In regard to the trend of Information Security, one point of view is that Information Security is moving from the technical domain to the management domain.
Indeed. I agree with this, as in general speaking Security is a management issue, therefore Information Security will eventually become into management domain.
In management domain, Security Awareness is the key to make a security program successful. As a result, the relevant awareness policy and/or awareness training will be a direction.
Another direction should be, as always, Standardization in turn to adopt the best practices in the management domain in varied industries.
The above are just my two cents.