One could look at a wide view of information security and see numerous events, applications and incidents that could be defined as catalyst for critical changes in information security. However, I believe that the overarching critical evolution is in the formalized development of the field of information assurance (IA)/security.
In the past, information security has lived as a subset within the domain of information technology (IT). Security has always been treated as an after thought or as a reactionary response to an incident or event. Over the past ten to fifteen years, that view has been slowing changing. Within the past decade, the development of the field of Information Assurance and security has evolved into a profession unto itself. Education has started to catch up with the critical need for security experts to work along side of IT experts.
IA experts are the middle people who can take the IT world to the board rooms as CISOs and explain the ROI on investment in technology that company CEOs and CFOs can understand. In turn the IA expert can work with people in the IT field to implement security into design documents during the development stages of a project, develop best practices, create policies to meet the plethora of requirements and standards, as well as educate people about sound security practices.
As the role of the IA professional continues to evolve, I believe there will be tremendous strides in gaining a stronger hold on information security.
