Can you use ONE WORD to describe the biggest challenge facing information security today?
I was asked this very question this morning. After a few minutes of pondering the vast possibilities with coffee in hand, filtering out inappropriate language choices, and digging deep to find a constructive perspective, I declared my one word which depicts the current challenges in the security industry.
Ambiguity. In one word it states the grand breadth of the challenges and great diversity of perspectives for those involved. What security is, what it encompasses (i.e. emotions, beliefs, states, events), what it is trying to deliver (no, not invulnerability), how to achieve it (e.g. technical, behavioral, process), maintain/sustain it, what drives it (threat agents, losses, opportunities, fears, etc.), how to measure it (Risk Assessments, ROI/ROSI, compliance, value across tangible/intangible losses, etc.), who is involved (attackers, defenders, victims, and bystanders) and how/why the landscape and equation changes so drastically over time (complexities of factors which create the ever changing fabric of security)?
There exists both a lack of understanding as well as an overabundance of inconsistent concepts of the above items.
Defining the problem is the first hurdle.