BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Managing information security amid new threats: A guide for CIOs
-
Article
Apple iCloud hack a prime opportunity to sell security culture
The very public iCloud breach provided CIOs with the opportunity to reinforce the importance of building a secure cloud culture and holding their vendors responsible for leaks. Read Now
-
Article
How to take advantage of the hijack of 1.2 billion passwords
When a gang of Russian hackers stole user information from 420,000 websites, it was sobering -- and also a sign that CIOs should push for improved technology and security compliance. Read Now
-
Article
With 'Heartbleed' strike, personal identifiable information is at risk
A defect discovered in one of the Internet's key security methods, OpenSSL, forced two-thirds of all websites to consider changes to better secure consumer information. Read Now
-
Article
When Heartbleed hits the healthcare industry, patient data is compromised
Despite organizations' increasing dedication to information security and awareness, there continues to be a startling number of gaps in many of their security systems. Read Now
Editor's note
The management of information security is at something of a crossroads. On the one hand, CIOs and their security generals have perhaps never had as many targeted tools at their disposal, nor access to as much good advice from their peers and experts on how to avoid being the next victim of a data breach. But on the other hand, the aptitude of hackers seems to be increasing as well, with threats seemingly coming from both foreign and domestic criminals looking to attack via a multitude of channels, whether it's the latest tablet or smartphone, your newest Internet of Things-connected device, or a good old-fashioned, easily crackable password.
Is your organization managing information security in such a way that mitigates these new threats? In this CIO Essential Guide, we provide updates on the latest high-profile hacks and what lessons CIOs can draw, break down the importance of preemptive information security, and offer advice on how to secure the latest breed of technological advancements in the workplace.
This Essential Guide on managing information security is part of the CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics.
1Hold off hackers and know your legal limitations
The following videos explain how an enterprise mind-set predicated on strong security and compliance policies helps fend off hackers.
-
Video
Hacker mind-set a prereq for security engineers, says Markley CTO
In this video excerpt, Markley Group CTO Patrick Gilmore talks about why today's ideal security engineer is someone who is paranoid and aggressive and really liked to hack stuff as a teenager. Watch Now
-
Video
How to build a security roadmap with a cascade approach
Having trouble gaining upper-level support for security plans? In this video, learn how to build a one-page security roadmap with a cascade approach. Watch Now
-
Video
Active cyberdefense: What are the legal limitations?
In this Ask the Expert video, attorney Randy Sabett discusses the complications and legal limitations of an active cyberdefense strategy. Watch Now
-
Video
Predictive security intelligence: How it protects today's enterprise
In this Ask the Expert video, security guru Eric Cowperthwaite explains predictive security intelligence and how to leverage it in the enterprise. Watch Now
2Managing information security proactively
When facing a threat-filled landscape, often the best way to fight back is to properly protect your organization in the first place. How can a CIO go on the offensive? In this section, we review proactive security strategies, including the key players and where CIOs should focus their planning prowess.
-
Article
The best cyberdefense is a strong cyberoffense
If you're a CIO who still thinks that maintaining a strong cyberdefense is the best way to protect your enterprise, CIO expert Harvey Koeppel is delivering a wakeup call. Read Now
-
Article
Information security: A competitive gain, not only a cost center
In these days of a breach a minute, a strong information security program is a competitive differentiator. Here's how CIOs and CISOs prove it. Read Now
-
Article
Are CIOs partly to blame for a lack of proactive security strategy?
The same remote access software that lets employees log on from anywhere has more insidious uses that hackers are exploiting. When should CIOs step in? Read Now
-
Article
Who's to blame for the presence of shadow apps?
The C-suite might shoulder some of the blame for shadow applications, given its focus on IT systems that rake in the dough. Also, we offer a rundown of security tools that pay off for CIOs. Read Now
-
Article
A CTO stares down cyberthreats with a focus on risk profiling
CTO Niel Nickolaisen's cybersecurity strategy hinges on working with experts who can shore up enterprise defenses, and ranking potential risks facing the organization. Read Now
-
Article
Cyberthreats are morphing; is your cyberstrategy following suit?
Now that just about everything is hooked to the Internet, vulnerabilities are rapidly multiplying. As cyberthreats evolve, so too must the ways in which enterprises confront injurious attacks. Read Now
3Emerging security considerations
Protecting your organization's information now assumes the management of various endpoints. Here are a few areas of note:
-
Definition
Application security
Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Once an afterthought in software design, security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats. Read Now
-
Definition
Cloud computing security
Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use. Read Now
-
Definition
Context-aware security
Context-aware security is the use of situational information (such as identity, location, time of day or type of endpoint device) to improve information security decisions. Read Now
-
Definition
Information security
Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Read Now
-
Definition
Internet of Things security
IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT). Read Now
-
Definition
mobile app security
Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and other criminals. Read Now
4Tackle today's most pressing security challenges
Mobile security, Internet of Things security, application security, biometric security -- suffice it to say, today's enterprise security landscape and offerings are advancing at a rapid pace. In this section, experts and practitioners offer their take on keeping your organization on the cutting edge of new security products and strategies.
-
Article
Is the Internet of Things a sign of Cybergeddon?
With the arrival of the IoT age, CIOs must consider how to protect a widened attack surface composed of newly Internet-connected devices. Read Now
-
Article
What are the top tools for secure mobile collaboration?
Gartner Analyst Mario de Boer discusses how to protect enterprise mobile collaboration efforts, including what constitutes an effective (or ineffective) security measure. Read Now
-
Article
Old-school security technologies take on new breed of threats
As enterprises seek to fend off a proliferation of data-driven cyberthreats, some IT executives are turning to decidedly old-school tools to protect their precious data. Read Now
-
Article
The enterprise implications of biometric security measures and identification
Biometric security measures might not be mainstream -- yet -- but that didn't stop #CIOChat participants from weighing in on the prospects for biometric-scanning authentication. Read Now
-
Article
How to eschew mobile application security snafus
The security minds behind some of the world's most well-known brands offer six tips for avoiding making mistakes around mobile application security. Read Now
-
Article
Why is 'bring your own encryption' (BYOE) vital?
Forrester analyst James Staten explains the importance of the bring your own encryption (BYOE) in organizational cloud security efforts. Read Now
-
Article
Continuous improvement key to effective enterprise security
While some security and risk professionals dismiss continuous improvement as fluffy, security leaders recognize CI as a powerful tool in their security arsenal, an analyst explains. Read Now
5Does your information security strategy hack it in the digital age?
CISOs are among the group of IT executives earning the heftiest paychecks right now, and security managers saw a marked increase in compensation this year as well, according to the results of TechTarget's 2014 IT Salary and Careers Survey. And perhaps rightly so, as respondents once again pointed to information security as a top-three project area of focus.
As the demand for security expertise increases, never has it been more pressing for IT leaders to make sure their enterprise's security strategy is ready to face today's fierce breed of security challenges. Review some of our recent stories and take this quiz to see if your information security strategy is strong enough to handle today's digital curveballs.