5 Information Security Trends That Will Dominate 2015

Cybercriminals are becoming more sophisticated and collaborative with every coming year. To combat the threat in 2015, information security professionals must understand these five trends.

In information security circles, 2014 has been a year of what seems like a never-ending stream of cyberthreats and data breaches, affecting retailers, banks, gaming networks, governments and more.

The calendar year may be drawing to a close, but we can expect that the size, severity and complexity of cyber threats to continue increasing, says Steve Durbin, managing director of the Information Security Forum (ISF), a nonprofit association that assesses security and risk management issues on behalf of its members.

Looking ahead to 2015, Durbin says the ISF sees five security trends that will dominate the year.

"For me, there's not a huge amount that's spectacularly new," Durbin says. "What is new is the increase in complexity and sophistication."

1. Cybercrime

Thinkstock

The Internet is an increasingly attractive hunting ground for criminals, activists and terrorists motivated to make money, get noticed, cause disruption or even bring down corporations and governments through online attacks, Durbin says.

Today's cybercriminals primarily operate out of the former Soviet states. They are highly skilled and equipped with very modern tools — as Durbin notes, they often use 21st century tools to take on 20th century systems.

"In 2014 we saw cybercriminals demonstrating a higher degree of collaboration amongst themselves and a degree of technical competency that caught many large organizations unawares," Durbin says.

"In 2015, organizations must be prepared for the unpredictable so they have the resilience to withstand unforeseen, high impact events," he adds. "Cybercrime, along with the increase in online causes (hacktivism), the increase in cost of compliance to deal with the uptick in regulatory requirements coupled with the relentless advances in technology against a backdrop of under investment in security departments, can all combine to cause the perfect threat storm. Organizations that identify what the business relies on most will be well placed to quantify the business case to invest in resilience, therefore minimizing the impact of the unforeseen."

2. Privacy and Regulation

Most governments have already created, or are in the process of creating, regulations that impose conditions on the safeguard and use of Personally Identifiable Information (PII), with penalties for organizations that fail to sufficiently protect it. As a result, Durbin notes, organizations need to treat privacy as both a compliance and business risk issue, in order to reduce regulatory sanctions and business costs such as reputational damage and loss of customers due to privacy breaches.

The patchwork nature of regulation around the world is likely to become an increasing burden on organizations in 2015.

"We are seeing increasing plans for regulation around the collection, storage and use of information along with severe penalties for loss of data and breach notification particularly across the European Union," Durbin says. "Expect this to continue and develop further imposing an overhead in regulatory management above and beyond the security function and necessarily including legal, HR and Board level input."

He adds that organizations should look upon the EU's struggles with data breach regulation and privacy regulation as a temperature gauge and plan accordingly.

"Regulators and governments are trying to get involved," he says. "That's placing a bigger burden on organizations. They need to have resources in place to respond and they need to be aware of what's going on. If you've got in-house counsel, you're going to start making more use of them. If you don't, there's a cost."

3. Threats From Third-Party Providers

Thinkstock

Supply chains are a vital component of every organization's global business operations and the backbone of today's global economy. However, Durbin says, security chiefs everywhere are growing more concerned about how open they are to numerous risk factors. A range of valuable and sensitive information is often shared with suppliers, and when that information is shared, direct control is lost. This leads to an increased risk of its confidentiality, integrity or availability being compromised.

Even seemingly innocuous connections can be vectors for attack. The attackers who cracked Target exploited a web services application that the company's HVAC vendor used to submit invoices.

"Over the next year, third-party providers will continue to come under pressure from targeted attacks and are unlikely to be able to provide assurance of data confidentiality, integrity and/or availability," Durbin says. "Organizations of all sizes need to think about the consequences of a supplier providing accidental, but harmful, access to their intellectual property, customer or employee information, commercial plans or negotiations. And this thinking should not be confined to manufacturing or distribution partners. It should also embrace your professional services suppliers, your lawyers and accountants, all of whom share access oftentimes to your most valuable data assets."

Durbin adds that infosec specialists should work closely with those in charge of contracting for services to conduct thorough due diligence on potential arrangements.

"It is imperative that organizations have robust business continuity plans in place to boost both resilience and senior management's confidence in the functions' abilities," he says. "A well-structured supply chain information risk assessment approach can provide a detailed, step by step approach to portion an otherwise daunting project into manageable components. This method should be information-driven, and not supplier-centric, so it is scalable and repeatable across the enterprise."

4. BYOx Trends in the Workplace

The bring-your-own (BYO) trend is here to stay whether organizations like it or not, Durbin says, and few organizations have developed good policy guidelines to cope.

"As the trend of employees bringing mobile devices, applications and cloud-based storage and access in the workplace continues to grow, businesses of all sizes are seeing information security risks being exploited at a greater rate than ever before," he says. "These risks stem from both internal and external threats including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications."

He notes that if you determine the BYO risks are too high for your organization today, you should at least make sure to stay abreast of developments. If you decide the risks are acceptable, make sure you establish a well-structured BYOx program.

"Keep in mind that if implemented poorly, a personal device strategy in the workplace could face accidental disclosures due to loss of boundary between work and personal data and more business information being held and accessed in an unprotected manner on consumer devices," he adds.

And realistically, Durbin says, expect that your users will find a way to use their own devices for work even if you have a policy against BYOx.

"It's a bit like trying to hold back the tide," he says. "You may stop it from coming onto one little bit of sand, but it will find a way around it. The power of the user is just too great."

5. Engagement With Your People

Thinkstock

And that brings us full circle to every organization's greatest asset and most vulnerable target: people.

Over the past few decades, organizations have spent millions, if not billions, of dollars on information security awareness activities. The rationale behind this approach, Durbin says, was to take their biggest asset — people — and change their behavior, thus reducing risk by providing them with knowledge of their responsibilities and what they need to do.

But this has been — and will continue to be — a losing proposition, Durbin says. Instead, organizations need to make positive security behaviors part of the business process, transforming employees from risks into the first line of defense in the organization's security posture.

"As we move into 2015, organizations need to shift from promoting awareness of the problem to creating solutions and embedding information security behaviors that affect risk positively," Durbin says. "The risks are real because people remain a 'wild card.' Many organizations recognize people as their biggest asset, yet many still fail to recognize the need to secure 'the human element' of information security. In essence, people should be an organization's strongest control."

"Instead of simply making people aware of their information security responsibilities and how they should respond, the answer for businesses of all sizes is to embed positive information security behaviors that will result in 'stop and think' behavior becoming a habit and part of an organization's information security culture," Durbin adds. "While many organizations have compliance activities which fall under the general heading of 'security awareness,' the real commercial driver should be risk, and how new behaviors can reduce that risk."

 This article originally published by:- CIO

6 IT Workforce Predictions for 2015

Every new year brings a unique set of challenges and opportunities for IT workers as existing technologies evolve and new technologies emerge. The first half of 2015 looks promising based on these six predictions from career experts.

Prediction 1: Expect Hiring Explosion in Q1 and Q2

The forecast for the first half of 2015 looks bright for IT workers. Eighty-seven percent of 2,400 CIOs surveyed by Robert Half Technology say they will add more staff, whether to fill vacant roles or new positions.

With that expected hiring boom, its likely salaries will increase for existing workers, or they'll receive a bevy of new benefits, according to Jason Berkowitz, vice president of client services, Seven Step RPO.

"We are seeing a noticeable increase in IT hiring and we expect this to continue. Because of increasing competition, we also are seeing pressure to raise salaries and other benefits," says Berkowitz. "In some cases, competition is so tough that companies are looking outside of their geographic areas and considering relocating candidates from areas where talent is more available."

Prediction 2: Companies Will Leverage Mobile and Social Networks to Recruit Passive Talent

"Social recruiting is yesterday's news -- all serious recruiters are already deeply networked through social channels. If Facebook unveils rumored job search function -- the so-called 'Linked-in killer' -- this could change, but for now even new anonymous job search tools aren't likely to change the landscape in favor of one network or another," says Berkowitz. The new paradigm for 2015 is using social networks and mobile tech to increase connections with passive candidates, which will also serve to drive up salaries.

"Good candidates already get multiple outreach requests per week through LinkedIn, so finding candidates isn't the issue. It's convincing them to make a move. Candidates are understandably taking advantage of this candidate's market by making increasing demands and driving up salaries across the board," Berkowitz says.

Prediction 3: Increased Focus on Employee Engagement and Retention

The upward pressure on salaries and benefits will make it necessary for companies to employ better engagement and retention strategies, at least if they want to hold onto elite talent already in their ranks. "[Rising salaries and benefits] will likely lead to a lot of 'job hopping,' and, as we've seen before, to avoid this, companies are going to start emphasizing retention as well as placing a premium on potential employees who display loyalty and longevity," says.

"Smart employers are definitely increasing their investment in keeping the people they have -- not just through bonuses and perks, but by really focusing on keeping their people engaged. We've seen everything from corporate-sponsored hackathons and other team-building activities to group volunteering activities -- anything to provide more collaboration and meaning to peoples' jobs. Smart employers understand that there is always a higher paying job out there, but people will stick around for jobs that have true meaning for them," says Emily He, CMO at Saba Software.

Prediction 4: Emphasis on Education and Training

Education and training will be a major focus for 2015, says Cristin Sturchio, global head of talent at Cognolink -- especially for millennials. "When you invest in training your people, you're providing them with skills and tools they can not only use today, but also continue to draw upon throughout their career," says Sturchio.

"We're also confident this approach significantly enhances their loyalty to our company. For example, initiatives like Corporate Universities, which are multi-year programs built with learning and development in mind, aren't just for large, Fortune 500 companies. When it comes to developing your people, size doesn't matter; the results do. Employees are engaged as teachers and facilitators, and they are invested in teaching others," says Sturchio.

For the newer generation entering the workforce, engagement isn't just about having a ping-pong table in your office or hosting happy hours after work. "It's about knowing that as the company grows, so will they. It's about creating an environment that encourages active participation and engagement. [It] makes them feel like a valued part of the company from day 1. It's about providing rewarding opportunities like being selected to serve as campus ambassadors to represent the company at their alma maters and teaching training courses that give back to the employee community," says Sturchio.

Prediction 5: Employees Shift Focus from Full-time Work to Contracting/Freelancing

"During the last hot employment market, we saw an increase in IT contracting and we expect that trend to return," says Seven Step RPO's Berkowitz.

"A strong IT professional can do very well contracting -- making a higher hourly rate than they would make as a full-time employee -- and they can move from project to project every few months and take time off in between. It's a very attractive model for some employees. Employers would be smart to consider laying in some contract staff in addition to their full-time employees, especially for very hard-to-find or niche requirements," says Berkowitz.

"The global economy in general is moving to a contract or freelance workforce. It's now a $1 billion worldwide market, and projected to be $5 billion in the next five years," says Xenios Thrasyvoulou, founder and CEO of PeoplePerHour and SuperTasker.

"The flexibility benefits for both employees and employers are hard to beat; the ability to find exactly the talent you need for exactly the job you need them for is one of the drivers, as well as the desire for specialization without having to pay a premium long-term for a full-time employee," says Thrasyvoulou.

Prediction 6: HR Department Turn to Big Data

Big data will play a big role in the employment landscape in 2015, says Saba Software's He, as HR departments try to leverage data and translate it in ways that are meaningful to employees.

"We call it 'Intelligent Talent Management,' taking advantage of all that data around employee behavior, productivity, skills, system usage and workflow to grow workers skillsets and continue engagement and productivity. Using Big Data from employees can be helpful in determining who they should be connecting with on their career path, what skills and education might be valuable to them, what information they need and how better to improve their performance," says He.

"Looking ahead to 2015, we will see the emergence of the Chief Data Officer. This person will advance from the organization's Data Scientist role, and will possess strong left-brain and right-brain competencies. They will excel in the areas of math and science, but will also be extremely curious, collaborative, and communicative, and will work hand-in-hand with other key business leaders such as the Chief Digital Officer and the CIO," says Piyush Pant, vice president of strategic markets, MetricStream

 

This article originally published by:- CIO

What’s New in AngularJS 2.0

AngularJS has become one of the most popular open source JavaScript frameworks in the world of web application development. Since its inception, it has witnessed phenomenal growth in terms of adoption and community support—both from individual developers and corporations.

From humble beginnings, Angular has matured into a client-side MVW framework (that’s Model-View-Whatever) for the building of complex single-page applications. It places equal importance on application testing and application writing, while simplifying the development process.

The current version of Angular is 1.3. This version is both stable and performant and is used by Google (the framework’s maintainers) to power a great many of their applications (it’s estimated that that there are over 1600 apps inside of Google running on Angular 1.2 or 1.3).

Angular 2.0 was officially announced at the ng-conference in October, 2014. This version won’t be a complex major update, rather a rewrite of the entire framework and will include breaking changes!

Why Angular 2.0?

Before getting into further discussion about Angular 2.0 (which has an estimated release date of the end of 2015), let’s briefly consider the philosophy behind the new version. Angular 2.0 development was started to address the following concerns:

Mobile

The new Angular version will be focused on the development of mobile apps. The rationale is that it’s easier to handle the desktop aspect of things, once the challenges related to mobile (performance, load time, etc.) have been addressed.

Modular

Various modules will be removed from Angular’s core, resulting in better performance. These will find their way into Angular’s ever-growing ecosystem of modules, meaning you’ll be able to pick and choose the parts you need.

Modern

Angular 2.0 will target ES6 and “evergreen” modern browsers (those automatically updated to the latest version). Building for these browsers means that various hacks and workarounds that make Angular harder to develop can be eliminated allowing developers to focus on the code related to their business domain.

What’s the Controversy?

During the ng-conference there was no mention of a migration path to version 2.0. It was also pointed out that the jump to 2.0 version will lead to broken Angular 1.3 apps, as there won’t be any backwards compatibility. Since then, the developer community has been abuzz with uncertainty and speculation, with some developers questioning if it’s even worth starting a new Angular 1.3 project.

What Are the Changes?

AtScript

AtScript is a superset of ES6 and it’s being used to develop Angular 2.0. It’s processed by the Traceur compiler (along with ES6) to produce ES5 code and uses TypeScript’s type syntax to generate runtime type assertions instead of compile time checks. However, AtScript isn’t compulsory—you will still be able to use plain JavaScript/ES5 code instead of AtScript to write Angular apps.

Improved Dependency Injection (DI)

Dependency injection (a software design pattern in which an object is passed its dependencies, rather than creating them itself) was one of the factors that initially differentiated Angular from its competitors. It is particularly beneficial in terms of modular development and component isolation, yet its implementation was plagued with problems in Angular 1.x. Angular 2.0 will will address these issues, as well as adding missing features such as child injectors and lifetime/scope control.

Annotations

AtScript provides tools for associating metadata with functions. This facilitates the construction of object instances by providing the required information to the DI library (which will check for associated metadata when calling a function or creating an instance of a class). It will be also easy to override parameter data by supplying an Inject annotation.

Child Injectors

A child injector inherits all the services of its parent with the capability of overriding them at the child level. According to requirement, different types of objects can be called out and automatically overridden in various scopes.

Instance Scope

The improved DI library will feature instance scope control, which will become even more powerful when used with child injectors and your own scope identifiers.

Templating and Data Binding

Let’s take a look at templating and data binding as they go hand in hand when developing apps.

Dynamic Loading

This is a feature which is missing from the current version of Angular. It will be addressed by Angular 2.0, which will let developers add new directives or controllers on the fly.

Templating

In Angular 2.0, the template compilation process will be asynchronous. As the code is based on the ES6 module spec, the module loader will load dependencies by simply referencing them in the component definition.

Directives

In Angular 2.0 there will be three kinds of directives:

• Component Directives – These will create reusable components by encapsulating logic in JavaScript, HTML or an optional CSS style sheet.
• Decorator Directives – These directives will be used to decorate elements (for example adding a tooltip, or showing/hiding elements using ng-show/ng-hide).
• Template Directives – These will turn HTML into a reusable template. The instantiating of the template and its insertion into the DOM can be fully controlled by the directive author. Examples include ng-ifand ng-repeat.

Routing Solution

The initial Angular router was designed to handle just a few simple cases, yet as the framework grew, more and more features were bolted on. The router in Angular 2.0 has been reworked to be simple, yet extensible. It will include the following basic features:

• Simple JSON-based Route Config
• Optional Convention over Configuration
• Static, Parameterized and Splat Route Patterns
• URL Resolver
• Query String Support
• Use Push State or Hashchange
• Navigation Model (For Generating a Navigation UI)
• Document Title Updates
• 404 Route Handling
• Location Service
• History Manipulation

Now, let’s check out the features which make the improved router a catalyst to take Angular 2.0 to new heights.

Child Router

The child router will convert each component of the application into a smaller application by providing it with its own router. It will help encapsulate entire feature sets of an application.

Screen Activator

This will give developers finer control over the navigation lifecycle, via a set of can* callbacks:

• canActivate – Allow/Prevent navigating to the new controller.
• activate – Respond to successful navigation to the new controller.
• canDeactivate – Allow/Prevent navigation away from the old controller.
• deactivate – Respond to successful navigation away from the old controller.

These callbacks will allow the developer to return Boolean values, a Promise for that value, or a Navigation Command (for a lower level control).

Design

All of this logic is built using a pipeline architecture which makes it incredibly easy to add one’s own steps to the pipeline or remove default ones. Moreover, its asynchronous nature will allow developers to a make server request to authenticate a user or load data for a controller, while still in the pipeline.

Logging

Angular 2.0 will contain a logging service called diary.js—a super useful feature which measures where time is spent in your application (thus enabling you to identify bottlenecks in your own code).

Scope

$scope will be removed in Angular 2.0 in favor of ES6 classes.

Conclusion

There is a lot of excitement and buzz around Angular 2.0 at the moment and this will only heighten as its release date nears. The beginning of March will see the next ng-conf take place where it’s likely that more details of the next version will emerge.

Meanwhile opinion remains divided as to whether breaking change is a good thing. Proponents claim there are hard limits on the improvements that can be made to 1.x, whilst opponents are understandably nervous at the apparent lack of a migration plan.

Courtesy:- Sitepoint

The Top 7 Hybrid Mobile App Frameworks

The time has never been better to learn mobile application development. For many app ideas, you don’t even need any prior native development knowledge. You can get started today with knowledge of HTML, CSS and JavaScript. Unlike native mobile development, mobile applications using web technologies can support many mobile platforms.

There are many tools and framework available to help you create Mobile applications. In this article, we’ll look at our top 7.

IONIC

IONIC is one of the most promising HTML 5 mobile application frameworks. Built using SASS, it provides many UI components to help develop rich and interactive apps. It uses the JavaScript MVVM framework,AngularJS to power apps. Two-way data binding, interaction with backend services and APIs makes AngularJS a mobile developer’s common choice. With the coming release of AngularJS 2.0, focused on mobile, it’s sure to gain even more popularity.

The team at IONIC will soon be introducing an easier way to create IONIC apps with IONIC creator. This will be released soon and will have drag and drop functionality to get started with app development in minutes.

We have published several articles on Ionic, including getting started with mobile app development andgetting started with firefox os game development.

Mobile Angular UI

Mobile Angular UI is an HTML 5 framework which uses bootstrap 3 and AngularJS to create interactive mobile apps.

The main features of Mobile AngularUI include:

• Bootstrap 3
• AngularJS
• Bootstrap 3 mobile components such as switches, overlays and sidebars which are missing in normal bootstrap.
• AngularJS modules such as angular-route, angular-touch and angular-animate

Responsive media queries are stripped out of bootstrap as separate files, you only need to include what you need. Mobile Angular UI doesn’t have any jQuery dependencies, all you need are some AngularJS directives to create awesome mobile user experiences.

Take a look at the Mobile Angular UI demo page to see it in action. If you want to dig deeper, I would recommend reading our article on getting started with Mobile Angular UI.

Intel XDK

Intel XDK is a cross platform application tool developed by Intel. Getting started with Intel XDK is easy, all you need is to download their application which is free and available for Linux, Windows and Mac. It provides a number of templates to get started and supports a number of UI frameworks such as Twitter bootstrap, jQuery Mobile and Topcoat.

Intel XDK provides a live preview on the connected device whilst you are developing along side many other useful tools.

On a personal note, I think development using Intel XDK was the easiest. It uses a drag and drop approach, although it does create a lot of unnecessary code.

Our Introduction to Intel XDK is a great tutorial to get started developing with the platform.

Appcelerator Titanium

Appcelerator’s Titanium is an open source mobile application framework that provides an environment to create native apps for several mobile platforms

Titanium is a complete solution for creating hybrid mobile apps with all you need in one place. To get started with Titanium download Titanium studio. The Titanium SDK is equipped with a number of mobile platform APIs and Cloud service to use as an app backend. It comes with platform independent APIs which makes it easier to access phone hardware.

Titanium uses Alloy, a MVC framework to enable rapid development of mobile apps. Modules created using Alloy are easy to reuse across different apps, hence significantly reducing the development time and the lines of code.

Titanium studio comes with some code samples to get started and we hope to have a tutorial on SitePoint soon.

Sencha Touch

Sencha Touch is an HTML 5 mobile app framework for creating apps for several platforms including iOS, Android and Blackberry. It has been in existence for some years now and is popular among hybrid mobile application developers.

Sencha Touch scores highly against it’s competitors by providing a native look and feel across all of the platforms it supports.

Getting started with Sencha Touch isn’t that difficult but in order to get the best out of Sencha Touch, one needs to invest a considerable amount of time.

To get a feel of a Sencha Touch app, take a look at the samples provided on its official page. To get started developing using Sencha, read their official docs or our introductory tutorial from last year.

Kendo UI

Telerik’s Kendo UI is an HTML 5 framework for creating cross platform mobile applications. Kendo UI relies heavily on jQuery and has a number of jQuery based widgets.

Learning Kendo UI is not difficult, developers familiar with jQuery will find Kendo UI easy to learn. Kendo UI has open sourced most of Kendo UI’s toolset and JavaScript framework features. However most of the commonly used widgets are still under a commercial license.

To get started developing with Kendo UI, refer to the official documentation. They also have a number of video tutorials to help learn the framework.

PhoneGap

PhoneGap is the odd one out in this list as it’s not a framework for creating an app, but for packaging and releasing an app. PhoneGap is based on the open source Cordova and is the commercial version owned byAdobe. With a dedicated support team, PhoneGap is popular amongst many mobile developers.

You can use any choice of JavaScript or UI frameworks to get started with PhoneGap. jQuery Mobilealongside KnockOut.js or AngularJS is a nice combination. Once you are done with your code, PhoneGap takes it from there and wraps it based on the intended platform. Applications built using PhoneGap use a web view to render their content. PhoneGap has a minimal set of web APIs to access phone hardware features and it’s possible to write custom plugins to suit requirements.

Refer to the PhoneGap documentation to get started, or Building a currency converter using PhoneGap is a good starting point.

Bonus

app.js is a JavaScript library for creating mobile web apps. It’s lightweight and unlike other frameworks, doesn’t use AngularJS. It provides several custom themes and widgets. You can write the app using zepto orjQuery. A good starting point is An intro to App.js.

Conclusion

In this article, we discussed some of the best HTML 5 mobile app development frameworks. HTML 5 mobile development is evolving day by day and there are always new options emerging. What have been your favorite frameworks to use when developing a mobile app?

Courtesy:- Sitepoint.com