***Editor's Note: Tune-in this Wednesday to ebizQ's Threatscape 2008 for an in-depth look at the next wave of attacks being planned by hackers. Sign-up right here.

Let's face it, though the Internet has made it easier to get information and services, it can be a dangerous place to compute. Every day, cyber criminals are unleashing malware, worms and spam, hoping to pry loose critical information for monetary gain.

Last year was plagued by several costly international security incidents, with hacker hotbeds in China, Russia, the U.S. and the U.K. Research Firm Ponemon Institute revealed that the average cost per security incident was $6.3 million in 2007, compared to an average per-incident cost of $4.8 million in 2006 -- and this was in the U.S. alone.

These numbers demonstrate that CISOs must focus more efforts on best securing their enterprises in 2008, so the cost per incident doesn't skyrocket yet again. Now that we have a few weeks of the New Year under our belts, here are the trends I see persisting and the areas CISOs should pay the most attention in 2008.

1. Compliance
SOX, HIPAA, PCI-DSS and HSPD-12. This alphabet soup of compliance regulations are major pain points for enterprises. In the past few years, increasingly strict deadlines for global compliance laws have forced companies to reevaluate their security practices and take more steps toward improvement. Businesses are already using technology that identifies who accessed what on their systems, and detects and resolves security problems. It's a good start, but there is still much more that needs to be done.

In 2008, businesses can expect the government to become even more involved with compliance and security standards. Therefore, CISOs must be able to demonstrate they are meeting mandated requirements. Specifically, CISOs will be asking, "How can I prove to auditors that I am compliant and how can I simplify the process?" This is the underlying theme for all compliance efforts, and the number of fines will increase if businesses do not find the answer. As such, technology that can automate and validate network activity to meet compliance requirements will be incredibly important.