From the President
Andrea Hoy, International President
As we enter the second quarter of the year, we are seeing security and privacy challenges from threats and growing vulnerabilities, as predicted, blossoming like spring flowers. So how do we combat what is now upon us. This month I am excited to see emerging technologies being addressed. As a CISO, I’ve found that watching Gartner’s “Hype Cycle of Emerging Technologies” gives business a competitive advantage and insight into projects, but to a CISO it is the ability to align organizational strategic planning of where our infosecurity program should be aligned as to the technology businesses are predicted to engage in the near future.
We see how well our technology encryption protocols have assisted those using ransomware to encrypt and hold hostage data. It’s now time for us to learn different ways to protect, detect, and recover from the unidentified threats that our current controls can’t combat. There is so much dynamic collaboration and information sharing that is expected in business and our lives these days that we cannot just depend on our perimeter defenses. Application wrappers are trending as we see more services delivered in the cloud. Our ISSA Journal has looked at mobile, BYOD, IoT; we know that new approaches are critical to data protection and privacy.
Emerging technology that looks at the DNA of our systems, determining our normal baseline, identifies anomalies that may be potential viruses or bacteria trying to harm us; artificial intelligence monitoring our systems needs to be what our new security controls provide to protect us. The thought of self-protecting data is an idea whose time has come. New security solutions still must help us meet compliance issues, reaching down to the data level for protection of our clients’ and employees’ privacy, governance, and audit. We need to identify better means for protecting data. In many places we are seeing that data breach notification laws now include the loss of data encryption keys. What if through emerging technologies we could eliminate complex protection schemas or external encryption key stores? I’ve already seen one product that is addressing this, and I believe 2017 will see these emerging technologies embraced by security.
On a personal note, in this issue we honor Howard Schmidt, a key ISSA leader and leading light in security. For Howard, “making it better” was his sole agenda in the many security causes he championed—it was never about him, but always about bettering the security landscape for all. He made our community better. He made us better people.
I still remember our first meeting during a SANS training in New Orleans, both of us sitting on the floor talking about the changing dynamics of rules on routers and firewalls. Even then, I could tell he was a true thought leader. I will miss our thought-provoking conversations on any and all topics. And at RSA he would always ask to “save a dance for him” at the end of the day to relieve the stress of continuous learning and networking. He never stopped loving his family while still finding time for giving to his ISSA family. He will be greatly missed.
At the end of one’s life, it is neither possessions, nor accolades, nor “things” that matter. It is about the lives you have touched. Howard not only touched many lives; he enriched those lives in a way that few have, and in a way that inspires us all to be more like him.