The Top Ten Cybersecurity Threats for 2008

January 5, 2008

Here is the final list of the top ten cybersecurity threats for 2008:

— On-line masquerading to abuse, attack, blackmail, bully, extort, or molest others.

— Criminal fraud by password and identity theft via phishing, spyware, malware and theft of hardware.

— Criminal use of botnets and botnet-like technologies for economic gain, for example email spam and denial of service attacks.

— Cyberterrorism, bulling, vandalism and other forms of electronic violence and malfeasance.

— Subversion of democratic political processes.

— Criminal manipulation and subversion of financial markets.

— Spying and theft of data by governments, industry, terrorists and other criminals.

— Denial-of-service attacks by criminals and terrorists.

— Sabotage, theft and other attacks by disgruntled employees and insiders.

— Natural disasters, accidents or errors without malicious intent.

Acknowledgements and References

A special word of appreciation for the reviews, comments and suggestions from the Certified Information Systems and Security Professionals (CISSPs) community and the LinkedIn professional network.

In particular, comments and suggestions from Gary Hinson, Bill Marlow, Eugene Schultz, Mike Smith, Lea Viljanen, and Alex Voytov were used to refine and improve the list.  Thank you.

This project was motivated by my friend and colleague in Thailand, Dr. Prinya Hom-anek.

An on-line Google spreadsheet of the comments on The Top Ten Cybersecurity Threats for 2008 – Final Draft and my resolution of the comments can be found here.


Betting on the SOA Horse

January 5, 2008

Selling software and related professional services is like a horse race.

The field is composed of horses named SOA, CEP, EDA, RSS, Web 2.0, Social Networking, BPM, BAM, BI, XTP and so forth.   Each horse has one or more primary sponsors, some are consulting organizations, who seem to have a nack for creating and marketing acronyms, and others are software companies, who’s hope is that their horse is in the winners circle.    There are also investors, venture capitalists and so much more.

There are the jockeys, those supported by the sponsors (for example the analysts) who will ride the horse fast and hard until it starts to fade, then find another horse to ride  (often at the same time!).   There are also the trainers, the vets, the racing forms, the cheering crowds and those who bet on the different races.  

Many of us are in this profession because we love the racing action.

Just like horse racing, the technology sponsors, the jockeys and other interested parties wear many hats, sponsors and jockeys generally betting heavily on their own horse.   Organizations, especially large ones, sponsor many horses and they place their bets accordingly, betting on exactas, trifectas and superfectas and various combinations.

The SOA – CEP exacta in the racing forms are interesting, including Joe McKendrick’s Complex Event Processing and SOA: a ‘beautiful thing’? and Jerry Cuomo’s, IBM WebSphere CTO sees CEP as SOA’s ‘next big thing’ .  There also continues to be heavy betting on the the SOA – EDA – CEP trifecta.

Betting on horses is a risky business.  Exactas and trifecta have enormous payouts, but the odds are remote.  Very few people win these exactas or trifectas.   I recall warm memories of my years in New Orleans when I was a university student at Tulane University.   We loved the excitement (and the beer!) at Jefferson Downs, in Kenner, Louisiana.   We took our dates to the horse races at Jefferson Downs and these evenings were always great fun!  What a good life!  Let the good times roll, as we used to say!

You know, I don’t recall anyone ever winning a trifecta.  I can barely recall anyone winning an exacta.

We won, and we did win big at times (and lost big), by hedging our bets, betting on a single horse or combinations of horses to win, place and show.

This is the essense of the excitement of the software industry, isn’t it?

Companies who bet heavily on SOA are now seeing the SOA horse is fading.   They see CEP coming around the track and hear the pounding of hoof against pay dirt as CEP starts to move up into the pack, and they place their bets, accordingly, on the CEP horse.  Will the CEP horse really survive the race?   No one knows, so they hedge their position by betting on EDA. 

The main difference between real horse races and technology horse races is that you can’t bet on the live horses after the gate opens.  However, you can definately bet on the technology horses at any time, and the race goes on and on and on and on. 

That is why technology horse racing is so exciting!