Enterprise information security management
The challenges of information security management include regulatory compliance, risk management, information security standards, security frameworks, disaster recovery and more. In many IT organizations, the CIO or CSO is responsible for the information security management of the company. Find the latest information security management information for CIOs, including news, tips and other resources, here in this topic section.
Top Stories
-
Feature
22 Jan 2024
6 must-read blockchain books for 2024
Numerous sources provide comprehensive information on blockchain fundamentals and applications. We narrowed the field to six of the most popular and diverse books available. Continue Reading
-
Feature
08 Jan 2024
10 top blockchain certification courses to pursue in 2024
Numerous blockchain certification courses are available for beginners and seasoned professionals, so we narrowed the field to some of the more diverse and comprehensive programs. Continue Reading
-
Feature
24 Jul 2018
Cisco's chief privacy officer on the future of data after GDPR
Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation. Continue Reading
-
Feature
24 Jul 2018
McAfee CISO: The importance of a strong cybersecurity culture
For McAfee CISO Grant Bourzikas, building a strong cyberdefense culture is essential because employees are the first line of defense to avoid rapidly evolving cybersecurity risks. Continue Reading
-
Feature
24 Jul 2018
McAfee CISO: Leadership buy-in essential to boost cybersecurity
As online risks continue to evolve, making sure company leadership buys in to efforts to improve cybersecurity posture has become essential, says McAfee CISO Grant Bourzikas. Continue Reading
-
Feature
17 Jul 2018
CIO roles: Developing 'safe and sound' IT systems
Digital transformation is having a big influence on the evolution of the CIO role. For one CIO, responsibilities have expanded into ensuring the 'safety and soundness' of IT systems. Continue Reading
-
Answer
12 Jul 2018
What are the Microsoft IRM requirements for Exchange 2016?
Before a company can take advantage of information rights management on the Exchange 2016 platform, administrators must ensure the server setup meets the technical requirements. Continue Reading
-
Answer
11 Jul 2018
How do you use Outlook IRM to protect email content?
The information rights management feature in Exchange prevents unauthorized parties from viewing sensitive content. Admins can tailor the settings to fit the company's needs. Continue Reading
-
Feature
26 Jun 2018
Identify gaps in cybersecurity processes to reduce organizational risk
Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses. Continue Reading
-
News
22 Jun 2018
Herjavec: Cybersecurity investment now a priority for CEOs, boards
How did Robert Herjavec, CEO of a global IT security firm and star of ABC's 'Shark Tank,' know cybersecurity was gaining traction? He started getting meetings with the C-suite. Continue Reading
-
Answer
08 Jun 2018
How can companies protect against ransomware in the cloud?
When it comes to ransomware attacks, cloud storage is not foolproof. CyberSight's Hyder Rabbani offers tips about how to address cloud ransomware threats. Continue Reading
-
Feature
01 Jun 2018
Business email compromise moves closer to advanced threats
The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks. Continue Reading
-
Survey
01 Jun 2018
Insider threat report tracks annual cost of theft, carelessness
The Ponemon Institute study "2018 Cost of Insider Threats" examines the cost to companies victimized by material insider threat incidents during the past 12 months. Continue Reading
-
Opinion
01 Jun 2018
Walmart's Jerry Geisler on the CISO position, retail challenges
A global CISO in charge of one of the world's largest cybersecurity programs got his start on the retail floor. He's arrived just in time for the digital transformation. Continue Reading
-
Opinion
01 Jun 2018
Cybercrime study: Growing economic ecosystem spells trouble
New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what? Continue Reading
-
News
31 May 2018
New Walmart CISO discusses protecting the world's largest retailer
Walmart CISO Jerry Geisler talks about the retail giant's evolving cloud strategy, vulnerability management and risks the company is focused on across its environments. Continue Reading
-
News
31 May 2018
Enterprise cybersecurity strategy: What a CIO needs to know
Digital transformation is leaving businesses exposed to more cyberattacks. At the MIT Sloan CIO Symposium, panelists explain how much cybersecurity expertise is expected of CIOs. Continue Reading
-
News
29 May 2018
Threat hunting technology is on the rise, so are threats
Detection of advanced threats is the top challenge for 55% of security operations centers, according to a new survey, as more companies explore threat hunting programs. Continue Reading
-
Feature
29 May 2018
Enterprise data encryption: Preparing for a post-quantum future
With the race toward quantum computing underway, interest in post-quantum encryption is growing. ISACA's Rob Clyde explains how CIOs and CISOs can get up to speed. Continue Reading
-
Feature
29 May 2018
The time to think about post-quantum cryptography is now
Rob Clyde, chairman-elect of ISACA's board of directors, worries a lot about the world according to qubits. He explains why here -- and why post-quantum cryptography should matter to CIOs. Continue Reading
-
Feature
21 May 2018
CISO careers: Several factors propel high turnover
The average CISO tenure is approximately 24 to 48 months. Kudelski Security's John Hellickson discusses factors driving the high turnover rate and how to improve job satisfaction. Continue Reading
-
News
16 May 2018
Build a culture of innovation on PaaS platforms
Tech execs from Deutsche Bank and Experian at the Red Hat Summit in San Francisco shared their thoughts on reaping the benefits of PaaS platforms by addressing the risks head-on. Continue Reading
-
Feature
14 May 2018
CISO soft skills in demand as position evolves into leadership role
Cybersecurity industry veteran Joan Pepin discusses how the evolution of the CISO role has made soft skills essential to thrive in the information security field. Continue Reading
-
Tip
14 May 2018
Exchange Online security setup requires joint effort
A company that moves to Exchange Online must coordinate the efforts of its email administrators and its security team to maximize protections and meet compliance requirements. Continue Reading
-
News
11 May 2018
Force multipliers in cybersecurity: Augmenting your security workforce
During his RSA conference keynote, IBM Security's van Zadelhoff highlighted cybersecurity's top three force multipliers and explained best practices to deploy them. Continue Reading
-
News
09 May 2018
IT pros name users, GDPR as biggest cloud computing security threats
The cloud is growing faster than companies can prepare for cloud computing security threats, a quartet of tech leaders say at a Boston forum. But managing risk is within reach. Continue Reading
-
Feature
09 May 2018
CISO: Data integrity and confidentiality are 'pillars' of cybersecurity
When it comes to protecting online info, one cybersecurity veteran says the role of a CISO is to first incorporate processes that maintain data integrity and confidentiality. Continue Reading
-
Feature
08 May 2018
CIO uses master data management to speed digitalization
IMA Financial Group CIO Michelle Vercellino's effort to clean up, protect and govern the firm's data is an important step in the firm's quest for 'data intelligence.' Continue Reading
-
Answer
04 May 2018
Best practices for cloud security: Be cognizant of what's in the cloud
In this Ask the Expert, Booz Allen Hamilton's Anil Markose offers the cloud security best practices organizations need to protect their cloud information. Continue Reading
-
Feature
30 Apr 2018
Cloud workload protection tool speeds cloud migration, saves time
Informatica deployed Aporeto's IT security tool to protect its cloud servers. It gained peace of mind -- and valuable time. Continue Reading
-
Feature
30 Apr 2018
Informatica enlists cloud workload protection platform for 'zero-trust' IT security
To secure its immense cloud operations, Informatica looks to a new tool, a cloud workload protection platform by Aporeto, with a deny-all approach to server access. Continue Reading
-
News
30 Apr 2018
Security awareness programs that work against human nature will fail
Security awareness programs should take into account that humans are basically 'lazy, social, creatures of habit,' said KnowBe4's Perry Carpenter at the CIO Boston Summit. Here are three tips. Continue Reading
-
News
30 Apr 2018
Top 2018 cybersecurity trends to watch out for
A glance at IT news shows cybersecurity trends remain on companies' radar. At the CIO Boston Summit, Cybereason's Jessica Stanford discussed steps to defend against risk. Continue Reading
-
Blog Post
27 Apr 2018
Vulnerability management programs need an upgrade for the cloud era
Gone are the days of simple, easily secured corporate networks. The proliferation of cloud computing, virtualization and containers means that the network is changing constantly, said Nate Palanov, ... Continue Reading
-
News
20 Apr 2018
Juniper CEO Rahim stresses cybersecurity training, automation at RSA 2018
During his RSA Conference keynote, Juniper CEO Rami Rahim encouraged leaders to be "agents of change" that embrace automation in cybersecurity and new training techniques. Continue Reading
-
Feature
17 Apr 2018
Tackling security debt: The role of risk register, patch management
In this Q&A, Akamai's Dave Lewis offers pointers on how to address security debt and also discusses how organizations can avoid incurring such debt. Continue Reading
-
Feature
13 Apr 2018
Security debt: Why you should pay attention
Akamai's Dave Lewis -- a speaker at the upcoming RSA Conference 2018 -- discusses how organizations build security debt over time and its potential risks. Continue Reading
-
Feature
13 Apr 2018
Lacking data management processes holds back digital business
The business fallout of poor data management processes goes well beyond security and privacy implications. Evident IT CEO David Thomas explains in this SearchCompliance Q&A. Continue Reading
-
Answer
13 Apr 2018
Exchange IRM helps enterprises lock down information
Exchange Server's information rights management features put boundaries on messages and documents to avoid the mishandling of restricted content. Continue Reading
-
Answer
11 Apr 2018
How do attackers build and use phishing kits?
With attackers looking to maximize their ROI, they are employing what is called a phishing kit to run scam campaigns. In this Ask the Expert, learn how such kits are built. Continue Reading
-
Feature
06 Apr 2018
Crypto-agility: Strategies and best practices to get there
Staying crypto-agile is vital for data security. Venafi's Paul Turner discusses how to establish crypto-agility and the need for creating an inventory of cryptographic assets. Continue Reading
-
Opinion
03 Apr 2018
Marcus Ranum decodes hardware vulnerabilities with Joe Grand
Computer hardware designs with dangerous security flaws? That's no surprise to renowned hardware hacker Grand. Continue Reading
-
Opinion
03 Apr 2018
Healthcare CISO: 'Hygiene and patching take you a long way'
Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details. Continue Reading
-
Report
03 Apr 2018
CISO survey paints a grim picture: Weak staff, breach fears
Roughly 60% of CISOs expect phishing scams, malware disruptions and cyberattacks that cause 'significant downtime' to affect their company in 2018. Continue Reading
-
Opinion
03 Apr 2018
Cost of data privacy breach may not be enough
While the European Union is taking major steps to protect residents' data privacy, little has happened in the United States, even after Equifax and Facebook. Continue Reading
-
News
27 Mar 2018
MIT: Energy-efficient chip improves IoT encryption, authentication
MIT researchers have developed an energy-efficient, hard-wired chip that they say will benefit IoT encryption and ease authentication processes in the IoT environment. Continue Reading
-
Feature
23 Mar 2018
Cybersecurity skills gap: Get creative about cyber hiring
Hiring candidates from disciplines beyond infosec can go a long way to address the widening cybersecurity skills gap, says industry veteran Javvad Malik. Continue Reading
-
Answer
20 Mar 2018
How can the CISO become a business enabler?
For a cybersecurity program to be effective, CISOs must be viewed as business enablers. Kudelski Security's John Hellickson offers tips on how CISOs can make the transformation. Continue Reading
-
Feature
19 Mar 2018
Cybersecurity trend forecast: Streamlined, simplified security
In this SearchCIO Q&A, Javvad Malik discusses why streamlining infosec processes is becoming a top cybersecurity trend and how new tech influences the infosec industry. Continue Reading
-
News
16 Mar 2018
Ex-Equifax CIO's insider trading indictment a red flag for IT execs
A former Equifax CIO has been indicted for insider trading following the company's 2017 data breach. Will it force IT execs to reexamine the importance of proper breach response? Continue Reading
-
Blog Post
15 Mar 2018
AI's exponential curve: More from my interview with ISACA's Rob Clyde
I recently talked about the use of AI in the enterprise with Rob Clyde, vice chairman of the board of directors at ISACA, an organization focused on IT governance. The conversation focused on a new ... Continue Reading
-
Blog Post
28 Feb 2018
Unlockable iPhones, leaked code among Apple's security woes
Security on Apple devices might not be as impenetrable as many thought. Forbes reported this week that Cellebrite, an Israel-based vendor and major U.S. government contractor, is now able to unlock ... Continue Reading
-
Feature
28 Feb 2018
New tech creates new attack vectors, cybersecurity vulnerabilities
CISO John Germain explains how tech like AI and IoT are revolutionizing business -- and creating new cybersecurity vulnerabilities as data protection is left on the back burner. Continue Reading
-
Answer
28 Feb 2018
Is end user training essential to data loss prevention program success?
Regulations like the GDPR promise to enforce stricter data protection rules. While a data loss prevention program can help, it requires end-user training to ease adoption. Continue Reading
-
News
27 Feb 2018
DLP implementation: Partner with the business for success
Data loss prevention strategies help prevent unauthorized disclosure of sensitive information. For a DLP strategy to be successful, however, business-wide buy-in is required. Continue Reading
-
Feature
27 Feb 2018
Tech, growing data sets complicate enterprise cybersecurity strategy
Emerging tech has grown companies' data sets and made IT environments increasingly complex. As IT capabilities evolve, enterprise cybersecurity strategy is struggling to keep up. Continue Reading
-
Feature
23 Feb 2018
Cybersecurity's shortage of skills leaves IT projects vulnerable
A recent study found that as IT projects proliferate, cybersecurity's shortage of skills is leaving tech vulnerable. Analyst and study author Jon Oltsik explains in this Q&A. Continue Reading
-
Tip
19 Feb 2018
How to prep for the GDPR breach notification rule
As companies prep for GDPR compliance, its breach notification rule is making waves. Csaba Krasznay, security evangelist at Balabit, discusses how to prep for Article 33 of GDPR. Continue Reading
-
News
16 Feb 2018
CISO responsibilities: Building a mission-based cybersecurity program
'Vanquish the enemy you can see ... then prepare for the next engagement.' Brooks Brothers' Phillip Miller gives fellow CISOs new ways to think about a cybersecurity program. Continue Reading
-
Opinion
01 Feb 2018
Fred Cohen on strategic security: 'Start with the assumptions'
Cohen is a globally recognized expert in information protection and cybersecurity. Since coining the term 'computer virus,' he has remained a pioneer in information assurance. Continue Reading
-
Feature
01 Feb 2018
GDPR breach notification: Time to focus on the requirements
Some large U.S. companies have been working behind the scenes on GDPR requirements for more than a year, but there's strong evidence that many have not been as diligent. Continue Reading
-
Feature
01 Feb 2018
David Neuman: The CISO position and keeping the cloud safe
The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector. Continue Reading
-
Feature
01 Feb 2018
CISOs map out their cybersecurity plan for 2018
What's on the short list for enterprise cybersecurity programs in the coming year? As attack vectors increase -- think IoT -- we ask information security leaders to discuss their plans. Continue Reading
-
Opinion
01 Feb 2018
Data protection compliance costs less than noncompliance
Smaller companies -- with fewer than 5,000 employees -- in particular may be hit hard by GDPR requirements and other data compliance hurdles. A new report does the math. Continue Reading
-
News
31 Jan 2018
Ransomware outbreak threat calls for backup and DR strategy
IT departments deploy a range of data restore approaches to mitigate the risk of a debilitating ransomware attack. Time is of the essence, however. Continue Reading
-
Feature
01 Dec 2017
John Germain lands the new CISO position at Duck Creek
Serving the technology needs of the property and casualty insurance industry means keeping a weathered eye on risk profiles, enterprise software and emerging threats. Continue Reading
-
Opinion
01 Dec 2017
The tug of war between user behavior analysis and SIEM
Information security technologies embrace user behavior analytics, and the trend is expected to continue. Should CISOs consider a standalone UBA component? Continue Reading
-
Opinion
01 Dec 2017
What's with cybersecurity education? We ask Blaine Burnham
When he left the NSA, Burnham helped build the security education and research programs at the Georgia Institute of Technology and other universities. What did he learn? Continue Reading
-
Feature
01 Dec 2017
CISOs take notice as GPS vulnerabilities raise alarms
GPS has been extraordinarily reliable, but there's a growing chorus of experts who say it's time to assess GPS security and consider protective strategies. Continue Reading
-
Opinion
01 Nov 2017
From the White House to IBM Watson technology with Phyllis Schneck
The managing director at Promontory Financial Group, now part of IBM, talks about supercomputers, cryptography applications and her start in computer science. Continue Reading
-
Opinion
01 Nov 2017
Are companies with a SOC team less likely to get breached?
Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get. Continue Reading
-
Feature
01 Nov 2017
Transitioning to the role of CISO: Dr. Alissa Johnson
Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem." Continue Reading
-
Feature
01 Nov 2017
The vulnerability management process after Equifax
Cataclysmic security incidents highlight the importance of a vulnerability management program versus a patch management system. Here's how to implement a risk-based approach. Continue Reading
-
Feature
01 Nov 2017
Are security operations centers doing enough?
SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead. Continue Reading
-
Opinion
02 Oct 2017
Building a secure operating system with Roger R. Schell
The 'father' of the Orange Book has first-hand knowledge of the standards required for classified computer systems and the issues with subversion. Continue Reading
-
Feature
02 Oct 2017
Agnes Kirk on the role of CISO, Washington's state of mind
A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security. Continue Reading
-
Opinion
02 Oct 2017
No customer data leaks? Companies look down the rabbit hole
When Yahoo finally disclosed a massive 2014 data breach to up to five hundred million affected account holders in September 2016, some already had legal representation. Continue Reading
-
Opinion
01 Sep 2017
From security product marketing to CEO: Jennifer Steffens
The CEO of a global pen tester used to work for the New York Yankees. Find out how Jennifer Steffens went from sports marketing to head of a security service provider. Continue Reading
-
Feature
01 Sep 2017
Why WannaCry and other computer worms may inherit the earth
A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission. Continue Reading
-
Feature
01 Sep 2017
HTTPS interception gets a bad rap; now what?
Should products intercept Transport Layer Security connections to gain visibility into network traffic? A new study by researchers and U.S.-CERT warn against it. Continue Reading
-
Opinion
01 Sep 2017
A damaging spring of internet worms and poor performance
Security is a hot topic for media outlets that report on stock markets as companies founder on corporate earnings. The financial fallout of global malware is a call to action. Continue Reading
-
Feature
14 Aug 2017
Mitigating security risks posed by emerging tech: Expert advice
Companies are in hot pursuit of the benefits offered by cutting-edge technologies, but mitigating security risks often gets scant attention. CIOs need to change that. Here's how. Continue Reading
-
Feature
01 Aug 2017
Deborah Wheeler lands role of CISO at Delta Air Lines
The new CISO at Delta Air Lines earned her wings by sticking with security from the start. As the airline industry faces new challenges, Deborah Wheeler takes on a leadership role. Continue Reading
-
Report
01 Jun 2017
Report: Threat hunting is more SOC than intel
Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements. Continue Reading
-
Feature
01 Jun 2017
Experian's Tom King tackles role of CISO from the ground up
An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says. Continue Reading
-
Feature
01 May 2017
Is threat hunting the next step for modern SOCs?
The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats. Continue Reading
-
Feature
01 May 2017
Polycom CISO focused on ISO 27001 certification, data privacy
Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company. Continue Reading
-
Feature
01 May 2017
Challenging role of CISO presents many opportunities for change
With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited. Continue Reading
-
Opinion
01 May 2017
CISO job requires proven track record in business and security
In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater. Continue Reading
-
Feature
03 Apr 2017
Politics of cyber attribution pose risk for private industry
Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies. Continue Reading
-
Feature
03 Apr 2017
In her new role of CISO, Annalea Ilg is curious, driven and paranoid
The vice president and CISO of ViaWest, Ilg is tasked with keeping the IT managed service provider and its cloud services secure. Continue Reading
-
Opinion
03 Apr 2017
Outsourcing security services rises as MSSPs focus on industries
Despite increasing levels of specialization, managed security service providers often don't understand the business you're in. That may be changing. Continue Reading
-
Opinion
01 Mar 2017
AI or not, machine learning in cybersecurity advances
As more companies promote machine learning and artificial intelligence technologies, chief information security officers need to ask some tough questions to get past the hype. Continue Reading
-
Video
30 Nov 2016
The impact of mobile technology on business operations
The impact of mobile technology on business is becoming more evident as mobile computing moves to take over the enterprise. Continue Reading
-
Opinion
17 May 2016
IoT data security and privacy starts now for CIOs -- and educators
IoT data security and privacy is racing to the forefront of CIO agendas. Just ask employees whose companies have doled out fitness wearables, says Niel Nickolaisen. Continue Reading
-
News
01 Dec 2014
Security licensing models hamper enterprise security
Onerous product-licensing terms imposed by security vendors raise the risk of shadow IT and threaten enterprise security, according to information security managers. Continue Reading
-
News
30 May 2014
CIOs trumpet top-down, proactive digital enterprise security
In today's digital world, where consumers are increasingly connected and data is the new currency, enterprises must take a proactive security stance. Continue Reading
-
News
04 Jun 2012
Social media tips and other helpful lists
In this week's roundup, we have a list made up primarily of lists -- how meta! Included are social media tips and a general how-to on being a good CIO. Continue Reading
-
News
18 May 2012
Even a minor lapse in security protocol can lead to major costs
When security protocols are neglected, data isn't the only loss. A breach in Utah cost the state CIO his job and possibly his reputation. Continue Reading
-
News
28 Apr 2012
Promoting innovation, from boss-less offices to tweaking big data
This week's roundup of tidbits from the Web includes ways of promoting innovation, as well as talent in the workplace. Continue Reading
-
News
23 Mar 2012
Spring is here, and innovation is in the air
In this week's roundup of news and notable bits from around the Web, spring brings thoughts of innovation. Continue Reading
-
News
16 Mar 2012
Siri, find me a good lawyer
In this week’s roundup, a legalpalooza: Yahoo sues Facebook, someone sues Siri and a lawyer slowly backs away from her Pinterest boards. Continue Reading