Information Security ­– Recent and Past Trends

Controls,Abstract –  This document details about and highlights the trends about various analysis and researches done in the domain of Information Security, since the year 2000 to the present. Various academic papers were taken into account and analysis were done for what issues each of them addressed and the conclusions each of them reported.  The various information security domain covered in the report include the following;

• Threat,
• Risk Management,
• Business Continuity and Recovery,
• Cloud Security,
• Intrusion Detection and
• Security Technologies and Policies.

The aim of the report is to record the trends in the above listed domains by reviewing the academic papers and their increase or decrease. The findings from the analysis of various research resources led to a comprehensive and insightful examination of the currents issues, trends and challenges in the domain of Information Security around the world.

The spreadsheet below depicts the information about the trends noticed in various information security domains since the year 2004.

As shown, above is a tabulated report of the reviews and findings all the research papers taken into account. As evident above, one can realize that as businesses entered the 21^st century, the very age of information explosion, various aspects of data, information related to information security began to unfold. This, initially not only brought profits and benefits to the organizations but also raised some serious security concerns about their data privacy and protection,  which questioned their way of operations, as the time went by.

The modern organizations today depend heavily on information. Perhaps, it is one of their most crucial asset in the present times. However, as the volume of information increases exponentially, so is the rise in concern with its security. Today, the information is prone to numerous risks and threats that are much more sophisticated than what they were earlier. Any setback in the information security management can exacerbate the businesses and their operations severely.

As we examine the data above on the spreadsheet, something that we find ubiquitous is how there was almost negligible concern to deploy and practice information security mechanisms and policies during the early 2000s. Little did the founders and the senior management committee think from the information security perspective for the full-fledged operations of their business operations.
As the world advanced, new threats started to affect the businesses and caused concerns for the senior managements, making them realize the exceptional and explicit need of information security practices. Today, things have gotten somewhat better however, still many small or medium scale enterprises struggle to include appropriate information security measures in their business operations, such as:

• following international standards and codes of practices,
• security certifications,
•  risk assessments,
• threat analysis,
• Business Continuity and Disaster Recovery Plans etc.

Upon observing the trends on the spreadsheet, we find that during the first decade (from the year 2004 to 2010), not much attention was given to promote and address the practice of information security methodologies such as;

• adequate controls,
• threat-risk analysis,
• Various security policies etc.

By the end of the first decade, areas or domains that were given major attention included;
a.) Threat Analysis,     d.) Intrusion Detection,
b.) Business Continuity & Recovery,  e.) IS Security Policies & Technologies.
c.) Cloud Security,

Much was discussed about these areas as companies started to incorporate them into their as a part of their everyday business practices, accepting them as inextricable entities. This not helped business alleviate from their deep security concerns but also introduced them to the fair and legal standards of the code of conducts, whilst educating them about the potential threats and the ways on how to minimize their likelihood. It also enabled them to prepare for any unlikely security incident and what path to follow in order to recover to maintain the business continuity.

In the next page below, an in-detail analysis of each of the above-highlighted Information Security domains is done taking into account the findings from various academic papers analyzed.

In recent years, the usage of online social network has increased tremendously. People use social media to share their information with others that share similar interests. With increase in the usage of the social platforms, possibilities of threats while using the online networks has also increased noticeably. If the users do not educate themselves about the potential threats (which often appear invisible but cause much damage), they are very likely to be the victim of those threats in terms of social, economic, and at psychological levels.

The report, now further discusses the current state of security breaches and available measures to counter them.

Cyber threats primarily increasing in four major categories, namely,

• Social
• Political
• Economical and,
• Cultural and application level.

Cyber threats can also be classified in two ways, first is, organizational level, which is used to gain sensitive information about the organization and second, which is used to gain information remotely using internet. Furthermore, Application level can be further classified in two ways;

• Classical threats ( such as phishing, spamming and stalking) and,
• Modern threats (such as fake profile attack, Location leakage attack, Account compromise Attack).

Online social network(s), such as Facebook, has a more than 150 billion users who upload more than 300 million photos on it every day.
Classical threats may exploit personal information of users, which is posted in social media. For example, attacker can send malicious codes that gains users’ details and from their social media account. Innocent users could be harmed or honey-trapped if they open such malicious messages.

Modern threats, are the ones in which the attacker targets users’ or their friends’ personal information. In cases where the victim’s profile details are only visible to their friends, an attacker can disguise into any known figure to the victim and can create a fake profile and send him/her a friend request. If the victim accepts the request, his/her details will be exposed to the attacker, which could then be used answer several security questions while setting new password to gain access over the victim’s account.

Account Compromise Attacks in social networks are mostly the activities of spammers. The attacker may exploit the trusted relationship between the legitimate users and their friends by sending them spam ads, phishing links, spamming or malware.
Analysis show that most spam are distributed via compromised accounts, instead of faithful spam accounts.

Overall, dealing with cyber threat is very important considering the online network scenario where the users post their personal information in public. Some of the key possible solutions that the report provides to deal with such threats is tabulated below:

Table: THREATS, their IMPACTS and possible SOLUTIONS