Abstract
This report presents the major findings of the research project Kasi – Future Information Security Trends (Kasi – tulevaisuuden tietoturvatrendit) conducted by Helsinki Institute for Information Technology HIIT and VTT Technical Research Centre of Finland. The project is a part of Tekes Safety and Security Research Program (Tekesin Turvallisuus-ohjelma) and its purpose is to provide rigorous and systematic foreseeing knowledge for the implementation of the Finnish National Information Security Strategy (kansallinen tietoturvastrategia).
The aim of the project was to study near-future information security issues that are related to, for example, new technologies, services, and business models. Our approach combines perspectives from different disciplines in order to better address the complexity of the focus area. We identified relevant future information security trends especially from the Finnish viewpoint in the next five to ten years by collecting and analysing specialists’ conceptions and knowledge of the various developments in their professional fields. In order to deepen the analysis, we also specified factors and attributes that affect the realization of the trends. In addition, our objective was to evaluate the need for establishing a separate program for continuous foreseeing activities and provide methodological and procedural guidelines for carrying it out.
Our research process went through five separate steps: 1) outlining possible future environments, 2) creating concrete future scenarios or stories, 3) analyzing information security issues in the scenarios, 4) identifying information security trends, and 5) specifying factors and attributes that affect the realization of the trends. Our major findings concerning the future information security trends in Finland in a 5 to 10 years scale are the following:
1. The interdependency between societal processes and information systems increases
2. New interdependencies between organizations and the state emerge
3. Information security issues become more international
4. Needs to manage private or confidential information and public appearances in ICT environments increase
5. Protection of personal data becomes a considerable political issue
6. It becomes increasingly difficult to ensure the correctness of information
7. The correctness of information becomes increasingly important
8. Data gathering increases
9. Data combination from different sources increases
10. Traceability of persons and goods increases
11. Malicious action against information systems increases
12. Quality and security issues are increasingly taken into account in software development
13. Automation/autonomous systems are increasingly employed to effect security
14. Availability of information increases as the public information resources are opened
15. Commercial interests drive actors to restrict access to proprietary information resources
16. Governance of access to information resources in organizations becomes more difficult
Realization and intensity of the trends are dependent on several factors that we have categorized as societal, economic, technological, and legal. The factors have either intensifying or constraining effects on the trends and the intensity of their effect varies.
We believe our work on future information security trends and issues and on the methodological questions of reliable foreseeing activities provides relevant information for commercial, policy and scientific interests. We propose that in order to get reliable foreseeing results in the long term, the process of identifying future information security trends should be continuous. While the continuous process would also provide grounds for improving the foreseeing method, this project sets a firm starting point with practical guidelines and the first round of results.
The aim of the project was to study near-future information security issues that are related to, for example, new technologies, services, and business models. Our approach combines perspectives from different disciplines in order to better address the complexity of the focus area. We identified relevant future information security trends especially from the Finnish viewpoint in the next five to ten years by collecting and analysing specialists’ conceptions and knowledge of the various developments in their professional fields. In order to deepen the analysis, we also specified factors and attributes that affect the realization of the trends. In addition, our objective was to evaluate the need for establishing a separate program for continuous foreseeing activities and provide methodological and procedural guidelines for carrying it out.
Our research process went through five separate steps: 1) outlining possible future environments, 2) creating concrete future scenarios or stories, 3) analyzing information security issues in the scenarios, 4) identifying information security trends, and 5) specifying factors and attributes that affect the realization of the trends. Our major findings concerning the future information security trends in Finland in a 5 to 10 years scale are the following:
1. The interdependency between societal processes and information systems increases
2. New interdependencies between organizations and the state emerge
3. Information security issues become more international
4. Needs to manage private or confidential information and public appearances in ICT environments increase
5. Protection of personal data becomes a considerable political issue
6. It becomes increasingly difficult to ensure the correctness of information
7. The correctness of information becomes increasingly important
8. Data gathering increases
9. Data combination from different sources increases
10. Traceability of persons and goods increases
11. Malicious action against information systems increases
12. Quality and security issues are increasingly taken into account in software development
13. Automation/autonomous systems are increasingly employed to effect security
14. Availability of information increases as the public information resources are opened
15. Commercial interests drive actors to restrict access to proprietary information resources
16. Governance of access to information resources in organizations becomes more difficult
Realization and intensity of the trends are dependent on several factors that we have categorized as societal, economic, technological, and legal. The factors have either intensifying or constraining effects on the trends and the intensity of their effect varies.
We believe our work on future information security trends and issues and on the methodological questions of reliable foreseeing activities provides relevant information for commercial, policy and scientific interests. We propose that in order to get reliable foreseeing results in the long term, the process of identifying future information security trends should be continuous. While the continuous process would also provide grounds for improving the foreseeing method, this project sets a firm starting point with practical guidelines and the first round of results.
Original language | English |
---|
Place of Publication | Helsinki |
---|---|
Publisher | Helsinki Institute for Information Technology HIIT |
Number of pages | 40 |
Publication status | Published - 2011 |
MoE publication type | D4 Published development or research report or study |
Publication series
Name | Arjen tietoyhteiskunta |
---|---|
Publisher | Likenne- ja viestintäministeriö |
Keywords
- 113 Computer and information sciences
- security
- futures research
- Methodology
- trends