Let's start at the turn of the millennium: Almost six years ago, during this same time period, people all over the world were wondering if we would technically survive the turning of the new century. Old Cobol and Fortran programmers were called back to work, and many people rang in the New Year staring at computer screens. And yet, nothing really happened. Was it because of the preparation for the event or would the computers have kept running without noticing a change in their date/time banks? I'm not sure we ever will really know that answer.
Then in 2001, we had the terrorist attacks on the U.S. which shook the world. And we learned our contingency plans and disaster recovery efforts required more than they had been covering. Our business continuity plans needed to address more than fires in the building and updated backup tapes. They need to address business functions, hot/warm sites, and personnel.
A few years back, 2002 brought us Web Services, and all the security issues that went with it. Then 2003 and 2004 introduced new security threats, such as spam and phishing. Identify theft through computers was huge, as were the SQL Slammer and MS Blaster worm attacks. Security types worked hard to come up with new policies and regulations to try and address some of these issues.
Here are some of the highlights so you can make your own informed opinions:
I continue to be optimistic that information assurance will rise in importance, and business management will understand why we need to have security in our systems and networks. I also believe that as security professionals we will figure out how to enforce our security policies and procedures.
Most of all, I wish you all a safe and secure new year!