A major part of the discussion for the group included the different types of attack vectors associated with mobile technology, social media and cloud computing. From the details, they discussed the types of controls that need to be put in place for each. The group agreed that it has to start with policy. There was also agreement that there is a distinct need to understand the data in question. What is information security looking to protect? Some of the key points that came up were holistic review of the environment. It’s not enough anymore because some of the technologies used to protect these environments don’t necessarily cross the different disciplines in a reliable way. The group also covered some of the impacts associated with social media and the ways needed to protect that going forward. There’s a lot of work that needs to be done on that front. The group also noted that the process is not something that can be started today and done by tomorrow. It’s a journey and a lifecycle that’s going to take some time.