Preview

Future Information Security Trends

Good Essays
Open Document
Open Document
17037 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Future Information Security Trends
Future Information Security Trends
Kasi Research Project Tekes Safety and Security Research Program Final Report, March 11, 2011
Olli Pitkänen, Risto Sarvas, Asko Lehmuskallio, Miska Simanainen, Vesa Kantola Helsinki Institute for Information Technology HIIT / Aalto University Mika Rautila, Arto Juhola, Heikki Pentikäinen VTT Technical Research Centre of Finland Ossi Kuittinen Sitra

Executive Summary
This report presents the major findings of the research project Kasi – Future Information Security Trends (Kasi – tulevaisuuden tietoturvatrendit) conducted by Helsinki Institute for Information Technology HIIT and VTT Technical Research Centre of Finland. The project is a part of Tekes Safety and Security Research Program (Tekesin Turvallisuus-ohjelma) and its purpose is to provide rigorous and systematic foreseeing knowledge for the implementation of the Finnish National Information Security Strategy (kansallinen tietoturvastrategia). The aim of the project was to study near-future information security issues that are related to, for example, new technologies, services, and business models. Our approach combines perspectives from different disciplines in order to better address the complexity of the focus area. We identified relevant future information security trends especially from the Finnish viewpoint in the next five to ten years by collecting and analysing specialists’ conceptions and knowledge of the various developments in their professional fields. In order to deepen the analysis, we also specified factors and attributes that affect the realization of the trends. In addition, our objective was to evaluate the need for establishing a separate program for continuous foreseeing activities and provide methodological and procedural guidelines for carrying it out. Our research process went through five separate steps: 1) outlining possible future environments, 2) creating concrete future scenarios or stories, 3) analyzing information security issues in the



References: [1] Ministry of Transport and Communications, Action Programme "Everyday Security in the Information Society: A Matter of Skills, Not of Luck". Implementation of the government resolution on National Information Security Strategy. Liikenne- ja viestintäministeriön julkaisuja, 51. 2009. http://urn.fi/URN:ISBN:978-952-243-127-1 (downloaded on 1 Feb 2011) [2] Karlsson, B., Bria, A., Lönnqvist, P., Norlin, C. & Lind, J., Wireless Foresight: Scenarios of the Mobile World in 2015. Wiley, Chichester. 2003. [3] Gorniak, S., Ikonomou, D., Saragiotis, P. et al., Priorities for Research on Current and Emerging Network Trends. European Network and Information Security Agency. 2010. http://www.enisa.europa.eu/act/it/library/deliverables/procent (1 Feb 2011) [4] Forge, S., Guevara, K., Srivastava, L., Blackman, C., Cave, J. & Popper, R., Towards a Future Internet: Interrelation Between Technological, Social and Economic Trends. Interim report. Oxford Internet Institute. 2010. http://www.future-internet.eu/publications/view/article/towards-a-future-internetinterrelation-between-technological-social-and-economic-trends.html (1 Feb 2011) [5] Cave, J., van Oranje-Nassau, C., Schindler, R., Shehabi, A., Brutscher, P.-B. & Robinson, N., Trends in Connectivity Technologies and Their Socioeconomic Impacts. Final report of the study: Policy Options for the Ubiquitous Internet Society. RAND Corporation. 2009. http://www.rand.org/pubs/technical_reports/TR776.html (1 Feb 2011) [6] Aumasson, A., Bonneau, V., Leimbach, T. & Moritz, G., Economic and Social Impact of Software and Software-Based Services. Pierre Audoin Consultants. 2010. http://cordis.europa.eu/fp7/ict/ssai/studysw-2009_en.html (1 Feb 2011) [7] Bylund, M., Johnson, M., Lehmuskallio, A., Ovaska, S., Räihä K.-J., Seipel, P., Tamminen, S. & Turunen, M., PRIMA: Privacy in the Making. Final financial and scientific report. 2010. [8] Ovaska, S. & Räihä, K., Teaching Privacy with Ubicomp Scenarios in HCI Classes. Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group. OZCHI 2009, 411, pp. 105–112. ACM, New York. 2009. [9] Pitkänen, O., Legal Challenges to Future Information Businesses. Doctoral thesis at Helsinki University of Technology. HIIT Publications 2006-1. Helsinki Institute for Information Technology HIIT. 2006. [10] Bylund, M., Johnson, M., Lehmuskallio, A., Seipel, P. & Tamminen, S., Privacy Research through the Perspective of a Multidisciplinary Mash Up. In Greenstein, S. (ed.), Nordisk årsbok i rättsinformatik 2006–2008. In press. [11] Adler, M. & Ziglio, E., Gazing into the Oracle: The Delphi Method and Its Application to Social Policy and Public Health. Kingsley Publishers, London. 1995. [12] Martino, J. P., Technological Forecasting for Decision Making. McGraw-Hill, USA. 1993. [13] Van Gundy, A. B., Techniques for Structured Problem Solving. Van Nostrand Reinhold, New York. 1988. [14] Masser, I., Svidén, O., Wegener, M., The Geography of Europe 's Futures. Belhaven Press, London. 1992. [15] Bell, W., Foundations of Futures Studies. Vol. 1 & Vol. 2. Transaction Publishers. 1997. 33 [16] Mannermaa, M., Politics + Science = Futures Studies? In Dator, J. A. (ed.), Advancing Futures. Praeger. 2002. [17] See Pitkänen, O. 2006. [18] May, G. H., The Future Is Ours: Foreseeing, Managing and Creating the Future. Praeger. 1996. [19] Metsämuuronen, J., Tutkimuksen tekemisen perusteet ihmistieteissä. International Methelp, Helsinki. 2006. [20] We chose four global scenarios created by EVA (a Finnish policy and pro-market think tank) because their preparation process was broadly-based, they covered current topics and they had been tailored particularly to the Finnish environment. Alternatively we could have created the background scenarios by ourselves or by combining future visions of different actors. http://www.eva.fi/wpcontent/uploads/files/2443_EVA_SCENARIOS_playing_fields_of_the_future.pdf (1 Feb 2011) [21] Johansson, S., Kaarin, P., Kankainen, A., Kantola, V., Runonen, M., Vaajakallio, K. & Kuikkaniemi K., Cookbook: Extreme Service Design Methods. 2010. http://www.hiit.fi/files/admin/publications/other/eXdesignreseptikirja.pdf (1 Feb 2011) [22] Kankainen, A., Vaajakallio, K., Kantola, V. & Mattelmäki, T., Storytelling Group: A Co-Design Method for Service Design. Behavior & Information Technology. In press. [23] See Johansson, S. et al. 2010. [24] Acquisti, A. & Grossklags, J., Privacy and Rationality in Decision Making. IEEE Security and Privacy, 3(1), pp. 26–33. 2005. [25] Järvinen, P., Yksityisyys. Turvaa digitaalinen kotirauhasi. WSOY, Jyväskylä. 2010. [26] More about Stuxnet, see http://en.wikipedia.org/wiki/Stuxnet (1 Feb 2011) [27] More about TiViT Cloud Software Program, see http://www.cloudsoftwareprogram.org/ (1 Feb 2011) [28] Telcordia, The Case for Deep Configuration Assessment of IP Networks. White paper. http://www.telecomtv.com/docDownload.aspx?fileid=184a8c35-9f55-4779-aae64444a35ea12b/849179_deep-config-assessment.pdf&id=1342 (1 Feb 2011) [29] For a definition of Silver Bullet, see http://en.wikipedia.org/wiki/Silver_bullet (1 Feb 2011) [30] Wisniewski, C., Smartphone Security: 50% of Devices Unprotected, 24% Unsure. Article in Naked Security blog. 1.2.2010. http://nakedsecurity.sophos.com/2010/02/01/smartphone-security-50smartphones-unprotected-24-unsure/ (1 Feb 2011) [31] Thorsberg, F., Half of U.S. Broadband Users Unprotected. Article in PCWorld. 16.7.2001. http://www.pcworld.com/article/55154/half_of_us_broadband_users_unprotected.html (1 Feb 2011) [32] Locke, J., Two Treatises of Government. Cambridge University Press, Cambridge. 1960. [33] Westin, A., Privacy and Freedom. Atheneum, New York. 1967. [34] Rössler, B., The Value of Privacy. Polity, Cambridge. 2005. [35] Warren, S. & Brandeis, L., The Right to Privacy. Harvard Law Review, 4, pp. 193–220. 1890. 34 [36] Etzioni, A., The Limits of Privacy. Basic Books, New York. 1999. [37] Etzioni, A. The Common Good. Polity Press. 2004. [38] Regan, P., Legislating Privacy: Technology, Social Values and Public Policy. University of North Carolina Press, Chapel Hill. 1995. [39] Bennett, C. J. & Raab, C. D., The Governance of Privacy. Policy Instruments in Global Perspective. MIT Press, Cambridge. 2006. [40] See Warren, S. & Brandeis, L. 1890. [41] Seipel, P., Alone No More. In Bakardjiev, A. et al. (eds), Festskrift till Marianne Levin. Norstedts Juridik, Stockholm. 2008. [42] See Wisniewski, C. 2010. [43] See Thorsberg, F. 2001. [44] Bejtlich, R., The Tao of Network Security Monitoring: Beyond Intrusion Detection. AddisonWesley. 2004. [45] Gaudin, S., Intel Developing Security “Game-Changer”. Article in Network World. 26 Jan 2011. http://www.networkworld.com/news/2011/012611-intel-developingsecurity.html?source=NWWNLE_nlt_daily_am_2011-01-26 (1 Feb 2011) [46] Krautheim, J., Trusted Virtual Machine Identification (TVMI). Presentation in Xen Summit 2008 Boston, MA. 2008. http://www.xen.org/files/xensummitboston08/IdentifyingTVM.pdf (1 Feb 2011) [47] More about 2007 cyberattacks on Estonia, see http://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia (1 Feb 2011) [48] More about Operation Payback, see http://en.wikipedia.org/wiki/Operation_Payback (1 Feb 2011) [49] Nygårds, O., Myndighet slår larm om it-läckor. Article in Svenska Dagbladet. 2 Feb 2011. http://www.svd.se/naringsliv/nyheter/myndighet-slar-larm-om-it-lackor_5909395.svd (1 Feb 2011) [50] More about Evercookie, see http://samy.pl/evercookie/ (1 Feb 2011) [51] More about Panopticlick, see https://panopticlick.eff.org/ (1 Feb 2011) [52] Begtrup, G. E., Gannett, W. Yuzvinsky, T. D., Crespi, V. H. & Zettl, A., Nanoscale Reversible Mass Transport for Archival Memory. Nano Letters, 9(5), pp. 1835–1838. 2009. http://www.physics.berkeley.edu/research/zettl/pdf/361.NanoLet.9-Begtrup.pdf (1 Feb 2011) [53] Fitzpatrick, M., ’Rosetta Stone’ Offers digital Lifeline. Article in BBC News. 29.7.2009. http://news.bbc.co.uk/2/hi/technology/8172568.stm (1 Feb 2011) [54] For more information, see, e.g., http://www.sap.com/press.epx?pressid=14195 (1 Feb 2011) [55] More about functional requirements for URN, see http://www.ietf.org/rfc/rfc1737.txt (1 Feb 2011) [56] Celesti, A., Villari, M. & Puliafito, A., Design of a Cloud Naming Framework. Proceedings of the 7th ACM International Conference on Computing Frontiers. CF 2010, pp. 105–106. ACM, New York. 2010. http://portal.acm.org/citation.cfm?id=1787275.1787305 (1 Feb 2011) 35 [57] For particular features of Symantec Endpoint Protection.cloud, see http://www.symantec.com/business/endpoint-protection-cloud (1 Feb 2011) [58] Li, J. & Zhou, Z., Bohu Takes Aim at the Cloud. Article in Threat Research & Response Blog. Microsoft Malware Protection Center. 18 Jan 2011. http://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx (1 Feb 2011) [59] Vuokola, J., Suomesta voi tulla datan paratiisi. Article in Tietoviikko. 30 Jan 2011. [60] See Metsämuuronen, J. 2006. [61] We chose four global scenarios created by EVA (a Finnish policy and pro-market think tank) because their preparation process was broadly-based, they covered current topics and they had been tailored particularly to the Finnish environment. Alternatively we could have created the background scenarios by ourselves or by combining future visions of different actors. http://www.eva.fi/wpcontent/uploads/files/2443_EVA_SCENARIOS_playing_fields_of_the_future.pdf (1 Feb 2011) [62] See Kankainen, A. et al. In press. [63] See Johansson, S. et al. 2010. [64] See Vuokola, J. 2011. 36

You May Also Find These Documents Helpful

  • Powerful Essays

    Over the past twenty years, the Internet’s role in our lives has grown to an everyday necessity. We rely on the Internet to communicate within the scope of our employment and social lives, to conduct our banking and bill paying, we even use it to track our personal property. There is hardly one area of our lives that we can not conduct over the Internet. While the Internet is a convenience that has made our lives easier, it has also opened the door in our lives to a vulnerability that is rapidly being exploited by cyber criminals. Cyber crimes are growing at an exponential rate in the United States and we, the consumers/end users are unaware of the liabilities a simple click on the wrong button can cause. This paper will address the current cybersecurity policy issues for the protection of the Internet infrastructure and recommend new policies that will address the liability for malicious traffic traversing the Internet from the End Users.…

    • 1586 Words
    • 7 Pages
    Powerful Essays
  • Powerful Essays

    Human factors can influence policy choices for both domestic and international cybersecurity issues. What will be discussed in this paper is how human factors can affect four selected cybersecurity issues. The four-cybersecurity issues selected are zero-day exploits, meta-data collected and used by private and public sectors, vulnerability assessments for mobile devices in the BYOD environment, and threats to copy right and ownership of intellectual property. This paper will go into details on important security issues, recommended policy controls, and how or why human factors can influence each of the recommended policy controls for each of the four selected topics mentioned.…

    • 4860 Words
    • 14 Pages
    Powerful Essays
  • Powerful Essays

    Nt1310 Unit 1 Assignment

    • 4104 Words
    • 17 Pages

    However, there is growing interest in protocols and other mechanisms for use with novel telecommunications services. Next-generation value-added services are bound to introduce new vulnerabilities. The interaction between all these communications and security protocols, and the mechanisms used for distributed systems security, is fertile ground for both interesting research. Ways to enhance these protection tools to make sure our technology is safe from IT attacks are evolving all the time. The systems or measures used to protect a company system at present might not be of any use in the future as technology is always enhancing to higher levels. Telecommunication businesses tend to be comparatively adept at managing information security risks. And many are taking action to achieve an enhanced level of ongoing insight and intelligence into ecosystem vulnerabilities and dynamic threats. Companies like Celcom must be ready to invest in this expensive research so as to be able to aggressively compete in the intense telecommunication market and to be able to sustain itself in this industry. Today, information security is a discipline that demands advanced technologies and processes, a skill set based on counterintelligence techniques, and the unwavering support of top executives. As telecom operators become more similar to technology companies, they will face a raft of new challenges. Core practices like employee awareness and training, policies and tools to reduce insider risks, and protection of data, including intellectual property, will need to be updated. The confluence of mobility, cloud, and social networking have multiplied risks, yet few operators have addressed these threats or deployed technologies that monitor user and network activity to provide insight into ecosystem vulnerabilities and threats. These…

    • 4104 Words
    • 17 Pages
    Powerful Essays
  • Good Essays

    Cited: Kim, D., & Solomon, M. G. Part 1: The Need for Information Security. In Fundamentals of Information Systems Security. Jones & Bartlett Learning.…

    • 299 Words
    • 2 Pages
    Good Essays
  • Better Essays

    Cyber space is any area where data and information is electronically stored or filtered through that can be accessed via a variety of networks, programs, and systems. Cyber is all measures put in place to ensure appropriate use and protection for that information. It is important for organizations to ensure their networks and components within those networks are secure. Each connection to the internet, and each user of the network is a vulnerability to that network. In today’s economy with corporate scandals, government crackdowns, financial cutbacks, and new implementation of policy the single most important vulnerability facing IT managers today is the idea of bring your own device (BYOD).…

    • 1208 Words
    • 5 Pages
    Better Essays
  • Best Essays

    Cyber security became ever more crucial for global business and modern society. We are living in a data-centric world in which information technology and associated communications ' systems as well as networks that provide goods and services permeate every facet of our lives. This creates the safeguard of our digital assets and activities within cyberspace of critical importance, whether for individual life experience or a prosperous and sustainable society. But the challenge to understand cyber risk and deliver effective and accessible security becomes harder as technology continues to rapidly evolve and our systems become ever more complex. We are increasingly dependent upon such information and communications infrastructures, and the threats we face are organised and evolving the skills to exploit our dependency to further their interests.…

    • 3699 Words
    • 15 Pages
    Best Essays
  • Better Essays

    Cis 333 Final Term Paper

    • 2531 Words
    • 11 Pages

    In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution.…

    • 2531 Words
    • 11 Pages
    Better Essays
  • Better Essays

    A cyber-attack is a deliberate exploitation of computer systems, technology-dependent enterprises, and networks (Janssen, n.d.). There are 11 potential security threats thought to be the top security threats for 2013; targeted attacks and cyber-espionage, hacktivism, nation-state-sponsored cyber-attacks, legal surveillance tools, clouds and malware, privacy threats, fake security certificates, ransomeware spreading globally, MAC OS malware, mobile malware, and vulnerabilities and exploits (Davis, 2013). Symantec’s 2013 Internet Security Threat report finds that there was a 42% increase in targeted attacks in 2012…

    • 1317 Words
    • 6 Pages
    Better Essays
  • Best Essays

    1. UMUC (2012).The Future of Cybersecurity Technology and Policy, CSEC 670 (Module 2). Document posted in University of Maryland University College CSEC 670 9042 online classroom, archived at: http://webtycho.umuc.edu…

    • 1960 Words
    • 6 Pages
    Best Essays
  • Best Essays

    Cyber Security

    • 4964 Words
    • 20 Pages

    10. Catteddu, D. and Hogben, G. (2009). Cloud Computing: benefits, risks and recommendations for information security. Technical Report. European Network and Information Security Agency.…

    • 4964 Words
    • 20 Pages
    Best Essays
  • Powerful Essays

    Headlines. (2012, 0522). Anonymous claims department of justice hack, data dump. Retrieved from http://anonnews.org/press/item/1521/ Information Security: Recent Attacks on Federal Web Sites Underscore Need for Stronger…

    • 1656 Words
    • 7 Pages
    Powerful Essays
  • Good Essays

    Information is what keeps this seemingly chaotic world functioning systematically. Not so long ago, information was physically present, printed or written on papers. To convey important information or messages, we used letters that took some time to reach its destination. Once our civilization invented and learned how to use electricity to store and send information, we never stopped since. Most of our important information is now being created, stored and sent through vast network of information superhighways. Information security threats were present even before we went digital and information security threats pose much greater…

    • 1058 Words
    • 5 Pages
    Good Essays
  • Powerful Essays

    Check Point Software Technologies Ltd. (2011). Multi-user packs. Retrieved on February 13, 2011, from http://promotions.zonealarm.com/security/en/cdn/multiuser-smb.htm?lid=en-us.…

    • 1470 Words
    • 6 Pages
    Powerful Essays
  • Good Essays

    The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of expertise for the European Member States and European institutions in network and information security, giving advice and recommendations and acting as a central source of information on good practice. Moreover, the agency facilitates contacts between European institutions, the Member States, and private business and industry players. This work takes place in the context of ENISA‘s Emerging and Future Risk programme.…

    • 59262 Words
    • 172 Pages
    Good Essays
  • Good Essays

    The improvements being done in technology touted to make lives and work easier also makes it easier for cyber-criminals to perform his or her nefarious deeds. Some of the most vulnerable and potentially damaging targets are critical infrastructures such as the energy grid and nuclear-power plants. To help combat this, the U.S. Government is launching a program dubbed “Perfect Citizen” to help safeguard those critical infrastructures as well as private companies. In this paper I will discuss the Wall Street Journal article on the Perfect Citizen project posted on the Wall Street Journal website.…

    • 816 Words
    • 4 Pages
    Good Essays

Related Topics