Midmarket CIO Briefings

Information security policies for the midmarket

SearchCIO-Midmarket.com Staff

Technological advances in the workplace can represent the proverbial double-edged sword for CIOs tasked with anticipating effective information security policies for their organizations. The spread of mobile devices, the rise of cloud computing and the popularity of social media allow employees to access company information anytime, anywhere, and that decentralized level of access creates many more opportunities for sensitive company information to end up in the wrong hands.

Has your organization created strong information security policies in the areas of mobility, cloud computing and social media to ensure that your private company data stays, well, private? Learn how to establish or update your existing information security policies in this Midmarket CIO Briefing.

This guide is part of SearchCIO-Midmarket.com's Midmarket CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics. For a complete list of topics covered to date, visit the Midmarket CIO Briefings section.

Table of contents

Mobile device security

Table of Contents

Smartphones have completely wriggled their way into our lives, both business and personal. Pity the CIO who forgets about these powerful and popular tools when it comes to securing and managing his network. For some, smartphones and other mobile devices are the weakest link in their networks, simply due to failure to successfully manage mobile devices.

Focus on two key areas for mobile device management:

  • Deployment or the management of updates and other changes to mobile devices.
  • Security or the ability to ensure that mobile devices are secure at all times.

Learn more in "Do you know where your smartphones are? Tips to manage mobile devices." Also:

Cloud computing security policies

Table of Contents

IT executives are finding that they need to rethink their information security strategy and regulatory compliance practices as they move to a cloud computing environment in which data and resources are shared beyond their firewalls.

Raytheon Co. has made considerable investments in cybersecurity with traditional methods like intrusion prevention systems and firewalls, but those measures “get wasted” because they aren’t sitting in front of outsourced data and infrastructure in the cloud, said Michael Daly, deputy CISO and director of IT services at Raytheon. “So you are less able to take direct action yourself [in a cloud environment], and we need to figure out how to extend our cybersecurity practices and systems out to that outsourced environment.”

Get more information in "Cloud computing tests information security strategy limits." Also:

Social media risks

Table of Contents

Social networks are now a part of everyday life, with thousands of midmarket companies using social media for business reasons. Whether it is to share pictures with your loved ones, to try to edge closer to potential customers or to try to enter into new markets, both individuals and organizations are leaping into social networks without regard for the consequences. But is this social migration a good idea?

Social network providers own all the data they hold. As soon as you place something -- pictures, bios, news items or anything else -- onto a social network, the network provider becomes the owner of the content and can therefore use it however it wants. Removing this information from the social network can be nearly impossible at times.

Learn more in "Using social media for business: Don't risk your confidential data." Also:

Data security

Table of Contents

High-profile data breaches have demonstrated that even worldwide enterprises with household names aren’t immune to the loss of sensitive information. One person well aware of this vulnerability is Thomas Logan, who has spent the past decade creating software applications that address Web content compliance risks and accessibility concerns.

As chief technology officer at HiSoftware Inc. in Nashua, N.H., Logan helps design solutions for organizations to manage and govern their electronic information systems. In recent years, he has focused on issues of data security and privacy for both corporate enterprises and large public-sector agencies. He has experience designing compliance solutions for a broad suite of technologies, including Microsoft SharePoint, ASP.NET, Windows Presentation Foundation, Windows Forms, Flash, JavaScript and Delphi.

SearchCompliance.com recently caught up with Logan to get his thoughts on data security and privacy trends, and how companies can prepare an effective GRC strategy to alleviate compliance risks.

Get more information on data security risks in the full Q&A, "How ignoring data security and privacy leads to compliance risks." Also:

This was first published in January 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: