BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
An IT security strategy guide for CIOs
-
Article
Cybersecurity strategies for 2017
Security experts offer advice on the "resolutions" companies should be making to build a robust cybersecurity strategy this year. Read Now
-
Article
Threat hunters: A new breed of security pros
As cyberattacks on the enterprise continue to grow in number, organizations need a new breed of security professionals that experts call "threat hunters." Read how threat hunters are emerging as a new line of defense against cyberattacks and how they can help you detect security incidents. Read Now
-
Blog
Tips on building a robust information security strategy
During a panel discussion sponsored by Women in Technology International, security experts offered advice about countering data breach threats and how organizations can strengthen their information security strategy. Read Now
-
Article
Adopting a next-generation cybersecurity architecture
In this Q&A with Nemertes Research CEO Johna Till Johnson, learn why now is the time to move to a next-generation security architecture and get strategic best practices for getting the job done. Read Now
Editor's note
Despite substantial efforts to contain cybersecurity threats, they continue to grow and are expected to get worse before they get better, according to experts. In our annual IT priorities survey of nearly 971 North American IT professionals, security once again was identified as an area in which a considerable percentage of IT professionals -- 23% in this year's survey -- devote most of their time, second only to general IT management, which was cited by 27% of respondents. To make sure that time isn't spent treading water, CIOs and IT executives need to develop an IT security strategy that utilizes the right tools and encompasses the many facets of IT -- from mobile and cloud to IoT and analytics and everything in between.
In this Essential Guide, explore the cybersecurity landscape and absorb the latest information around next-generation security architectures, attack detection and response, governmental intervention in the professional threat economy and how companies are handling data breaches.
1When it comes to IT security, culture is king
Sometimes the biggest security threat can come from within. Without the right environment, mindset and personnel, an organization's IT security is put at risk. In this section, learn how important it is to promote a culture of security at your organization and how to educate your employees on security best practices.
-
Article
Human error continues to threaten companies' data security
In this Q&A with Bryan Sartin, managing director of the Verizon RISK Team, learn why human error remains among the biggest data security threats that organizations face today and the data security best practices that they should be implementing to offset breach vulnerabilities. Read Now
-
Article
Ransomware detection: How to train your employees
Rohyt Belani, chief executive and co-founder of security firm PhishMe, explains how organizations can condition and train employees to help detect phishing scams, transforming them from being a liability to an asset when it comes to ransomware attacks. Read Now
-
Video
First step in data protection: End-user security awareness
In this video interview, Marci McCarthy, CEO and president of Tech Exec Networks, discusses information security best practices and why end-user security awareness is the front line of corporate data protection efforts. Watch Now
-
Video
Creating a 'culture of security' requires new look at business priorities
Many organizations strive to make creating a "culture of security" a priority, but doing so requires business leaders to reexamine the role of data protection in bottom-line success. Watch Now
-
Blog
Pay attention to the human element in fighting security threats
This blog post details why relationship building and top-down employee support is necessary in information security. Read Now
2Mobile security is in your hands
If you're not focusing security efforts on mobile, think again. The number of mobile devices now outnumbers the number of people in the world, making securing those devices -- through next-gen tools and some forward thinking -- a priority for any organization. In this section, we give you an overview of the emerging and prevailing mobile security threats, and provide tips on how to address these concerns.
-
Article
'Promiscuous' users: A growing threat to mobile security
In this Q&A, Gartner analyst Dionisio Zumerle explains how "promiscuous" users -- employees who use their tablets and mobile devices for both official and personal use -- can be a mobile security threat. Zumerle also details the mobile security best practices modern organizations should be adopting. Read Now
-
Article
The top three mobile security threats that challenge IT
Mobile security threats, such as malware and file-sharing data leakage, are escalating across the enterprise. IT needs strong best practices to mitigate these threats. Read Now
3Crafting a cloud security strategy
As organizations move more and more data to the cloud, cultivating a cloud security strategy is becoming a top CIO imperative. In this section, learn about factors driving cloud threats, and strategies and best practices for improving your organization's cloud security.
-
Article
Cloud security culture imperative to business success
Cultivating a cloud security culture and enlisting a CISO are vital to organizations in the cloud computing era, a new report shows. Read Now
-
Blog
A CIO's three tips for better cloud security
In the age of cloud, doling out general advice for improving security is hard because all organizations are different. But there are some guidelines to follow, according to Brian Lillie, CIO at data center builder Equinix. Read Now
-
Video
Building a robust cloud information security strategy
In this video, vArmour senior vice president and chief cybersecurity strategist Mark Weatherford discusses the biggest threats to corporate cloud information security and offers pointers on securing information in the cloud. Watch Now
-
Article
Does encrypting data in the cloud guarantee security?
As organizations increasingly move more applications to the cloud, they see encryption as a foolproof way to secure information in the cloud. But encryption doesn't guarantee protection, says Gartner analyst Ramon Krikken. Read Now
-
Blog
Cloud security: Custom applications in the cloud pose new threat
Custom applications built outside the purview of IT and deployed in the public cloud are vulnerable to cyberattacks, according to research released by the Cloud Security Alliance. Read how this could impact CIOs. Read Now
-
Article
University IT departments fight to stay accessible, secure
Now more than ever, university IT departments have the difficult task of maintaining a culture of openness while protecting against growing security threats. Read Now
4Security in an increasingly connected world
IoT devices are proliferating at a rapid rate, spiking IoT data security concerns in the process. The more connected we get the more important it becomes to protect the massive amount of data involved. That's why IoT security is becoming a vital part of any organization's IT security roadmap. In this section, we explore the biggest security concerns raised by IoT and offer tips about how to address them.
-
Article
Securing IoT devices remains low priority for developers
MIT cybersecurity expert Stuart Madnick says we're woefully unprepared to protect the proliferating population of IoT-enabled devices. Read Now
-
Article
Is IoT the next ransomware victim?
In this Q&A, IBM executive security advisor Etay Maor shares insight on the strategies employed by cyberattackers and explains why IoT devices are so vulnerable to ransomware attacks. Read Now
-
Article
RSA Conference 2016: IoT will fail if security is not top priority
According to experts at RSA Conference 2016, it's time for organizations to put IoT security first -- or risk the inevitable downfall of the internet of things. Read Now
-
Video
IoT device security triggers new data protection questions
In this video, vArmour CISO Demetrios Lazarikos discusses how companies' efforts to secure IoT devices are influencing their overall infosec strategy. Watch Now
-
Video
No precedent when it comes to addressing IoT security challenges
As the internet of things grows, so will accompanying enterprise security challenges. In this webinar, learn how a lack of focus on IoT security challenges during the design stage could create numerous data protection vulnerabilities. Watch Now
5Don't spend more; spend right
Investing in security is always a good idea, but throwing money at the problem won't cut it. In this section, find out how to manage your IT security spending efficiently.
-
Article
What are my post-breach cybersecurity spending priorities?
Mike O. Villegas, vice president at tech consulting firm K3DES, explains how organizations can identify their top cybersecurity spending priorities in the aftermath of a cybercrime incident and why learning from the experience is important to prevent future threats. Read Now
-
Article
Security pros: Cybersecurity budgets not keeping pace with rising threats
While there has been a rise in security budgets, spending on security is not on par with the growing threat landscape, according to a study by the Institute of Information Security Professionals. Read Now
-
Video
Cut information security costs with smart personnel, strategy
In this video interview, Jeff Reich, chief security officer at Barricade.io, discusses how embedding data protection efforts in corporate strategy can reduce information security costs. Watch Now
-
Article
Why an unlimited cybersecurity budget isn't good for security
A cybersecurity budget with no restrictions may sound like a dream, but it could actually harm enterprise security, says expert Mike O. Villegas. Read Now
6Cybersecurity legislation and CIOs
Cybersecurity isn't just a business priority anymore. Facing new pressures from today's increasing cyberthreats, the U.S. government is stepping in to assess the IT security landscape and enacting legislation to address some of the top concerns. In this section, find out how the government is responding to increasing IT security concerns, how emerging technologies are influencing the legislative process and how such legislation will impact IT executives.
-
Article
Emerging tech influencing infosec regulations
In this Q&A, Monique Ferraro, cyber counsel for Munich Re's U.S. P&C Cyber and Privacy Risk Practice, discusses how drones and IoT are influencing information security regulations and the challenges that lawmakers face when developing these new cybersecurity rules. Read Now
-
Article
Evaluating Obama's $19B cybersecurity plan
President Obama unveiled a $19 billion national cybersecurity plan to address the cybersecurity skills shortage and mounting cyberthreats, but questions remain. Read Now
-
Article
FBI director: Encryption debate needs to be nuanced and thoughtful
While speaking at a symposium at the University of Texas at Austin, FBI Director James Comey explained why now is the time to engage in conversations about backdoor encryption policies. Read Now
-
Article
Burgeoning data threats intensify security info sharing debate
The federal government is encouraging cybersecurity info sharing to offset threats to data, but some businesses are worried that the data protection measures might infringe on privacy. Read Now
-
Article
Congress assesses blockchain security amid ransomware attacks
Legislators have begun examining cryptocurrencies and blockchain security amid growing instances of cybercrime, such as the ransomware attacks on NYT and BBC. Read Now
7The devil's in the data
Don't underestimate the importance of data analytics in your IT security strategy. In this section, learn how to best tap into analytics at your organization and what tools can help identify, monitor and ward off threats to data security.
-
Video
Information security monitoring, analytics for the digital age
The rising number of attacks has led to a big increase in cybersecurity intelligence data that can be analyzed to prevent future incidents. But rapidly advancing technology makes it hard to stay ahead of the curve. Watch Now
-
Article
Data-driven marketing fuels privacy, security concerns
As more organizations collect customer data to drive marketing strategies, it creates numerous data security and privacy concerns. Deborah Berebichez, chief data scientist at Metis, explains what steps organizations should take to offset these risks and how data scientists can help. Read Now
-
Photo Story
Advanced security analytics: Finding the best analytics tool
Next-gen security analytics tools provide proactive and responsive analysis of security events. Nemertes Research CEO Johna Till Johnson explains. View Now
8IT security strategy terms
-
Definition
CISO (chief information security officer)
The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. Read Now
-
Definition
information security (infosec)
Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Read Now
-
Definition
endpoint security management
Endpoint security management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources. Read Now
-
Definition
mobile device management (MDM)
Mobile device management is software that allows IT administrators to control, secure and enforce policies on smartphones, tablets and other endpoints. Read Now
-
Definition
mobile app security
Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and other criminals. Read Now
-
Definition
OPSEC (operational security)
OPSEC (operational security) is an analytical process that identifies assets such as sensitive corporate information or trade secrets, and determines the controls required to protect these assets. Read Now
-
Definition
data loss prevention (DLP)
Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer. Read Now
-
Definition
next-generation firewall (NGFW)
A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels. Read Now
-
Definition
Security as a Service (SaaS)
Security-as-a-service (SaaS) is an outsourcing model for security management. Typically, Security as a Service involves applications such as anti-virus software delivered over the Internet but the term can also refer to security management provided in-house by an external organization. Read Now
-
Definition
enterprise security governance
Enterprise security governance is a company's strategy to reduce risk by protecting systems and information, as well as its execution of that strategy. Read Now
-
Definition
risk management
Risk management is a company's process for identifying and controlling threats to its assets, including proprietary corporate data, customers' PII and intellectual property. Read Now