Three topics for thought and research in 2005:

1. Deception – we distrust and actively dismiss the use of deception, or "security through obscurity" for information security needs. Yet, deceptive techniques have been useful, and continue to be useful for many other types of security.
2. Virtualization – virtualization can be a security nightmare or it can be used to ensure availability of resources and effectively neutralize denial-of-service attacks. Virtualization is also a form of deception to an attacker that thinks he is attacking a physical resource.
3. Dynamic Access Control – using triggers to determine the access control infrastructure is another technique that isn’t well-regarded in the security profession. Yet, we are already starting down that path with network admission control and "just-in-time security."