-
Identity management guide for CIOs
Identity management can mean the difference between secure and compromised information systems. Get news, tips and more in our CIO Briefing. CIO Briefing
-
PCI DSS FAQ: The Payment Card Industry Data Security Standard and IT
This resource provides answers and resources to frequently asked questions regarding the Payment Card Industry Data Security Standard (PCI DSS). FAQ
-
Enterprise risk management quiz for CIOs
Enterprise risk management (ERM) is getting increased attention due to concerns about data protection, NAC, cloud computing and compliance. Learn more about ERM and take our quiz. Quiz
-
Information security policies and practices for CIOs
The right information security policies and practices can keep your company's IT network secure and safe from the seemingly infinite number of threats via the Internet. CIO Briefing
-
Information security, risk management and compliance staffing guide
Information security, risk management and compliance are serious issues for CIOs. This Executive Guide offers insights on how to recruit, manage and retain skilled IT staff members who can manage these complicated tasks. CIO Briefing
-
Security management: Special Report for CIOs
Information security managers and CIOs must know how to deal with attacks that probe networks and systems and they must have risk mananagement plans in place. Learn more about steps you can take to protect your company in this Special Report from CIO... Special Report
-
Security: When is enough, enough?
View The Institute for Applied Network Security Managing Partner Jack Phillips' CIO Decisions 2006 presentation here. Presentation
-
Learning Guide: SOX compliance for the security practitioner
This collection of resources offers security managers in-depth information to help keep their organization compliant with SOX. Learning Guide
-
Personalization: Now it's concierge treatment
The formerly over-hyped personalization market has given personalization a bad reputation. But this technology is especially valuable when used in concert with segmentation. Research Report
-
Who's the 'insider' security campaigns target?
Can CIOs learn anything from a security campaign launched by the military more than 60 years ago? News | 01 Feb 2012
-
Mobile, social engineering top data security management concerns
Spear phishing, mobile device management and social engineering top IT executives' data security management agendas for 2012. News | 10 Jan 2012
-
Re-evaluating endpoint security tools
Has technology advanced to the point that some endpoint security tools -- and the staff needed to support them -- will go away? News | 05 Jan 2012
-
Getting a grip on shadow IT in the age of self-service technology
Shadow IT should be a serious concern for all CIOs in an age of self-service technology. Here's how to get a grip on it. News | 12 Dec 2011
-
CIOs aren't letting cloud security risks derail move to the cloud
CIOs are getting a handle on cloud security risks by using trusted providers and doing due diligence in negotiating contracts. Still, concerns linger. News | 09 Nov 2011
-
Automated software quality metrics a cure for slapdash software?
Can automated software quality metrics for gauging structural integrity cut development costs and reduce business risk? One consortium says they can. News | 11 Aug 2011
-
Mobile data security spans policies, budgets and backups
A proliferation of mobile devices in the enterprise forces CIOs to reassess policies, budgets and backups for mobile data security. News | 12 Oct 2010
-
Mobile phone security policies give IT some control over the influx
There's no turning back mobile devices' invasion of the enterprise. CIOs need to put mobile phone security policies in place to control these uninvited guests. News | 16 Sep 2010
-
Cloud location: Why it's important to know where your data resides
The Internet may be everywhere, but experts say cloud location is important to consider. Find out why. News | 25 Jun 2010
-
CIOs weigh use of social media against security concerns
CIOs are trying to balance the business use of social media with their concerns about security, as policies and security tools fail to keep pace with the adoption of social media. Article | 22 Apr 2010
- See More: News on Enterprise information security management
-
Four priorities in securing the extended enterprise
The extended enterprise encompasses mobile, social and cloud technology, and requires four decisive security countermeasures, Forrester Research says. Tip
-
CEB survey lays out senior IT managers' public-cloud concerns
In a new survey, senior IT managers name 19 flaws in the public cloud. Five of those flaws stand out, but many believe they all can be overcome. Tip
-
Cloud computing identity management standards could push cloud use
Cloud computing identity management standards are in the works to ensure the open and secure exchange of identities in the cloud. Tip
-
New evaluation criteria for Web application security scanners
Impartial information about Web application security testing products has been hard to come by -- but new scanner evaluation criteria from the Web Application Security Consortium may change things. Tip
-
Information security program revamp adds outsourcer oversight and more
Read how one CIO used risk assessment, a dashboard, outsourcer oversight and one-on-one talks to build a robust security program. Tip
-
10 must-have steps for an effective SMB information security program
No information security program would be complete without these security tips from the NIST, which has compiled advice just as security threats to smaller businesses are on the rise. Tip
-
Security and compliance can go together, when done in the right order
You can have security and still not be in compliance -- but you can't have true compliance without real security. How to avoid getting caught in the security and compliance trap. Tip
-
Steps toward making information security as important as data security
Unlike data security, information security must recognize the substance of information along with its association with those authorized to receive it. Tip
-
Run encryption the right way to ensure wireless network security
You may be compliant by enabling WPA or WPA2 encryption for wireless network security, but you won't be secure unless you implement strong password security. Tip
-
What's the Massachusetts data protection law and what does it require?
Massachusetts' data protection law, 201 CMR 17.00, focuses on prevention rather than notification. Here are the technologies and policies you'll need for compliance. Tip
- See More: Tips on Enterprise information security management
-
control framework
A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Definition
-
Sarbanes-Oxley Act (SOX)
The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the... Word
-
Big data creating need for tighter fraud prevention controls
A security expert talks about fraud prevention tools that work and those that don't, and why it's so important to customize a fraud detection system. Podcast
-
Equifax’s fraud prevention expert talks tricks of the trade
Equifax’s security expert talks frankly about fraud prevention and detection, and why billing systems are one of his frontline defenses. Podcast
-
What next-generation business intelligence will mean for CIOs
Next-generation business intelligence requires getting data under control and delivering the right information proactively, according to an expert CIO panel. Video
-
Raytheon seeks to innovate around IT security services
With threats commonplace and new breaches every day, innovation around IT security services can seem impossible. Not so, Raytheon's deputy CISO says. Video
-
Mobile data protection options for enterprise CIOs
What mobile data protection tools and options are available to safeguard mobile devices that could potentially be lost or stolen? Find out here. Podcast
-
VoIP vulnerabilities: Why firewall protection is not enough
Voice over Internet Protocol (VoIP) systems need to be protected by more than just firewalls. Learn more in this podcast. Podcast
-
10 tips in 10 minutes: Understanding and complying with security breach notification laws
In this rapid-fire session, information technology lawyer Matt Karlyn delivers 10 tips you can use to better understand and comply with state security breach notification laws. Karlyn discusses several of the more complex elements of some states laws... Podcast
-
Justifying the costs of identity and access management to executives
Identity and access management is easy to explain in qualitative terms, but difficult to quantify. Expert Joel Dubin offers tips on how to get buy-in from execs in this podcast. Podcast
-
Who's the 'insider' security campaigns target?
Can CIOs learn anything from a security campaign launched by the military more than 60 years ago? News
-
Four priorities in securing the extended enterprise
The extended enterprise encompasses mobile, social and cloud technology, and requires four decisive security countermeasures, Forrester Research says. Tip
-
Mobile, social engineering top data security management concerns
Spear phishing, mobile device management and social engineering top IT executives' data security management agendas for 2012. News
-
Re-evaluating endpoint security tools
Has technology advanced to the point that some endpoint security tools -- and the staff needed to support them -- will go away? News
-
Getting a grip on shadow IT in the age of self-service technology
Shadow IT should be a serious concern for all CIOs in an age of self-service technology. Here's how to get a grip on it. News
-
Big data creating need for tighter fraud prevention controls
A security expert talks about fraud prevention tools that work and those that don't, and why it's so important to customize a fraud detection system. Podcast
-
Equifax’s fraud prevention expert talks tricks of the trade
Equifax’s security expert talks frankly about fraud prevention and detection, and why billing systems are one of his frontline defenses. Podcast
-
CIOs aren't letting cloud security risks derail move to the cloud
CIOs are getting a handle on cloud security risks by using trusted providers and doing due diligence in negotiating contracts. Still, concerns linger. News
-
What next-generation business intelligence will mean for CIOs
Next-generation business intelligence requires getting data under control and delivering the right information proactively, according to an expert CIO panel. Video
-
CEB survey lays out senior IT managers' public-cloud concerns
In a new survey, senior IT managers name 19 flaws in the public cloud. Five of those flaws stand out, but many believe they all can be overcome. Tip
- See More: All on Enterprise information security management
About Enterprise information security management
The challenges of information security management include regulatory compliance, risk management, information security standards, security frameworks, disaster recovery and more. In many IT organizations, the CIO or chief security officer (CSO) is responsible for the information security management of the company. Find the latest information security management information for CIOs, including news, tips and other resources, here in this topic section.