What will be the work of the information security department in 2017?

转眼2017就到,这两年的安全行业变迁之快是很多人都不曾想见的,随之而来就是企业信息安全部门工作的变动。国外媒体CSO认为,2017年理应会发生下面这些变化。
Blink of an eye on 2017, the two years of the rapid changes in the security industry is a lot of people do not want to see, followed by changes in the enterprise information security sector. Foreign media CSO believes that 2017 should be the following changes.
安全人才短缺问题仍然存在?
Security talent shortage still exists?
很多报告都已指出,目前市场上仍然有大量的安全职位处于空缺状态。出于多种原因,企业依然无法聘请到合适的安全技术人员。现在很多企业的安全部门不仅需要解决各种各样的技术问题,而且还要及时地对各种安全警报进行响应,以及一大堆繁琐的安全配置都需要他们来完成。但是,由于企业目前所面临的安全问题其复杂性曲线还没有达到顶峰,因此安全部门所能得到的人力和物力资源方面的支持是极其有限的。
Many reports have pointed out that there are still a large number of security positions in the market is vacant. For a variety of reasons, companies still can not hire the right security technicians. The current technical problems of Security Department of many enterprises not only need to solve a variety of, but also in a timely manner to all safety warning response, and a lot of complicated security configuration needs them to complete. However, due to the complexity of the security problems faced by the enterprise has not yet reached its peak, so the security department can get the support of human and material resources is extremely limited.
接下来,让我们一起看看安全厂商和研究专家们如何预测2017年信息安全行业的工作趋势。
Next, let’s look at how security vendors and research experts predict trends in the information security industry in 2017.
安全事件的应急响应能力至关重要
Emergency response capability is critical to security incidents
Exabeam公司联合创始人兼首席执行官Nir Polak在接受采访时表示:
Exabeam co-founder and CEO Nir Polak said in an interview:
“安全人才的短缺情况仍然没有好转,而安全需求却在不断提升,目前的信息安全人才库完全满足不了市场的需要。我们也可以看到,越来越多的CISO(首席信息安全官)会选择将企业的安全转交给第三方安全公司来负责。将企业基础服务的安全保护任务外包给安全公司来做的确可行,但当企业需要进行安全事件响应时,问题就出现了。安全托管服务提供商(MSSP)并不了解你公司的内部情况和人员配置,也没有你公司敏感信息的访问权限,因此你不能指望把安全应急响应任务交给他们。因此,事件响应只能靠我们自己来完成。所以,这就给企业的事件响应团队带来了巨大的压力,很多人在面对安全事件时甚至都不知道自己该做什么。”
The shortage of security personnel is still not improved, and security needs are rising, the current information security talent pool can not meet the needs of the market. We can see more and more CISO (cisos) will choose to enterprise security to secure third party to be responsible for the company. It is feasible to outsource the task of protecting the security of the basic services of the enterprise to the security company, but when the enterprise needs to respond to the security incident, the problem arises. Safety managed service providers (MSSP) do not understand your company’s internal situation and personnel allocation, you don’t have access to sensitive information, so you can’t expect to give them security emergency response task. Therefore, the incident response can only rely on our own to complete. So, this brings great pressure to the enterprise event response team, many people do not even know what to do in the face of security incidents.
安全能力会影响企业的发展
Security capabilities will affect the development of enterprises
每天都会有大量的网络安全事件发生,但是安全人才的储备工作却出现了问题。因此,CISO将会更多地去考虑采用一些自动化的安全处理措施,这样不仅可以提高企业的安全状态,而且还可以暂时解决安全技术人才短缺的问题。
Every day there will be a large number of network security incidents, but there are problems in the reserve of security personnel. Therefore, CISO will be more to consider the use of a number of automated security measures, so that not only can improve the security state of the enterprise, but also can temporarily solve the problem of shortage of security technology talent.
要知道造成服务意外中断的根本原因是什么?很小部分是系统故障,而大部分是人为原因。
一个公司的安全事件响应能力将会成为保险公司在承保时的一个重要的衡量标准。保险公司在向企业提供网络保险服务时需要衡量客户在面对安全事件时的检测能力和处理能力,并根据其能力来制定相应的安全保险服务条款。
A company’s ability to respond to a security incident will be an important measure of insurance coverage. Insurance companies need to measure the customer’s ability to detect and deal with security incidents in the face of security incidents, and to develop appropriate safety insurance terms and conditions according to their capabilities.
数据泄漏事件将会越来越常见
Data leakage events will become more common
不出意外的话,2017年还将会发生更多的数据泄漏事件。这些数据不仅将会由黑客泄漏出来,而且还有可能从公司前雇员和承包商那里泄漏出来,因为这些内部人员可以在离职之前利用自己的职权来收集企业的内部信息(代码库和重要文件等)和人才数据(员工身份证信息、信用卡数据和社保号等等),并利用这些数据来为自己谋利。
Not surprisingly, there will be more data leakage events in 2017. These data will be brought out by hackers leak, but also from the company where employees and contractors leak out, because of the internal information of these internal staff can use their powers to gather before the departure of the enterprise (the code repository and other important documents) and personnel data (employee ID information, credit card data and social security etc.), and use these data for their own profit.
中小企业纷纷投向安全托管服务提供商(MSSP)的怀抱 WatchGuard Technologies的首席技术官Corey Nachreiner在接受采访时表示:
Small and medium enterprises have to invest in Corey (Technologies), the chief technical officer of the security custody service provider WatchGuard (MSSP), said in an interview with Nachreiner:
“为了图方便,很多小型企业会将自身服务托管在云端,并依靠管理服务提供商(MSP)来满足他们的IT需求。近年来,越来越对的中小型企业开始逐渐意识到了信息安全的重要性,所以他们同样希望这些MSP可以帮他们解决信息安全方面的问题。因此,很多MSP也开始将安全保护服务添加进了他们的服务清单中,由此便衍生出了安全托管服务提供商(MSSP)这个概念。明年,我们预计会有至少四分之一的小型企业需要依赖于MSSP所提供的安全服务来满足自身的安全需求,而且这个比例还会逐年增加。”
In order to facilitate the map, many small businesses will be hosting their own services in the cloud, and rely on management service providers (MSP) to meet their IT needs. In recent years, more and more small and medium enterprises began to realize the importance of information security, so they also hope that these MSP can help them solve the problem of information security. As a result, many MSP have begun to add security protection services to their list of services, thus deriving the concept of secure hosting service provider (MSSP). Next year, we expect at least 1\/4 of small businesses need to rely on MSSP to provide security services to meet their own security needs, and this proportion will increase year by year.
时代需要CISO和CSO Citrix公司的首席安全官Stan Black认为:
The needs of the times and CSO Citrix, CISO chief security officer Stan Black said:
“也许很多公司都已经开始意识到了,弱势这些公司身处金融或医疗行业,但如果他们想要在这个信息时代更好地运作下去,就必须将自己视作一个IT企业。实际上,如果你想要在这个时代生存下去,并且保持自身的竞争优势,那么你就必须接受这个事实,并且聘请专业的IT技术人员。其实,任何行业中的公司都应该聘请安全专家来解决企业的安全问题,尤其是医疗部门和金融机构。”
Maybe there are a lot of companies have started to realize that these companies vulnerable in the financial or medical industry, but if they want to work better in the information age, we must regard themselves as a IT company. In fact, if you want to survive in this era, and maintain their own competitive advantage, then you have to accept this fact, and hire a professional IT technical staff. In fact, companies in any industry should hire security experts to solve the security problems of enterprises, especially the medical sector and financial institutions.
“首席身份官”(CIdO)这个职位将会在2017年出现
Chief identity Officer (CIdO) this position will appear in 2017
当企业需要管理员工、客户、以及第三方合作伙伴的身份识别信息时,CIdO这个角色将成为企业唯一一个可信任的源。
When the enterprise needs to manage the staff, the customer, as well as the third party partner’s identification information, CIdO this role will become the enterprise only to be able to trust the source.
CIdO需要负责维护客户信息,并监控员工的访问行为,然后将所有内容及时上报给CEO。这也就意味着,CIdO为了能够保证组织内部身份验证机制的完整性,他们的工作将需要覆盖整个组织的每一步运作环节。因此,CIdO将会成为企业中的一个非常重要的关键角色,他们手中握有访问特权系统的密钥,并管理着企业中各种信息的交互。
CIdO need to be responsible for maintaining customer information, and monitoring the behavior of the staff, and then all the content to the CEO. This means that, in order to ensure the integrity of the organization’s internal authentication mechanism CIdO, their work will need to cover every step of the organization’s operation. Therefore, CIdO will become a very important key role in the enterprise, they have access to privileged system key, interaction and manage a variety of information in enterprises.
新来的跟老员工之间的差距更大
The gap between the new and old employees is bigger

【对话创新层】圣博润孟岗:让信息安全防御不再那么被动

一般情况下,新加入的安全技术人员有九个月的时间来熟悉企业的情况,也就是说,新来的一般要花九个月左右的时间来变成一个“经验丰富的老员工”。而在目前的全球市场中,这种经验丰富的安全技术人员其身价已经增长了一倍之多,企业如果想要聘请这些人,那么就需要提供更有竞争力的薪水和更高的职位。
In general, safety technical personnel to join the new nine months to familiar with the situation, that is to say, the new general takes about nine months to become a veteran staff. In the current global market, the safety and technical personnel experienced its worth has an increase of more than doubled, if enterprises want to hire these people, then you need to provide more competitive salaries and higher position.
时间应该花在刀刃上
Time should be spent on the blade

代表、委员建议督促落实城区交付使用配套幼儿园相关政策

与过去相比,信息技术的日趋复杂会让我们在保护企业网络安全的时候遇到更多的困难。再加上安全技能方面的差距以及人才的短缺,我们遇到的问题会变得更加严重。除此之外,很多技术人员将宝贵的时间花在了那些可以通过设备自动完成的任务上。因此,在即将到来的2017年,我们希望可以通过自动化来解决一些需要手动进行的繁琐任务,并且帮助IT专家去完成一些固定任务,以此来保证他们可以将注意力放在真正需要他们的地方。
Compared with the past, the increasing complexity of information technology will make us more difficult to protect the security of enterprise network. Coupled with the gaps in security skills and the shortage of talent, the problems we encounter will become more serious. In addition, many technicians spend precious time on tasks that can be done automatically by the device. Therefore, in the upcoming 2017, we hope to be able to solve some of the tedious tasks need to be manually through automation, and help IT experts to complete some fixed task, in order to ensure that they can focus on what they really need in place.
总结
summary

2016年中国安全可控信息技术领域10大新闻

信息和数据是社会发展的重要资源。全球范围内围绕信息的获取、使用和控制的斗争正在愈演愈烈,所以信息安全成为了维护国家安全和社会稳定的一个重要因素。网络安全已成为亟待解决、影响国家大局和长远利益的重大关键问题,它不但是发挥信息革命所带来的高效率和高效益的有力保证,而且还是抵御黑客入侵的重要屏障。
Information and data are important resources for social development. Around the world, the struggle to access, use and control information is becoming increasingly fierce, so information security has become an important factor in safeguarding national security and social stability. Network security has become a major problem and affects the country’s overall situation and long-term interests, but it does not play a powerful guarantee for the information revolution brings high efficiency and benefit, but also an important barrier against hackers.
总之,在网络信息技术高速发展的今天,信息安全已变得至关重要。目前,我国在信息安全技术方面的起点还较低,国内只有极少数高等院校开设“信息安全”专业,信息安全技术人才奇缺。我们应充分认识信息安全在网络信息时代的重要性和其具有的极其广阔的市场前景,所以在文章的最后喝一口鸡汤:适应时代,抓住机遇!
In short, with the rapid development of network information technology, information security has become very important. At present, China’s information security in the technical aspects of the starting point is low, set up information security only a handful of domestic professional institutions of higher learning, information security technology talent shortage. We should fully understand the importance of information security in the network information era and its extremely broad market prospects, so in the end of the article to drink a chicken soup: to adapt to the times, seize the opportunity!
更多精彩,敬请期待~
More exciting, please look forward to.
CIO:IT运维、ITSM与ITIL三者的差异
源:FreebuF.COM
Source: FreebuF.COM

微信扫一扫关注该公众号
Sweep the concern of the public, WeChat

公司整体的安全依赖多个环节,所以我们努力让所有员工都意识到安全风险和自己的职责,并采取适当的行动确保个人终端安全。

猜您喜欢

网络安全公益短片差旅无线网络安全
网络安全意识——安全与互联网接入分享便利性之间的平衡
EHS在线课程,让全体员工和其他相关方轻松理解并遵照执行EHS方针
贾跃亭:FF91售价在200万元以内不希望毛利太高
MEDIATAMA REOPARTNERSELECTION
信息安全复杂行为管理的闹剧