Business Continuity Planning groups will have to keep the subject of security high on their agendas in 2010. To assist these contingency planners, information security specialists and risk mitigation groups focused on the core security skill expected to be required in 2010, we refer to comments made in a recent interview between Kent Anderson, a member of ISACA’s Security Management Committee, and Tom Field , the Editorial Director for the website govinfosecurity.com.
In this article, the core security skills needed in organizations in 2010 were based on three categories:
Technology – with particular focus in the areas of; Virtualization, and Wireless/Mobile applications.
Business Issues – with particular focus in the areas of: Regulatory Environment and Economic Pressure
Pure (Core) Security- with a particular focus on the convergence of information security and all business functions.
The underlying skill requirement for all of the above was stated as the ability to better understand, better analyze and better communicate risks and threats throughout the entire organization.
In summary the interview stressed heavily on the need for the security professional in 2010 to avoid on solely a technical focus, but rather to become an individual who understands how to apply the core security skills stated above; how to do a risk assessment; how to do a threat assessment; and then take that information and effectively relate it back to the business.