The management of information security is at something of a crossroads. On the one hand, CIOs and their security generals have perhaps never had as many targeted tools at their disposal, nor access to as much good advice from their peers and experts on how to avoid being the next victim of a data breach. But on the other hand, the aptitude of hackers seems to be increasing as well, with threats seemingly coming from both foreign and domestic criminals looking to attack via a multitude of channels, whether it's the latest tablet or smartphone, your newest Internet of Things-connected device, or a good old-fashioned, easily crackable password.
Is your organization managing information security in such a way that mitigates these new threats? In this CIO Essential Guide, we provide updates on the latest high-profile hacks and what lessons CIOs can draw, break down the importance of preemptive information security, and offer advice on how to secure the latest breed of technological advancements in the workplace.
This Essential Guide on managing information security is part of the CIO Briefings series, which is designed to give IT leaders strategic management and decision-making advice on timely topics.
When information security goes haywire
We've all heard the horror stories: Big-name brands including Apple, Target, Home Depot and Neiman Marcus have fallen prey to hackers, who have sniffed out vulnerabilities in their IT systems in order to exploit private customer information. But it's not all bad news: In these high-profile hacks lie useful lessons for CIOs looking to build a better culture around information security in their organizations, as the following pieces explore.
The very public iCloud breach provided CIOs with the opportunity to reinforce the importance of building a secure cloud culture and holding their vendors responsible for leaks. Continue Reading
When a gang of Russian hackers stole user information from 420,000 websites, it was sobering -- and also a sign that CIOs should push for improved technology and security compliance. Continue Reading
A defect discovered in one of the Internet's key security methods, OpenSSL, forced two-thirds of all websites to consider changes to better secure consumer information. Continue Reading
Despite organizations' increasing dedication to information security and awareness, there continues to be a startling number of gaps in many of their security systems. Continue Reading
Enterprises still reeling from Heartbleed had to turn their attention to the Bash shell bug, which many security experts called an even bigger deal than the OpenSSL vulnerability. Continue Reading
After more than 2.9 million customers' credit card information, as well as Adobe's source code for several software titles, were compromised, it became clear that somebody forgot to "lock the door." Continue Reading
Target's new CIO was formerly a senior information technology adviser for the U.S. Department of Homeland Security. The clarion call for CIOs? Reshaping roles and playing cyberoffense. Continue Reading
No matter who profits from a credit card data breach, the attack will cost companies big time -- and might even cost CIOs their jobs. Continue Reading
Hold off hackers and know your legal limitations
The following videos explain how an enterprise mind-set predicated on strong security and compliance policies helps fend off hackers.
In this video excerpt, Markley Group CTO Patrick Gilmore talks about why today's ideal security engineer is someone who is paranoid and aggressive and really liked to hack stuff as a teenager.
Having trouble gaining upper-level support for security plans? In this video, learn how to build a one-page security roadmap with a cascade approach.
In this Ask the Expert video, attorney Randy Sabett discusses the complications and legal limitations of an active cyberdefense strategy.
In this Ask the Expert video, security guru Eric Cowperthwaite explains predictive security intelligence and how to leverage it in the enterprise.
Managing information security proactively
When facing a threat-filled landscape, often the best way to fight back is to properly protect your organization in the first place. How can a CIO go on the offensive? In this section, we review proactive security strategies, including the key players and where CIOs should focus their planning prowess.
In these days of a breach a minute, a strong information security program is a competitive differentiator. Here's how CIOs and CISOs prove it. Continue Reading
The same remote access software that lets employees log on from anywhere has more insidious uses that hackers are exploiting. When should CIOs step in? Continue Reading
CTO Niel Nickolaisen's cybersecurity strategy hinges on working with experts who can shore up enterprise defenses, and ranking potential risks facing the organization. Continue Reading
Now that just about everything is hooked to the Internet, vulnerabilities are rapidly multiplying. As cyberthreats evolve, so too must the ways in which enterprises confront injurious attacks. Continue Reading
Emerging security considerations
Protecting your organization's information now assumes the management of various endpoints. Here are a few areas of note:
Tackle today's most pressing security challenges
Mobile security, Internet of Things security, application security, biometric security -- suffice it to say, today's enterprise security landscape and offerings are advancing at a rapid pace. In this section, experts and practitioners offer their take on keeping your organization on the cutting edge of new security products and strategies.
Gartner Analyst Mario de Boer discusses how to protect enterprise mobile collaboration efforts, including what constitutes an effective (or ineffective) security measure. Continue Reading
As enterprises seek to fend off a proliferation of data-driven cyberthreats, some IT executives are turning to decidedly old-school tools to protect their precious data. Continue Reading
Biometric security measures might not be mainstream -- yet -- but that didn't stop #CIOChat participants from weighing in on the prospects for biometric-scanning authentication. Continue Reading
While some security and risk professionals dismiss continuous improvement as fluffy, security leaders recognize CI as a powerful tool in their security arsenal, an analyst explains. Continue Reading
Does your information security strategy hack it in the digital age?
CISOs are among the group of IT executives earning the heftiest paychecks right now, and security managers saw a marked increase in compensation this year as well, according to the results of TechTarget's 2014 IT Salary and Careers Survey. And perhaps rightly so, as respondents once again pointed to information security as a top-three project area of focus.
As the demand for security expertise increases, never has it been more pressing for IT leaders to make sure their enterprise's security strategy is ready to face today's fierce breed of security challenges. Review some of our recent stories and take this quiz to see if your information security strategy is strong enough to handle today's digital curveballs.Test your security IQ