Enterprise information security management
The challenges of information security management include regulatory compliance, risk management, information security standards, security frameworks, disaster recovery and more. In many IT organizations, the CIO or CSO is responsible for the information security management of the company. Find the latest information security management information for CIOs, including news, tips and other resources, here in this topic section.
Top Stories
-
Feature
22 Jan 2024
6 must-read blockchain books for 2024
Numerous sources provide comprehensive information on blockchain fundamentals and applications. We narrowed the field to six of the most popular and diverse books available. Continue Reading
-
Feature
08 Jan 2024
10 top blockchain certification courses to pursue in 2024
Numerous blockchain certification courses are available for beginners and seasoned professionals, so we narrowed the field to some of the more diverse and comprehensive programs. Continue Reading
-
News
03 Mar 2012
Security woes and a different kind of Net threat
We're feeling a little vulnerable this week. Maybe it's because our cache of tech bits is a little heavy on security issues. Continue Reading
-
News
28 Feb 2012
Data loss statistics: Emerging culprits
Social networking, cloud computing and mobile technology create business opportunities. But data loss statistics show these advances create risks too. Continue Reading
-
News
01 Feb 2012
Who's the 'insider' security campaigns target?
Can CIOs learn anything from a security campaign launched by the military more than 60 years ago? Continue Reading
-
News
05 Jan 2012
Re-evaluating endpoint security tools
Has technology advanced to the point that some endpoint security tools -- and the staff needed to support them -- will go away? Continue Reading
-
Definition
07 Mar 2011
control framework
A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk. Continue Reading
-
News
25 Jun 2010
Cloud location: Why it's important to know where your data resides
The Internet may be everywhere, but experts say cloud location is important to consider. Find out why. Continue Reading
-
News
16 Apr 2010
Don't be a horror story! Why social media policies matter to the CIO
Social media policies are crucial in the age of Facebook and Twitter, where security and compliance risks abound. How can the CIO avoid social media notoriety? Continue Reading
-
Tip
11 Mar 2009
Cost reduction tips for your strategic sourcing contracts
CIOs should revisit their strategic sourcing contracts and work closely with their suppliers to analyze current spending and achieve maximum cost reductions. Continue Reading
-
News
08 Aug 2007
Second Life a security risk for businesses, Gartner cautions
Companies risk damage to their brand and reputation, as well as potentially serious security breaches by engaging in activities in unmoderated virtual worlds such as Second Life, according to Gartner Inc. Continue Reading
-
News
11 Jul 2007
Blog: Data loss rarely leads to ID theft, or does it?
A new report suggests that lost or stolen data is rarely used to commit identity theft. Oh yeah? Then what are they using it for? Blogger Jeff Kelly takes a closer look at the findings. Continue Reading
-
News
26 Jun 2007
Homeland Security IT chief blamed for cyberwoes
In response to reports of persistent cybersecurity flaws at the Department of Homeland Security, a top congressional Democrat on Wednesday questioned whether the agency's CIO deserves to keep his job. Continue Reading
-
News
12 Jun 2007
Retailers face deadline for security standard
Credit card firms are giving merchants until June 30 to comply with the Payment Card Industry Data Security Standard, which is designed to protect users from online theft. Teranet discusses what it had to do. Continue Reading
-
News
08 Jun 2007
IBM gets into Web security with Watchfire buy
IBM has become the first major player to buy into the Web application security testing space with its offer to buy Watchfire. The deal, which is expected to close later this quarter, would bring in tooling that performs ethical hacking of Web apps based on a database of known vulnerability signatures. Continue Reading
-
News
23 May 2007
IBM targets threats against Web 2.0 systems
IBM on Tuesday introduced a security offering designed to detect and prevent cyberattacks directed at instant messaging services, Internet voice networks and other Web 2.0 platforms. Continue Reading
-
News
17 May 2007
Verizon targets security with Cybertrust takeover
Verizon is joining in the consolidation in the managed security services space after agreeing to a deal to acquire Cybertrust for an undisclosed sum. Continue Reading
-
News
15 May 2007
Data breach costs weigh on TJX 1Q profit
TJX Cos., operator of discount clothing chains T.J. Maxx and Marshalls, said Tuesday its first-quarter profit dipped 1 percent as costs related to a widely publicized breach of customer data offset revenue growth. Continue Reading
-
News
10 May 2007
Security screeners sue over missing TSA hard drive
A union is suing the Transportation Security Administration (TSA) over the loss of a computer hard drive containing the personal information of around 100,000 security screeners. The lawsuit would require the government agency to encrypt employee data and monitor mobile devices holding worker information. Continue Reading
-
News
12 Apr 2007
Oracle update to fix 37 security flaws
Oracle plans to release patches to plug 37 security holes in its products next week, according to a preview of the upcoming Critical Patch Update released April 10. Continue Reading
-
News
04 Apr 2007
FCC imposes rules to prevent pretexting
The Federal Communications Commission hopes to prevent data burglaries with a set of new regulations for phone companies aimed at preventing the fraudulent practice called "pretexting." Continue Reading
-
News
22 Feb 2007
T.J. Maxx probe finds broader hacking
The TJX Cos., the discount retailer best known for its T.J. Maxx and Marshalls clothing stores, said Wednesday that its hacking investigation has uncovered more extensive exposure of credit and debit card data than it previously believed. Continue Reading
-
News
22 Feb 2007
Google patches vulnerability in Desktop search tool
Google has issued a patch for a serious vulnerability involving Google Desktop that would have allowed attackers to steal personal information and possibly take control of a system remotely. Continue Reading
-
News
08 Feb 2007
Massachusetts leads national TJX data probe
The Massachusetts Attorney General is heading up a group of more than 30 states trying to force answers to how the massive TJX data breach happened. Continue Reading
-
News
11 Jan 2007
No fixes for Microsoft Word zero-day flaws
Microsoft has released high-priority fixes for serious vulnerabilities in its Outlook and Excel applications, but there are no patches in the January batch for known Microsoft Word flaws that are currently under attack. Continue Reading
-
News
03 Jan 2007
Research: IM malware attacks on the rise
With 41 new attacks carried out during December alone, 2006 proved to be a significant growth year for threats distributed over instant messaging systems. Continue Reading
-
News
22 Nov 2006
Small companies ignorant of security?
Small businesses must become more aware that they are potential victims of cybercrime, former White House security adviser Howard Schmidt has urged. Continue Reading
-
News
16 Nov 2006
Remote workers still confused about security
Not only are remote workers a ticking time bomb when it comes to network security, but many also feel IT has no right to monitor their online behavior. Continue Reading
-
News
14 Nov 2006
Security flaw could ground Wi-Fi users
Security monitoring groups warn there's a hole that could allow nearby hackers to execute kernel-mode code the minute you open up your Wi-Fi. Continue Reading
-
News
14 Nov 2006
Users eye iPods as cool enterprise tools
The holidays may bring a flood of new consumer gadgets into the enterprise. New research shows that corporate IT should find ways to include them. Continue Reading
-
News
25 Oct 2006
FBI: Cyberattacks underreported
Companies should do more to report cybercrimes such as hacking and phishing to help federal authorities investigate and ensure that additional data isn't compromised beyond initial attacks, a high-ranking FBI official said. Continue Reading
-
News
16 Oct 2006
Microsoft to give Vista data to security firms
Microsoft will make available parts of key data to security software firms such as Symantec Corp. and McAfee Inc. to enable their products to work smoothly with its new Vista operating system. Microsoft has promised the additional information to comply with European Union requirements that stem from the landmark 2004 decision that MS used its dominant Windows system to damage competitors. Continue Reading
-
News
16 Oct 2006
Online brokerage account scams worry SEC
High-tech crooks are hijacking online brokerage accounts by using spyware and operating from remote locations, sometimes in Eastern Europe, U.S. market regulators said on Friday. Continue Reading
-
News
10 Oct 2006
Remote workers still imperil enterprise security, study finds
Most workers who access data networks remotely or carry company-owned laptops are putting their employers at risk, according to a global security research study from Cisco Systems Inc. Continue Reading
-
News
30 Aug 2006
AT&T hack exposes 19,000 identities
A cyberattack on the telecommunications giant over the weekend affects about 19,000 customers who bought equipment for high-speed DSL connections online. Continue Reading
-
News
24 Aug 2006
Why did Microsoft delay IE Patch?
Microsoft has delayed the re-release of a critical Internet Explorer browser patch because of an internal glitch. Security experts are not happy. Continue Reading
-
News
11 Jul 2006
Research points to faster threat development
Security software maker McAfee Inc. says it has seen a significant leap in the appearance of new threats in the past few years. Continue Reading
-
News
22 Jun 2006
Unpatched iTunes, Skype, Firefox inviting malware targets
Employees are downloading unpatched versions of some of the most popular software applications and presenting a bigger threat to enterprise networks than malicious software, according to a warning from Bit9, an endpoint security vendor. Continue Reading
-
News
25 May 2006
VA not alone in data carelessness, says watchdog group
It isn't just Veterans Affairs that's putting its data at risk. The personal information about Americans isn't safeguarded properly throughout the government, and the consequences could be disastrous, congressional investigators say. Continue Reading
-
News
27 Apr 2006
Special Report: Ideal intrusion defense combines processes and people
What defines good enterprise intrusion defense? In the first installment of Intruder Alert, a special three-day series, IT pros say the best programs thwart not only the bad computing habits of insiders, but also the spyware and other malware they allow in. Continue Reading
-
News
26 Apr 2006
Windows patch problems to force out-of-cycle repair
Microsoft on April 25 re-released a critical update that fixes a Windows Explorer code-execution vulnerability. The patch has caused problems with certain third-party software. Continue Reading
-
News
11 Apr 2006
IBM touts chip-level security
IBM says new technology will allow chip makers to build embedded security features into processors used in mobile handsets, PDAs and other devices. Continue Reading
-
News
03 May 2005
What's the cybersecurity coverage these days?
Though companies are expressing more interest in policies to protect against the onslaught of privacy breaches, such insurance still remains a rarity. Continue Reading
-
News
27 Feb 2005
Security is top CIO concern, survey finds
Network security improvements topped the list of priorities provided by 1,400 recently surveyed CIOs. System upgrades ranked second, followed by database upgrades and installations. Continue Reading
-
News
22 Feb 2005
Symantec, Veritas CEOs tell post-merger story
Symantec CEO John Thompson and Veritas CEO Gary Bloom talk about their post-merger plans for providing blended backup and security products. Continue Reading
-
News
21 Feb 2005
RSA 2005: Experts weigh in on phishing and other e-pariah
Protections against intrusions and productivity drainers like spam are improving, but so are the bad guys. An RSA town meeting addresses what law enforcement's doing about it. Continue Reading
-
News
21 Feb 2005
RSA 2005: A chat with Sybari's Joe Licari
Check out an insider's perspective on Sybari's latest initiatives and what Microsoft's acquisition plans could mean for users who buy in now. Continue Reading