Enterprise information security management

The challenges of information security management include regulatory compliance, risk management, information security standards, security frameworks, disaster recovery and more. In many IT organizations, the CIO or CSO is responsible for the information security management of the company. Find the latest information security management information for CIOs, including news, tips and other resources, here in this topic section.

Top Stories

Feature 01 Jun 2023
7 must-have blockchain developer skills

Successfully navigating the many roles and responsibilities of a blockchain developer requires specialized skills ranging from cryptography, to smart contracts, to web development. Continue Reading
Feature 03 Mar 2023
12 top enterprise risk management trends in 2023

The 2023 trends that are reshaping the risk management landscape include GRC platforms, maturity frameworks, risk appetite statements and the CIO's critical role in promoting ERM. Continue Reading

Feature 24 Feb 2023

6 must-read blockchain books for 2023

Numerous sources provide comprehensive information on blockchain fundamentals and applications. We narrowed the field to six of the most popular and diverse books available. Continue Reading
Tip 23 Jan 2023

4 tips to find cyber insurance coverage in 2023

The cyber insurance industry is settling down but isn't without challenges. Read up on cyber insurance in 2023 and how to get the most from your organization's coverage this year. Continue Reading
Feature 28 Dec 2022

8 top blockchain certification courses to pursue in 2023

Numerous blockchain certification courses are available for beginners and seasoned professionals, so we narrowed the field to some of the more diverse and comprehensive programs. Continue Reading
Feature 08 Nov 2022

How to build a shadow IT policy to reduce risks, with template

With a shadow IT policy in place, organizations reduce security risks from unapproved applications and services that employees introduce independently. Continue Reading
Feature 28 Jul 2022

How to secure data at rest, in use and in motion

With internal and external cyber threats on the rise, check out these tips to best protect and secure data at rest, in use and in motion. Continue Reading
Feature 12 Oct 2021

9 common risk management failures and how to avoid them

As enterprises rework their business models to meet the challenges ushered in by the pandemic, risks abound. Here are nine risk management failures to look out for. Continue Reading
Feature 12 Oct 2021

Traditional vs. enterprise risk management: How do they differ?

Traditional risk management and enterprise risk management are similar in their aim to mitigate risks that can harm a company. But there are important differences between the two. Continue Reading
Feature 12 Oct 2021

7 risk mitigation strategies to protect business operations

Enterprises facing a multitude of threats and vulnerabilities have several options to identify, manage and mitigate risks, including risk acceptance, avoidance and transference. Continue Reading
Feature 12 Oct 2021

4 basic types of business risks in the enterprise

As part of enterprise risk management, companies can mitigate many types of business risks by focusing on the underlying factors of people, processes, technologies and facilities. Continue Reading
Feature 12 Oct 2021

Implementing an enterprise risk management framework

A well-designed, all-inclusive ERM framework provides enterprises with a playbook to avert corporate disasters, generate competitive advantages and create business opportunities. Continue Reading
Feature 12 Oct 2021

Enterprise risk management team: Roles and responsibilities

Every facet of an enterprise's operations is exposed to risk, requiring an all-encompassing risk management team composed of a diverse mix of corporate executives and managers. Continue Reading
Tip 30 Sep 2021

How to create a ransomware incident response plan

A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
Tip 20 Sep 2021

Should companies pay after ransomware attacks? Is it illegal?

It's not a question of whether a company will fall prey to ransomware, but when. Executives should focus on deciding to pay or not pay the ransom and on any legal fallout. Continue Reading
News 14 Jun 2021

Federal data privacy legislation could benefit U.S. economy

Data privacy laws are becoming part of a 'modern economy,' according to Google's Kate Charlet, director for data governance. Continue Reading
Feature 01 Jun 2021

Today's blockchain use cases and industry applications

Though far from a mature technology, blockchain is gaining prominence as a sound and highly secure method of conducting myriad transactions in multiple applications and industries. Continue Reading
Feature 28 May 2021

Inept cybersecurity education and training feed into skills gap

Learn why former infosec instructor and author of 'How Cybersecurity Really Works' advocates for changes to security education and training to alleviate the industry skills gap. Continue Reading
Tip 20 May 2021

Create a remote access security policy with this template

The expansion of remote work has created complicated security risks. Get help developing and updating a remote access security policy. Download our free template to get started. Continue Reading
Feature 20 May 2021

4 ways to handle the cybersecurity skills shortage in 2021

More than half of cybersecurity pros say their organizations could do more to manage negative effects of the skills shortage, such as overwork and burnout. Find out how. Continue Reading
Feature 06 May 2021

6 ways to spur cybersecurity board engagement

New research suggests corporate boards are paying closer attention to cybersecurity, but experts say progress is still modest and slow. Continue Reading
Quiz 30 Apr 2021

Security awareness training quiz: Insider threat prevention

Find out how much you know about preventing user-caused cybersecurity incidents through education in this security awareness training quiz for infosec pros. Continue Reading
Guest Post 28 Apr 2021

Cybersecurity key to protect brands in the digital landscape

The digital transformation disrupted the relationship between brand value and risk. Vishal Salvi explains how the right cybersecurity strategy protects both brands and customers. Continue Reading
Feature 15 Apr 2021

Managing cybersecurity during the pandemic and in the new digital age

Roota Almeida, CISO at Delta Dental of New Jersey and Delta Dental of Connecticut, talks about the cybersecurity threats she's seen over the last year and how she's effectively managing her security team. Continue Reading
Quiz 14 Apr 2021

Sample CCISO exam questions on security project management

This excerpt of 'CCISO Certified Chief Information Security Officer All-In-One Exam Guide' explains security project management fundamentals and provides practice CCISO exam questions. Continue Reading
Feature 14 Apr 2021

CCISO exam guide authors discuss the changing CISO role

Learn more about EC-Council's Certified CISO exam and how the certification helps CISOs at any organization manage successful infosec programs and a changing threat landscape. Continue Reading
Guest Post 06 Apr 2021

6 ways to prevent insider threats every CISO should know

Too often, organizations focus exclusively on external risks to security. Infosec expert Nabil Hannan explains what CISOs can do to effectively assess and prevent insider threats. Continue Reading
Feature 01 Mar 2021

Malware researcher speculates on the future of ransomware

Abhijit Mohanta, author of 'Preventing Ransomware,' opines on the future of ransomware and discusses why this attack is favored among cybercriminals. Continue Reading
Feature 29 Jan 2021

The case for applying psychology in cybersecurity training

Chartered psychologist Rebecca McKeown describes how psychology in cybersecurity can improve incident response and makes the case for a research-based approach to training. Continue Reading
Feature 08 Jan 2021

2021 IT priorities require security considerations

AI, IoT and 5G are among the top IT priorities for CIOs and CTOs in 2021. Is your team prepared to address each tech's security needs? Continue Reading
Feature 29 Dec 2020

Editor's picks: Top cybersecurity articles of 2020

As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months. Continue Reading
Tip 30 Oct 2020

Benefits of virtual SOCs: Enterprise-run vs. fully managed

A virtual security operations center, be it managed in-house or by a third party, is becoming an increasingly popular option to save money and improve reliability. Continue Reading
Tip 30 Sep 2020

Microsoft 365 E3 vs. Office 365 E3: What admins need to know

The rumors of Office 365's death have been greatly exaggerated. Microsoft still offers an Office 365 E3 plan, but how does it stack up to the Microsoft 365 E3 plan? Continue Reading
Opinion 18 Sep 2020

Trump's dangerous US TikTok ban

President Trump's U.S. TikTok ban over national security is resting on a vague foundation. The concern can be applied to multiple industries and products. Continue Reading
Tip 02 Sep 2020

How to ensure cybersecurity and business continuity plans align

We're diving into how and why organizations should have a collection of emergency-focused plans in place that can interact with each other if a cybersecurity attack occurs. Continue Reading
Tip 24 Aug 2020

The 7 elements of an enterprise cybersecurity culture

An effective 'human firewall' can prevent or mitigate many of the threats enterprises face today. Adopt these seven elements of a culture of cybersecurity to defend against risks. Continue Reading
Tip 20 Aug 2020

Shore up defenses with help from Office 365 logs

Logging on Microsoft's productivity platform used in conjunction with other tools can form an effective shield from malicious actors looking to find a way into your organization. Continue Reading
Feature 19 Aug 2020

How to maintain cybersecurity remotely during the pandemic

In the second 2020 MIT Sloan CIO Digital Learning Series, a panel of IT security leaders discussed how they are keeping their organizations secure in a COVID-19 environment. Continue Reading
Guest Post 06 Aug 2020

The contradiction of post COVID-19 risk management

Security vs. usability is always a constant struggle for security teams. The rapid change to remote access during the pandemic has forced companies to revisit their risk management approach. Continue Reading
Feature 24 Jul 2020

3 types of phishing attacks and how to prevent them

Phishing is the most common type of social engineering attack. Here is a list of the most common phishing attacks, how they wreak havoc on a business and how to protect against them. Continue Reading
Tip 21 Jul 2020

Why IT leaders need to be aware of deepfake security risks

While IT security leaders are not yet the target of deepfake attacks, with the increased use of AI, it's important they consider how it can be of harm to the enterprise. Continue Reading
Tip 02 Jul 2020

Learn to configure Office 365 alerts and other security features

More users are working from home, which makes them tempting targets for malicious actors. Take the time to fortify your environment by deploying Office 365 protections. Continue Reading
Answer 16 Jun 2020

6 key identity and access management benefits

Identity and access management is beneficial not just for users, security and IT admins, but also enterprises as a whole. Read up on the six key advantages of an IAM framework. Continue Reading
Feature 04 May 2020

Former White House CIO talks cybersecurity risk mitigation

Cybersecurity expert Theresa Payton provides critical insight on current cybersecurity threats CIOs should be looking out for and how to prepare for them during and after the pandemic. Continue Reading
Tip 24 Jan 2020

How IoT, 5G, RPA and AI are opening doors to cybersecurity threats

In the second part of a series on CIOs preparing for cyberthreats in 2020, we look at how emerging technologies like IoT and the cloud became vulnerable to cyberattacks in the last year. Continue Reading
Tip 14 Jan 2020

Preparing for the new forms of cybersecurity threats in 2020

In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being targeted today and why CIOs should be prepared. Continue Reading
Feature 17 Dec 2019

Data breach risk factors, response model, reporting and more

Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner. Continue Reading
Feature 14 Nov 2019

Don't let edge computing security concerns derail your plans

Security concerns give many IT organizations pause when considering edge computing. But the potential problems can be overcome with proper planning and diligence. Continue Reading
Tip 12 Nov 2019

Risk-based digital identity benefits CIOs, CMOs and customers

Asking customers to reaffirm their digital identities by sharing private information undermines CX and data security. Instead, use a risk-based approach to digital identity. Continue Reading
Feature 04 Nov 2019

Why a CISO-CIO reporting structure undermines security

The CISO-CIO reporting structure comes with a serious conflict of interest, argues cybersecurity expert Tarah Wheeler. Here's why. Continue Reading
Tip 03 Oct 2019

Challenges vs. benefits of edge computing security

Organizations moving more compute to the edges of their networks must adjust how they protect and govern their data and devices. But what should you expect along the way? Continue Reading
Tip 12 Aug 2019

New class of cloud security suite promises next-gen protection

Nemertes analyst John Burke points CIOs to a new type of cloud security offering that combines the functions of VPN, cloud firewall, secure web gateway and cloud access security broker. Continue Reading
Feature 23 Jul 2019

Portrait of a CISO: Roles and responsibilities

Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Continue Reading
Feature 26 Jun 2019

Build a proactive cybersecurity approach that delivers

Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading
Feature 25 Jun 2019

Enterprises need to plan for deepfake technology

Politicians and Hollywood stars aren't the only ones at risk: Enterprises need to understand the dangers deepfakes pose to their brands and employees. Here's a primer. Continue Reading
Feature 07 Jun 2019

Build a digital transformation strategy with software at its core

What is a winning digital transformation strategy? For many companies, it starts with an overhaul of their software environments. Our comprehensive guide explains how it's done. Continue Reading
News 31 May 2019

Early stage companies look to help CIOs fix software development

The early stage companies honored at this year's MIT Sloan CIO Symposium take aim at one of digital transformation's biggest pain points: the slow pace of software development. Continue Reading
News 21 May 2019

Surveillance technology under fire, amid growing societal concerns

As San Francisco halts city use of facial recognition technology, CIOs could see more regulatory actions against surveillance technology -- and more limits on their use of data. Continue Reading
News 17 May 2019

Trump's move to ban Huawei a wake-up call for IT execs

The Trump administration's move to effectively ban Huawei products from U.S. networks has big implications for IT execs in charge of supply chain sourcing and security. Continue Reading
News 25 Feb 2019

UNICEF investment in 6 blockchain startups extends mission

UNICEF's investment in blockchain startups extends its mission and also underscores the particularity of scenarios where blockchain promises to be the optimal solution. Continue Reading
News 18 Feb 2019

Accenture predicts post-digital age where trust is the differentiator

The latest Accenture Technology Vision report calls out 'DARQ' technologies as the new must-have for CIOs and underscores the importance of building digital trust. Continue Reading
News 18 Jan 2019

CIO role: Should a CIO manipulate information?

IT experts react to yesterday's report in the Wall Street Journal that a CIO used his private company to manipulate online polling data. What's that say about the CIO role? Continue Reading
Feature 31 Dec 2018

Learning from 2018 cybersecurity incidents: Perform due diligence

Cybersecurity incidents continued to plague companies in 2018. Experts weigh in on the lessons learned and consumer responses to the largest information security breaches of the year. Continue Reading
Feature 19 Dec 2018

2018 articles spotlight innovation's cybersecurity and compliance risk

The top 2018 cybersecurity and compliance articles make a few things clear: digitization increases risk and requires innovative strategies to protect against evolving data threats. Continue Reading
Opinion 03 Dec 2018

Marcus Ranum: Systems administration is in the 'crosshairs'

After years of spirited debates and top-notch interviews, columnist Marcus Ranum is signing (sounding?) off with some final thoughts on the future of security. Continue Reading
Opinion 03 Dec 2018

Ron Green: Keeping the payment ecosystem safe for Mastercard

"We have invested a billion dollars over the last couple of years just in security," says Ron Green, Mastercard's chief of security, who joined the company in 2014. Continue Reading
Feature 03 Dec 2018

IAM system strategy identifies metrics that work for business

Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading
Infographic 03 Dec 2018

Still no answers to endpoint security protection, survey finds

The frequency of endpoint attacks is on the rise, with 76% of IT security professionals reporting that their organization was compromised by new or zero-day (unknown) exploits. Continue Reading
Feature 03 Dec 2018

Threat hunting techniques move beyond the SOC

Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated. Continue Reading
Opinion 03 Dec 2018

The threat hunting process is missing the human element

Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt? Continue Reading
Feature 30 Nov 2018

The future of data security threats and protection in the enterprise

The future of data security faces new threats at an ever-increasing rate. Read one expert's advice on having a data security strategy to assess and manage enterprise data security. Continue Reading
News 24 Oct 2018

Cybersecurity culture: Arrow in CIOs' quiver to fight cyberthreats

Who should own your cybersecurity culture? How can we protect rampant IoT devices? MIT Sloan researchers clued CIOs into their latest research at Tuesday's SIM Boston Summit. Continue Reading
Tip 24 Oct 2018

Guide to identifying and preventing OSI model security risks: Layers 4 to 7

Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7. Continue Reading
Tip 24 Oct 2018

How security, compliance standards prevent OSI layer vulnerabilities

Each layer of the Open Systems Interconnection presents unique -- but connected -- vulnerabilities. Here's how to establish OSI security and compliance best practices. Continue Reading
News 22 Oct 2018

ISSA International Conference 2018: Implement DoD-level security

The ISSA International 2018 Conference offers solutions for complicated privacy risks, and consultant Jeffrey Man counsels execs to take the DoD's approach to security maintenance. Continue Reading
News 19 Oct 2018

(ISC)2: Cybersecurity workforce shortage nears 3 million worldwide

With a workforce in short supply, the skills gap has affected the professional growth of security pros worldwide, an (ISC)2 Cybersecurity Workforce Study found. Continue Reading
Feature 19 Oct 2018

Technology risks: What CIOs should know and steps they can take

Adopting new tech helps businesses thrive, but CIOs must be aware of accompanying risks. Experts sound off on how new tech continues to muddle the cybersecurity threat landscape. Continue Reading
News 09 Oct 2018

At (ISC)² Security Congress 2018, a congressman calls for action

Rep. Cedric Richmond (D-La.) outlined three key strategies for addressing cybersecurity policy and workforce gaps. Continue Reading
News 08 Oct 2018

(ISC)² Security Congress 2018 tackles industry challenges

Professional development will take center stage this week at the eighth annual (ISC)² Security Congress. Continue Reading
News 04 Oct 2018

Lessons learned from the Facebook security breach

As details about the Facebook data breach continue to emerge, experts sound off on what companies can do to secure what has become a prime target for hackers: user account data. Continue Reading
Infographic 02 Oct 2018

Beware of the gray hat hacker, survey warns

Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities. Continue Reading
Feature 02 Oct 2018

Cloud-first? User and entity behavior analytics takes flight

The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud. Continue Reading
Opinion 02 Oct 2018

Kurt Huhn discusses the role of CISO in the Ocean State

A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO. Continue Reading
Feature 28 Sep 2018

Teramind CTO talks insider threat prevention, employee monitoring

A fear of insider threats on Wall Street led one software engineer to start his own security company. Continue Reading
Blog Post 29 Aug 2018

Cybersecurity education: North Dakota preps future workforce

North Dakota's CIO is behind a cybersecurity education program that aims to get the state's students up to speed on the essentials of IT security. Continue Reading
Feature 21 Aug 2018

Implementing machine learning to keep Facebook user data safe

Facebook Director of Security Aanchal Gupta shares how the social media giant is implementing machine learning in security to ensure user data is safe on its platform. Continue Reading
Feature 17 Aug 2018

Facebook cybersecurity: How the company is building a diverse team

Facebook director of security Aanchal Gupta sounds off on the need for diverse security teams and gives an overview of how the social media giant is working to make it happen. Continue Reading
Feature 16 Aug 2018

OneLogin security chief delivers new security model

How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus. Continue Reading
Feature 16 Aug 2018

How to scale security: An inside look at how Facebook does it

Facebook director of security Aanchal Gupta sounds off on how the social media giant uses automation to scale security and highlights its best practices and key focus areas. Continue Reading
Feature 13 Aug 2018

10 unified access management questions for OneLogin CSO Justin Calmus

Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job? Continue Reading
Opinion 13 Aug 2018

Google's 'My Activity' data: Avoiding privacy and compliance risk

Google's Activity Controls create privacy and compliance risks for organizations, as well as a potential gold mine for social engineering hacks. Here's how to avoid those threats. Continue Reading
News 10 Aug 2018

Improving CISO-board communication: Partnership, metrics essential

With data breaches threatening the bottom line, CISO-board partnership is crucial. A new report by Kudelski Security looks at how to improve security communication with the board. Continue Reading
Blog Post 07 Aug 2018

Machine learning, AI in security: Advancing the cybersecurity landscape

More companies today are investing in AI-based cybersecurity technology to speed up incident detection and response, to better identify and communicate risk to the business, and to gain a better ... Continue Reading
Opinion 01 Aug 2018

Fannie Mae CISO calls for more data on security incidents

Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender. Continue Reading
Feature 01 Aug 2018

Container security tools pump up the platform

Startups are developing technologies that fill in some of the security gaps, including better controls for container orchestration. Continue Reading
Survey 01 Aug 2018

Not enough information security analysts, despite higher wages

Survey data on global skills shortages does not show significant changes, even as companies turn to strategies such as security automation to make security teams more efficient. Continue Reading
Feature 01 Aug 2018

Overwhelmed by security data? Science to the rescue

Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives. Continue Reading
Opinion 01 Aug 2018

Why third-party access to data may come at a price

Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners. Continue Reading
News 27 Jul 2018

Cybersecurity and physical security: Key for 'smart' venues

With sustainability being a huge driver of modern business development, protecting consumers' cyber- and physical security is an essential element when designing smart cities and venues. Continue Reading
Feature 24 Jul 2018

Cisco's chief privacy officer on the future of data after GDPR

Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation. Continue Reading
Feature 24 Jul 2018

McAfee CISO: The importance of a strong cybersecurity culture

For McAfee CISO Grant Bourzikas, building a strong cyberdefense culture is essential because employees are the first line of defense to avoid rapidly evolving cybersecurity risks. Continue Reading
Feature 24 Jul 2018

McAfee CISO: Leadership buy-in essential to boost cybersecurity

As online risks continue to evolve, making sure company leadership buys in to efforts to improve cybersecurity posture has become essential, says McAfee CISO Grant Bourzikas. Continue Reading