Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Information security policies and practices for CIOs

The right information security policies and practices can keep your company's IT network secure and safe from the seemingly infinite number of threats via the Internet.

The right information security policies and practices can keep your company's IT network secure, safe from the seemingly infinite number of threats via the Internet. This CIO Briefing offers guidance and support for CIOs on setting policies to address three of the most pressing information security issues of the day: mobile device management, social media risk and cloud computing.

This CIO Briefing is part of the SearchCIO.com CIO Briefing series, which is designed to give IT leaders strategic guidance and advice that addresses the management and decision-making aspects of timely topics. For a complete list of topics covered to date visit the CIO Briefing section.

Table of contents

Mobile device security policies

Table of Contents

Whether IT departments like it or not, employees are bringing their iPhones and iPads, Android-based devices and BlackBerrys into the enterprise. If you can't beat 'em, join 'em -- the onus is on IT to establish mobile phone security policies to control the proliferation of smart mobile devices.

"Execs are gadget geeks," said Wes Baker, virtualization architect at Jewelry Television Inc. in Knoxville, Tenn. While executives have been after their IT departments for years to provide mobile devices, rogue rank-and-file employees increasingly are transferring work data onto a portable format that frees them from the office, he said.

And who can blame them, when the Internet and its satellites make it possible to tick off to-do lists on the run? Or on the walk to work? Or while walking the dog? "People want to be productive," said James Ainslie, chief technology officer at SMMT Online (Pty) Ltd. in Johannesburg, South Africa. "In today's economic climate, people can't afford to be separated from their information."

Learn more in "Mobile phone security policies give IT some control over the influx." Also:

  • Mobile data security spans policies, budgets and backups
    A proliferation of mobile devices in the enterprise forces CIOs to reassess policies, budgets and backups for mobile data security.
  • Mobile device management in the workplace: A guide for CIOs
    Mobile devices enable flexibility previously unimaginable in the workplace, but they carry concerns about security and compliance. Learn more in our mobile device management guide.

Social media security concerns

Table of Contents

Boston Medical Center (BMC), a private hospital center affiliated with Boston University, blocks access to all social media websites using security software from Websense Inc. Users who attempt to use such sites as Facebook, YouTube or Twitter are shown a page indicating that their destination is off-limits. Nevertheless, the debate about whether to open up access to such sites or to keep blocking them remains contentious.

In fact, the discussion comes up "practically on a daily basis," said Brad Blake, director of IT at BMC. "As you can imagine, we have a lot of users who want access to these sites, but for a variety of reasons we do not feel comfortable opening them."

If BMC created a Facebook account and asked its patients to be friends, "that would constitute a security breach," Blake said. "Our senior management has felt it easier just to block these sites rather than trying to police and manage them."

Learn more in "CIOs weigh use of social media against security concerns." Also:

Cloud computing security issues

Table of Contents

Public cloud computing risks are numerous enough to field a top 10 -- or even more. Professional organizations and CIOs are developing threat lists to help them come to grips with the public cloud, an entity that will continue to seep into the enterprise IT environment whether they like it or not.

Some lists of top public cloud computing risks are sweeping and philosophical, such as the Top Threats to Cloud Computing, v.1.0, developed by the Cloud Security Alliance. Most include some combination of 10 items.

Get the list in "Advice for dealing with the top 10 risks in public cloud computing." Also:

More resources

Table of Contents

Dig Deeper on Enterprise information security management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.