Essential Guide
Managing information security amid new threats: A guide for CIOs
Managing information security is no picnic when data breaches abound. In this Essential Guide, we prepare CIOs for the challenge.
Introduction
The management of information security is at something of a crossroads. On the one hand, CIOs and their security generals have perhaps never had as many targeted tools at their disposal, nor access to as much good advice from their peers and experts on how to avoid being the next victim of a data breach. But on the other hand, the aptitude of hackers seems to be increasing as well, with threats seemingly coming from both foreign and domestic criminals looking to attack via a multitude of channels, whether it's the latest tablet or smartphone, your newest Internet of Things-connected device, or a good old-fashioned, easily crackable password.
Is your organization managing information security in such a way that mitigates these new threats? In this CIO Essential Guide, we provide updates on the latest high-profile hacks and what lessons CIOs can draw, break down the importance of preemptive information security, and offer advice on how to secure the latest breed of technological advancements in the workplace.
This Essential Guide on managing information security is part of the CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics.
1Hacks ahoy!-
When information security goes haywire
We've all heard the horror stories: Big-name brands including Apple, Target, Home Depot and Neiman Marcus have fallen prey to hackers, who have sniffed out vulnerabilities in their IT systems in order to exploit private customer information. But it's not all bad news: In these high-profile hacks lie useful lessons for CIOs looking to build a better culture around information security in their organizations, as the following pieces explore.
Apple iCloud hack a prime opportunity to sell security culture
The very public iCloud breach provided CIOs with the opportunity to reinforce the importance of building a secure cloud culture and holding their vendors responsible for leaks. Continue Reading
How to take advantage of the hijack of 1.2 billion passwords
When a gang of Russian hackers stole user information from 420,000 websites, it was sobering -- and also a sign that CIOs should push for improved technology and security compliance. Continue Reading
With 'Heartbleed' strike, personal identifiable information is at risk
A defect discovered in one of the Internet's key security methods, OpenSSL, forced two-thirds of all websites to consider changes to better secure consumer information. Continue Reading
When Heartbleed hits the healthcare industry, patient data is compromised
Despite organizations' increasing dedication to information security and awareness, there continues to be a startling number of gaps in many of their security systems. Continue Reading
Bash shell bug: More perilous than Heartbleed, experts say
Enterprises still reeling from Heartbleed had to turn their attention to the Bash shell bug, which many security experts called an even bigger deal than the OpenSSL vulnerability. Continue Reading
Adobe's data security failings point to need for CIO vigilance
After more than 2.9 million customers' credit card information, as well as Adobe's source code for several software titles, were compromised, it became clear that somebody forgot to "lock the door." Continue Reading
New post-breach CIO at Target a security heavy-hitter
Target's new CIO was formerly a senior information technology adviser for the U.S. Department of Homeland Security. The clarion call for CIOs? Reshaping roles and playing cyberoffense. Continue Reading
As breaches multiply, CIOs might suffer the consequences
No matter who profits from a credit card data breach, the attack will cost companies big time -- and might even cost CIOs their jobs. Continue Reading
2Videos-
Hold off hackers and know your legal limitations
The following videos explain how an enterprise mind-set predicated on strong security and compliance policies helps fend off hackers.
Hacker mind-set a prereq for security engineers, says Markley CTO
In this video excerpt, Markley Group CTO Patrick Gilmore talks about why today's ideal security engineer is someone who is paranoid and aggressive and really liked to hack stuff as a teenager.
How to build a security roadmap with a cascade approach
Having trouble gaining upper-level support for security plans? In this video, learn how to build a one-page security roadmap with a cascade approach.
Active cyberdefense: What are the legal limitations?
In this Ask the Expert video, attorney Randy Sabett discusses the complications and legal limitations of an active cyberdefense strategy.
Predictive security intelligence: How it protects today's enterprise
In this Ask the Expert video, security guru Eric Cowperthwaite explains predictive security intelligence and how to leverage it in the enterprise.
CIO's guide to cybersecurity trends, skills, and hiring
Our data is being spread across more systems, devices, and applications than ever before, and security needs are changing quickly. Download this guide to keep your data secure.
3Pre-emptive security-
Managing information security proactively
When facing a threat-filled landscape, often the best way to fight back is to properly protect your organization in the first place. How can a CIO go on the offensive? In this section, we review proactive security strategies, including the key players and where CIOs should focus their planning prowess.
The best cyberdefense is a strong cyberoffense
If you're a CIO who still thinks that maintaining a strong cyberdefense is the best way to protect your enterprise, CIO expert Harvey Koeppel is delivering a wakeup call. Continue Reading
Information security: A competitive gain, not only a cost center
In these days of a breach a minute, a strong information security program is a competitive differentiator. Here's how CIOs and CISOs prove it. Continue Reading
Are CIOs partly to blame for a lack of proactive security strategy?
The same remote access software that lets employees log on from anywhere has more insidious uses that hackers are exploiting. When should CIOs step in? Continue Reading
Who's to blame for the presence of shadow apps?
The C-suite might shoulder some of the blame for shadow applications, given its focus on IT systems that rake in the dough. Also, we offer a rundown of security tools that pay off for CIOs. Continue Reading
A CTO stares down cyberthreats with a focus on risk profiling
CTO Niel Nickolaisen's cybersecurity strategy hinges on working with experts who can shore up enterprise defenses, and ranking potential risks facing the organization. Continue Reading
Cyberthreats are morphing; is your cyberstrategy following suit?
Now that just about everything is hooked to the Internet, vulnerabilities are rapidly multiplying. As cyberthreats evolve, so too must the ways in which enterprises confront injurious attacks. Continue Reading
4Glossary-
Emerging security considerations
Protecting your organization's information now assumes the management of various endpoints. Here are a few areas of note:
5Expert advice-
Tackle today's most pressing security challenges
Mobile security, Internet of Things security, application security, biometric security -- suffice it to say, today's enterprise security landscape and offerings are advancing at a rapid pace. In this section, experts and practitioners offer their take on keeping your organization on the cutting edge of new security products and strategies.
Is the Internet of Things a sign of Cybergeddon?
With the arrival of the IoT age, CIOs must consider how to protect a widened attack surface composed of newly Internet-connected devices. Continue Reading
What are the top tools for secure mobile collaboration?
Gartner Analyst Mario de Boer discusses how to protect enterprise mobile collaboration efforts, including what constitutes an effective (or ineffective) security measure. Continue Reading
Old-school security technologies take on new breed of threats
As enterprises seek to fend off a proliferation of data-driven cyberthreats, some IT executives are turning to decidedly old-school tools to protect their precious data. Continue Reading
The enterprise implications of biometric security measures and identification
Biometric security measures might not be mainstream -- yet -- but that didn't stop #CIOChat participants from weighing in on the prospects for biometric-scanning authentication. Continue Reading
How to eschew mobile application security snafus
The security minds behind some of the world's most well-known brands offer six tips for avoiding making mistakes around mobile application security. Continue Reading
Why is 'bring your own encryption' (BYOE) vital?
Forrester analyst James Staten explains the importance of the bring your own encryption (BYOE) in organizational cloud security efforts. Continue Reading
Continuous improvement key to effective enterprise security
While some security and risk professionals dismiss continuous improvement as fluffy, security leaders recognize CI as a powerful tool in their security arsenal, an analyst explains. Continue Reading
6Quiz-
Does your information security strategy hack it in the digital age?
CISOs are among the group of IT executives earning the heftiest paychecks right now, and security managers saw a marked increase in compensation this year as well, according to the results of TechTarget's 2014 IT Salary and Careers Survey. And perhaps rightly so, as respondents once again pointed to information security as a top-three project area of focus.
As the demand for security expertise increases, never has it been more pressing for IT leaders to make sure their enterprise's security strategy is ready to face today's fierce breed of security challenges. Review some of our recent stories and take this quiz to see if your information security strategy is strong enough to handle today's digital curveballs.
Test your security IQ
Start the conversation
0 comments