Joan Goodchild’s story “10 Things That Didn't Happen in 2009 (And Probably Won't Happen in 2010)”  in CSOonline.com provides a followup to a clever article contributed a year earlier by David Kelleher from GFI Software, “10 Things That Won’t Happen in 2009”. What makes the article noteworthy is how it makes its point using absurdity. For example:

    Prediction #8: Company devices and data will be never be lost again in 2009

Most senior managers would acknowledge the this prediction was wishful thinking at best: at most companies, devices and data were lost in 2009 (and 2008, etc.) Therefore, to avoid what is an absurdly obvious risk, management will need to support action by the security program (some investment in technology, physical security, and/or awareness training.)

Predictions for the new year (and end-of-year reviews of last years predictions) can be an effective way to discuss information risk with senior managers. Use predictions developed in-house—or take a shortcut and refer to Kelleher’s list as a starting point.

—Jim Herbeck