I've just been asked for my "hot topics" in infosecurity for 2010, so I thought it would be interesting to throw these out at you and see what you think, so here goes:
1. Security awareness
It's increasingly obvious that technical controls alone are not providing organisations with the security they need. Staff education and awareness, delivered in a creative and imaginative way, is critical to managing information security in 2010.
2. Cloud computing
Few organisations are giving serious consideration to the security risks inherent in the cloud computing model. Whilst day-to-day operations can be outsourced in this way, the responsibility for security cannot. A combination of technical, legal and audit skills are required to ensure the security of data in the cloud.
3. Defense against cybercrime
Organisations continue to underestimate the devious nature of cyber criminals and have little or no commitment to "thinking like a hacker". This mind set is critical in order to apply budget and resources to the areas where criminals are most likely to attack and to counter their methods effectively.
5 years ago