Essential Guide

Get started Bring yourself up to speed with our introductory content.

Managing information security amid new threats: A guide for CIOs

Managing information security is no picnic when data breaches abound. In this Essential Guide, we prepare CIOs for the challenge.


The management of information security is at something of a crossroads. On the one hand, CIOs and their security generals have perhaps never had as many targeted tools at their disposal, nor access to as much good advice from their peers and experts on how to avoid being the next victim of a data breach. But on the other hand, the aptitude of hackers seems to be increasing as well, with threats seemingly coming from both foreign and domestic criminals looking to attack via a multitude of channels, whether it's the latest tablet or smartphone, your newest Internet of Things-connected device, or a good old-fashioned, easily crackable password.

Is your organization managing information security in such a way that mitigates these new threats? In this CIO Essential Guide, we provide updates on the latest high-profile hacks and what lessons CIOs can draw, break down the importance of preemptive information security, and offer advice on how to secure the latest breed of technological advancements in the workplace.

This Essential Guide on managing information security is part of the CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics.

1Hacks ahoy!-

When information security goes haywire

We've all heard the horror stories: Big-name brands including Apple, Target, Home Depot and Neiman Marcus have fallen prey to hackers, who have sniffed out vulnerabilities in their IT systems in order to exploit private customer information. But it's not all bad news: In these high-profile hacks lie useful lessons for CIOs looking to build a better culture around information security in their organizations, as the following pieces explore.


Apple iCloud hack a prime opportunity to sell security culture

The very public iCloud breach provided CIOs with the opportunity to reinforce the importance of building a secure cloud culture and holding their vendors responsible for leaks. Continue Reading


How to take advantage of the hijack of 1.2 billion passwords

When a gang of Russian hackers stole user information from 420,000 websites, it was sobering -- and also a sign that CIOs should push for improved technology and security compliance. Continue Reading


With 'Heartbleed' strike, personal identifiable information is at risk

A defect discovered in one of the Internet's key security methods, OpenSSL, forced two-thirds of all websites to consider changes to better secure consumer information. Continue Reading


When Heartbleed hits the healthcare industry, patient data is compromised

Despite organizations' increasing dedication to information security and awareness, there continues to be a startling number of gaps in many of their security systems. Continue Reading


Bash shell bug: More perilous than Heartbleed, experts say

Enterprises still reeling from Heartbleed had to turn their attention to the Bash shell bug, which many security experts called an even bigger deal than the OpenSSL vulnerability. Continue Reading


Adobe's data security failings point to need for CIO vigilance

After more than 2.9 million customers' credit card information, as well as Adobe's source code for several software titles, were compromised, it became clear that somebody forgot to "lock the door." Continue Reading


New post-breach CIO at Target a security heavy-hitter

Target's new CIO was formerly a senior information technology adviser for the U.S. Department of Homeland Security. The clarion call for CIOs? Reshaping roles and playing cyberoffense. Continue Reading


As breaches multiply, CIOs might suffer the consequences

No matter who profits from a credit card data breach, the attack will cost companies big time -- and might even cost CIOs their jobs. Continue Reading


Hold off hackers and know your legal limitations

The following videos explain how an enterprise mind-set predicated on strong security and compliance policies helps fend off hackers.


Hacker mind-set a prereq for security engineers, says Markley CTO

In this video excerpt, Markley Group CTO Patrick Gilmore talks about why today's ideal security engineer is someone who is paranoid and aggressive and really liked to hack stuff as a teenager.


How to build a security roadmap with a cascade approach

Having trouble gaining upper-level support for security plans? In this video, learn how to build a one-page security roadmap with a cascade approach.


Active cyberdefense: What are the legal limitations?

In this Ask the Expert video, attorney Randy Sabett discusses the complications and legal limitations of an active cyberdefense strategy.


Predictive security intelligence: How it protects today's enterprise

In this Ask the Expert video, security guru Eric Cowperthwaite explains predictive security intelligence and how to leverage it in the enterprise.

3Pre-emptive security-

Managing information security proactively

When facing a threat-filled landscape, often the best way to fight back is to properly protect your organization in the first place. How can a CIO go on the offensive? In this section, we review proactive security strategies, including the key players and where CIOs should focus their planning prowess.


The best cyberdefense is a strong cyberoffense

If you're a CIO who still thinks that maintaining a strong cyberdefense is the best way to protect your enterprise, CIO expert Harvey Koeppel is delivering a wakeup call. Continue Reading


Information security: A competitive gain, not only a cost center

In these days of a breach a minute, a strong information security program is a competitive differentiator. Here's how CIOs and CISOs prove it. Continue Reading


Are CIOs partly to blame for a lack of proactive security strategy?

The same remote access software that lets employees log on from anywhere has more insidious uses that hackers are exploiting. When should CIOs step in? Continue Reading


Who's to blame for the presence of shadow apps?

The C-suite might shoulder some of the blame for shadow applications, given its focus on IT systems that rake in the dough. Also, we offer a rundown of security tools that pay off for CIOs. Continue Reading


A CTO stares down cyberthreats with a focus on risk profiling

CTO Niel Nickolaisen's cybersecurity strategy hinges on working with experts who can shore up enterprise defenses, and ranking potential risks facing the organization. Continue Reading


Cyberthreats are morphing; is your cyberstrategy following suit?

Now that just about everything is hooked to the Internet, vulnerabilities are rapidly multiplying. As cyberthreats evolve, so too must the ways in which enterprises confront injurious attacks. Continue Reading


Emerging security considerations

Protecting your organization's information now assumes the management of various endpoints. Here are a few areas of note:

5Expert advice-

Tackle today's most pressing security challenges

Mobile security, Internet of Things security, application security, biometric security -- suffice it to say, today's enterprise security landscape and offerings are advancing at a rapid pace. In this section, experts and practitioners offer their take on keeping your organization on the cutting edge of new security products and strategies.


Is the Internet of Things a sign of Cybergeddon?

With the arrival of the IoT age, CIOs must consider how to protect a widened attack surface composed of newly Internet-connected devices. Continue Reading


What are the top tools for secure mobile collaboration?

Gartner Analyst Mario de Boer discusses how to protect enterprise mobile collaboration efforts, including what constitutes an effective (or ineffective) security measure. Continue Reading


Old-school security technologies take on new breed of threats

As enterprises seek to fend off a proliferation of data-driven cyberthreats, some IT executives are turning to decidedly old-school tools to protect their precious data. Continue Reading


The enterprise implications of biometric security measures and identification

Biometric security measures might not be mainstream -- yet -- but that didn't stop #CIOChat participants from weighing in on the prospects for biometric-scanning authentication. Continue Reading


How to eschew mobile application security snafus

The security minds behind some of the world's most well-known brands offer six tips for avoiding making mistakes around mobile application security. Continue Reading


Why is 'bring your own encryption' (BYOE) vital?

Forrester analyst James Staten explains the importance of the bring your own encryption (BYOE) in organizational cloud security efforts. Continue Reading


Continuous improvement key to effective enterprise security

While some security and risk professionals dismiss continuous improvement as fluffy, security leaders recognize CI as a powerful tool in their security arsenal, an analyst explains. Continue Reading


Does your information security strategy hack it in the digital age?

CISOs are among the group of IT executives earning the heftiest paychecks right now, and security managers saw a marked increase in compensation this year as well, according to the results of TechTarget's 2014 IT Salary and Careers Survey. And perhaps rightly so, as respondents once again pointed to information security as a top-three project area of focus.

As the demand for security expertise increases, never has it been more pressing for IT leaders to make sure their enterprise's security strategy is ready to face today's fierce breed of security challenges. Review some of our recent stories and take this quiz to see if your information security strategy is strong enough to handle today's digital curveballs.

Test your security IQ

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.