My inbox this morning tells me that 2005 will be the year that quoted companies really take IT governance seriously – it also tells me that ‘phishing’ will become more professional, viruses and worms will continue to proliferate and that the UK’s Freedom of Information Act will create all sorts of interesting waves….it’s apparently also going to be a year in which those organizations that take an integrated approach to information security will begin reaping the benefits – not least because they will be able to cost-effectively comply with multi-jurisdictional data protection and privacy legislation.
I think that’s all true. More importantly, I hope it’s the year in which we begin to have a meaningful framework for information security metrics that can complement the usefully updated version of ISO 17799 due out in the Spring.
Most importantly, 2005 is the year that will see publication of the third edition of “IT Governance: a Manager’s Guide” (due in Spring alongside the revisions to ISO 17799) – which will be in ‘clickbook’ format (some components in hard copy, others available online from a linked website, and the book never goes out of date). There will also be first editions of two new books from me, the first on the basics of information security for smaller businesses, probably called “Cyber safe” and the second a practical handbook on corporate governance for organizations doing business in the UK, with specific guidelines for public sector organizations.
I hope that, if it is the year that sees the first real attempts at cyber-war, or terrorist attacks on internet facilities, we prove to have been properly prepared. I fear we won’t.