Roadmap 2011

As we enter 2011 looking at the new set of tools, threats and management objectives that will come to define the mission of information security professionals, IANS is seeing a shift take place in the end user organizations that we regularly interact with. As a trusted advisory to many of the Fortune 100, we have a privileged position to understand the inner workings of security inside these companies. What we have seen taking shape inside many of these companies is change.

We’ve heard from IT types, followed almost immediately by security types that the organization needs to be more proactive, more aligned with the business. While it may seem trite to simple echo these platitudes here an important shift is taking place. Organizations are changing the way they build teams, the methods for implementing solutions and the metrics and goals they use to define their work which is creating a shift in the way these organizations take on information security.

IANS focus for 2011 is to support information security organizations along the continuum toward Security 3.0 the end stage of a three-stage continuum that takes security from a reactive cost center to a proactive business value. Security 3.0 is a future-state in which security is a foundational step in the execution of any decision, large or small. Most organizations that we interact with are moving toward that state, most out of Security 1.0 and many already beginning to achieve Security 2.0. The timeline below illustrates the three phases and where we are today.

IANS seeks to serve all of the elements of the security team that will make the transition to Security 3.0 and beyond possible. As a result, our research in 2011 will focus unique research aimed at three, distinct groups:

• Security Management: The CISO and peers tasked with giving a more business-friendly face to information security through better metrics and measurement, tighter alignment with other parts of the business, namely risk/legal teams and communicating the value of security straight to the top. IANS will illustrate some of the innovative ideas leaders are finding successful and provide direction for those just getting started or newly in their role.
• Security Operations: The security team is only as good as its ability to execute on the promises of its management. IANS will continue to provide insight on the deep technical topics that matter to the teams that “make it all work.” What’s the best process for truly taking a proactive stance on DLP? Our Faculty and End-User base can help, is SIEM ready for prime-time and what should its handlers look like? We can help. These and many other technical deep-dive topics will be aimed at the Security Operations role.
• Security Practitioners: A superset of the two other roles we address and more, IANS will cover all of the elements in the external environment that matter from legislation changes to new and advanced threats. Who are the actors to be aware of and what are their tactics? What are the best practices for building a “compliance friendly” security team and plan? The research aimed at the Security Practitioner will be informative to all members of the infosec organization.

Keep an eye on our research portal as new documents make their way into publication each quarter, beginning with Q4, 2010, the documents from which are already being populated. Visit our Research page to get a sense of what we’re going to be publishing over the course of the year.

As always , we welcome your questions or feedback as either dialogue in the comments or via email to ask@iansresearch.com.

IANS research calendar will include two new offerings for 2011, the IANS Inquiry Insights and IANS Viewpoint documents.

• IANS Inquiry Insights: The short documents are driven by our end user inquiry service, the IANS Ask An Expert. Each year, IANS receives hundreds of queries from end user organizations which are aggregated and abstracted from client data, providing us with a virtual barometer of topic interest. Each quarter, IANS will take a snapshot of the top topics of interest and discuss them in an Inquiry Insights document and publish a second document that is a deep-dive on one of the top or related topics.
• IANS Viewpoint: Being rolled out in the second half of 2011, the IANS Viewpoint will provide a deep dive on a given technology or topic, providing insights from Faculty and end-users around the efficacy of solutions, various providers and the importance of a given sector or technology. More details will be made available at the time of launch.

In addition to these documents, IANS will continue to produce materials from Symposia (open to partners) and IANS Forums as well as recordings of our monthly Enterprise Client Briefing teleconferences, made available on our research portal. Below is a calendar of the documents IANS will publish throughout the year.

IANS aims to provide industry-leading decision support and information security-focused expertise through a unique combination of this research and unlimited access our network of world-class Faculty and peers in the information security space.