Essential Guide

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

An IT security strategy guide for CIOs

With cyberthreats growing in number and sophistication, security should be a top priority for CIOs -- now more than ever. In this guide, learn how to combat cyberthreats and develop an effective IT security strategy.


Despite substantial efforts to contain them, threats to cybersecurity continue to grow and are expected to get worse before they get better, according to experts. In our annual IT priorities survey of nearly 400 North American IT professionals, security once again was identified as an area in which a considerable percentage of IT professionals -- 22% in this year's survey -- devote most of their time. To make sure that time isn't spent treading water, CIOs and IT executives need to develop an IT security strategy that utilizes the right tools and encompasses the many facets of IT -- from mobile and cloud to IoT and analytics and everything in  between.

In this Essential Guide, explore the cybersecurity landscape and absorb the latest information around next-generation security architectures, attack detection and response, governmental intervention in the professional threat economy and how companies are handling data breaches.

Our Essential Guides are designed to give IT leaders strategic management and decision-making advice on timely technology topics.

1IT security strategy overview-

Designing your cybersecurity roadmap

Due to the continuous onslaught of cyberthreats and the immeasurable number of approaches IT executives can take in the defense against such threats, choosing the right IT security strategy for your organization isn't easy. This section simplifies things for you by delving into next-gen security architecture and tips and best practices for combatting today's cyberthreats.


Adopting a next-generation cybersecurity architecture

In this Q&A with Nemertes Research CEO Johna Till Johnson, learn why now is the time to move to a next-generation security architecture and get strategic best practices for getting the job done. Continue Reading


Current cybersecurity needs overhaul, experts say

Cybersecurity experts urge enterprises to embrace new tools, including micro-virtualization and intelligence-led security, to redeem "brittle" security systems. Continue Reading


Managing public perception following a data breach

When planning out how to handle a data breach, special consideration should be given to managing public perception. One piece of advice from MIT research: Don't play the victim. Continue Reading


Surviving cyberassaults: Seven pillars of digital resilience

Rather than securing systems against cyberattacks, CIOs should start practicing digital resilience, according to a new book from the World Economic Forum and McKinsey & Company. Continue Reading


Eight steps for building a data breach plan

Take these eight points into account when constructing a data breach plan that addresses the many variations a hack can take. Continue Reading


Creating a DR/BC strategy for the data breach age

In the current cyberthreat landscape, a good enterprise disaster recovery/business continuity plan must put data first, says Harvey Koeppel. He offers 10 tips for getting there. Continue Reading


A 12-point cybersecurity checklist for CIOs

SearchCIO columnist Harvey Koeppel provides a CIO checklist for dealing with the multiple dangers of today's cyberthreat landscape. Continue Reading


Cybersecurity best practices for the digital age

In this tip, learn how information classification and other governance techniques have become crucial to cybersecurity and compliance in the digital age. Continue Reading


Modern infosec complicated by network growth

In this video interview, In-Q-Tel CISO and cybersecurity pioneer Dan Geer discusses modern information security and how network growth is influencing companies' data protection strategies. Continue Reading


Crafting a better enterprise IT security roadmap

In this webcast, Johna Till Johnson of Nemertes Research explains how to develop a functional enterprise IT security roadmap for your organization. Continue Reading

2Security culture-

When it comes to IT security, culture is king

Sometimes the biggest security threat can come from within. Without the right environment, mindset and personnel, an organization's IT security is put at risk. In this section, learn how important it is to inform your people and promote a culture of security at your organization.


Human behavior a constant threat to information security

Human error remains a constant among the top threats to information security. Here, Niel Nickolaisen offers three pieces of advice for mitigating our mistakes. Continue Reading

Blog Post

Vigilance, curiosity equal better security

Many organizations suffer from a "perception-reality gap" when it comes to information security, according to Brian Krebs, investigative reporter. This blog post details the threat landscape and how CIOs should respond. Continue Reading


First step in data protection: End-user security awareness

In this video interview, Marci McCarthy, CEO and president at Tech Exec Networks, discusses information security best practices and why end-user security awareness is the front line of corporate data protection efforts. Continue Reading


Creating a "culture of security" requires new look at business priorities

Many organizations strive to make creating a "culture of security" a priority, but doing so requires business leaders to reexamine data protection's role in bottom-line success. Continue Reading

Blog Post

Pay attention to the human element in fighting security threats

This blog post details why relationship building and top-down employee support is necessary in information security. Continue Reading

3Mobile security-

Mobile security is in your hands

If you're not focusing security efforts on mobile, think again. The number of mobile devices now outnumbers the number of people in the world, making securing those devices -- through next-gen tools and some forward thinking -- a priority for any organization. In this section, get tips on how to address mobile security concerns.


Next-gen mobile security: Risks and pointers

Next-generation security tools and forward thinking on the part of CIOs are required in today's mobile-dominated world. Continue Reading


Customer convenience trumps mobile payments security concerns

Mobile payment systems ignite fear among infosec pros, but customer trust and convenience overshadow security concerns at their organizations. Continue Reading


The top three mobile security threats that challenge IT

Mobile security threats, such as malware and file-sharing data leakage, are escalating across the enterprise. IT needs strong best practices to mitigate these threats. Continue Reading

4Cloud security-

Developing a cloud security strategy

As organizations move more and more data to the cloud, cultivating a cloud security strategy is becoming a top CIO imperative. In this section, discover tools and best practices for improving your organization's cloud security.


Cloud security culture imperative to business success

Cultivating a cloud security culture and enlisting a CISO are vital to organizations in the cloud computing era, a new report shows. Continue Reading

Blog Post

A CIO's three tips for better cloud security

In the age of cloud, doling out general advice for improving security is hard because all organizations are different. But there are some guidelines to follow, according to Brian Lillie, CIO at data center builder Equinix. Continue Reading


University IT departments fight to stay accessible, secure

Now more than ever, university IT departments have the difficult task of maintaining a culture of openness while protecting against growing security threats. Continue Reading

Blog Post

Say no to cloud computing options without security

When it comes to cloud computing options, security is a top consideration, according to Todd Miller, director of operations, IT and facilities at medical products manufacturer Millar. Continue Reading

Blog Post

CASB: A cloud security tool for your enterprise needs

A cloud access security broker is a good cloud security tool that serves as a gatekeeper to your organization's systems and loops in whatever security policies you already have in place. Continue Reading

5IoT security-

Security in an increasingly connected world

IoT devices are proliferating at a rapid rate. And the more connected we get the more important it becomes to protect the massive amount of data involved. That's why IoT security is becoming a vital part of any organizations security roadmap. In this section, explore the biggest security concerns raised by IoT and get tips for addressing them.


Securing IoT devices remains low priority for developers

MIT cybersecurity expert Stuart Madnick says we're woefully unprepared to protect the proliferating population of IoT-enabled devices. Continue Reading


RSA Conference 2016: IoT will fail if security is not top priority

According to experts at RSA Conference 2016, it's time for organizations to put IoT security first -- or risk the inevitable downfall of the internet of things. Continue Reading


IoT device security triggers new data protection questions

this video, vArmour CISO Demetrios Lazarikos discusses how companies' efforts to secure IoT devices are influencing their overall infosec strategy. Continue Reading


No precedent when it comes to addressing IoT security challenges

As the internet of things grows, so will accompanying enterprise security challenges. In this webinar, learn how a lack of focus on IoT security challenges during the design stage could create numerous data protection vulnerabilities. Continue Reading

Blog Post

Ten IoT security myths debunked

This IoT Agenda blog post puts to rest some of the most common IoT security myths. Continue Reading

6Security budgets-

Don't spend more, spend right

Investing in security is always a good idea, but throwing money at the problem won't cut it. In this section, find out how to manage your IT security spending efficiently.


Why CIOs should shift IT security spending to attack detection, response

Prevention-focused security strategies won't thwart all threats. CIOs need to shift IT security budgets toward attack detection and response. Continue Reading


Cut information security costs with smart personnel, strategy

In this video interview, Jeff Reich, chief security officer at, discusses how embedding data protection efforts in corporate strategy can reduce information security costs. Continue Reading


Why an unlimited cybersecurity budget isn't good for security

A cybersecurity budget with no restrictions may sound like a dream, but it could actually harm enterprise security, says enterprise security management expert Mike O. Villegas. Continue Reading

7Security and the government-

Cybersecurity legislation and CIOs

Cybersecurity isn't just a business priority. Facing new pressures from today's increasing cyberthreats, the U.S. government is realizing it needs to step in to assess the IT security landscape and enact legislation to address some of the top concerns. In this section, find out how the government is responding to increasing IT security concerns and what impact it will have on IT executives.


Evaluating Obama's $19B cybersecurity plan

President Obama unveiled a $19 billion national cybersecurity plan to address the cybersecurity skills shortage and mounting cyberthreats, but questions remain. Continue Reading


Wisconsin's CIO: Prepare for cyberattack on the power grid

A cyberattack on the power grid may be imminent, says Wisconsin's CIO. For an effective response, the public and private sectors need to work together. Continue Reading


Burgeoning data threats intensify security info sharing debate

The federal government is encouraging cybersecurity info sharing to offset threats to data, but some businesses are worried that the data protection measures might infringe on privacy. Continue Reading


Congress assesses blockchain security amid ransomware attacks

Legislators have begun examining cryptocurrencies and blockchain security amid growing instances of cybercrime, such as the ransomware attacks on NYT and BBC. Continue Reading

8Security and analytics-

The devil's in the data

Don't underestimate the importance of data analytics in your IT security strategy. In this section, learn how to best tap analytics at your organization to identify, monitor and prevent threats from harming your data.


Information security monitoring, analytics for the digital age

The rising number of attacks has led to a big increase in cybersecurity intelligence data that can be analyzed to prevent future incidents. But rapidly advancing technology makes it hard to stay ahead of the curve. Continue Reading


Tapping analytics improves cybersecurity risk management

Amid continuous data breaches, companies are turning to data analytics to help identify vulnerabilities and make cybersecurity risk management more efficient. Continue Reading

Photo Story

Advanced security analytics: Finding the best analytics tool

Next-gen security analytics tools provide proactive and responsive analysis of security events. Nemertes Research CEO Johna Till Johnson explains. Continue Reading


IT security strategy terms

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.