Information security has evolved from addressing minor and harmless security breaches to managing those with a huge impact on organizations’ economic growth. This paper investigates the evolution of information security; where it came from, where it is today and the direction in which it is moving. It is argued that information security is not about looking at the past in anger of an attack once faced; neither is it about looking at the present in fear of being attacked; nor about looking at the future with uncertainty about what might befall us. The message is that organizations and individuals must be alert at all times. Research conducted for this paper explored literature on past security issues to set the scene. This is followed by the assessment and analysis of information security publications in conjunction with surveys conducted in industry. Results obtained are compared and analyzed, enabling the development of a comprehensive view regarding the current status of the information security landscape. Furthermore, this paper also highlights critical information security issues that are being overlooked or not being addressed by research efforts currently undertaken. New research efforts are required that minimize the gap between regulatory issues and technical implementations.