have to take the time to physically carry cash and instead rely on electronic transfer.
 

Information security's one constant: Change

Christopher Burgess, senior security adviser, Cisco Systems September 15, 2009

As the complexity factor increases, requirements for security architects will be paramount. As more services are provided by partners accessing them via the extranet, the need for identity management, the ability to attest to the authenticity of the data, and the security of the environment will be a challenge.
 

Quotes from Then and Now

Then

"We did this InfoWar Con in Brussels [1996] and accidentally hacked a real university during a live demo. We shut the demo down immediately." 
-- Winn Schwartau, educator/speaker/trainer in information security and InfoWar since the 1980s.

"The way Microsoft implemented cryptographic hiding of passwords, all passwords can be tested and cracked in weeks or days in brute force mode. Over the years, as optimized, L0phtcrack will crack passwords in a matter of minutes."
-- Mudge, in 1997, presenting the L0pht's Windows LAN Manager password cracking tool at HOPE (Hackers On Planet Earth) in New York.

 
"This code is for something called a 'Trojan Horse.' This is really cool: It turns the security settings in the browser from 'high' to 'none.' With that, we can load anything on."
-- "Modify" from the Strife hacking group in summer 1996, while explaining code printed on a dot-matrix printout at a food court in a shopping mall precariously close to the NSA headquarters.

Now

"There is currency associated with online personas. Social currency perpetuates an interest in impersonation. There are tools that can easily facilitate impersonation: Twitter, Facebook and Myspace are some of them."
-- Alex Mittal, co-founder, Crederity, an online identity verification service.

"Cybercrime has become an enterprise that's run very professionally. Fortunately, we have a justice system that's gotten more technically up to speed, as well."
-- Phil Neray, VP of security strategy at Guardium, a database security/compliance company.

"I had a security exec at a large financial institution tell me that until it costs them more to underwrite financial loss from fraud than to purchase a system to prevent fraud, they won't make that purchase."
-- Steve Dispensia, CTO of Dispensia, which provides authentication to account holders through cell phone verification, as well as other factors.

 

Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws