Security Management Strategies for the CIOAccess "Breaches highlight need for better employee security awareness training"
This article is part of the May 2011 issue of Comprehensive information security programs vital for PCI compliance
Good grief, we’re not even halfway through 2011 and there’s already been a string of eye-popping breaches: Epsilon, EMC’s RSA security division, Comodo, and HBGary Federal. With even security firms getting hit, one has to start wondering about the state of information security. After all the sophisticated technology, all the audits, and all the handwringing over risk management, our data and networks still seem awfully vulnerable. Cat and mouse game. Arms race. Time and again, we use these metaphors to describe the battle against cybercriminals. Of course, there’s no such thing as failsafe security, but the bad guys seem to be getting the upper hand despite all our best efforts. Despite all the firewalls, IDSes, antivirus, SIMs, and authentication requirements, breaches continue at a rapid pace. Notification laws, of course, have brought many breaches to light that would have otherwise gone unreported. Still, the list of compromised companies only seems to grow unabated. Now, maybe the breached companies had serious lapses in security. Certainly, there were... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Navigating international data privacy laws
by Cynthia O’Donoghue, Katharina A. Weimer and Amy Mushahwar
Companies should revisit streamlined global data operations with an eye toward revamping compliance.
-
Robust information security program key to PCI compliance requirements
by Eric Holmquist
A strong information security program that goes beyond minimum standards will ease compliance.
-
Navigating international data privacy laws
by Cynthia O’Donoghue, Katharina A. Weimer and Amy Mushahwar
-
-
Gaining awareness to prevent social engineering techniques, attacks
by Marcia Savage, Editor
Cybercriminals are using social engineering fueled by social media to attack users and break into companies.
-
Smartphone encryption, authentication ease mobile management
by Robert Westervelt, News Director
New security tools allow companies to extend encryption and authentication to mobile devices.
-
Gaining awareness to prevent social engineering techniques, attacks
by Marcia Savage, Editor
-
Columns
-
Information security professionals and the resource gap
by (ISC)2 Advisory Board of the Americas Executive Writers Bureau
There’s growing demand for information security professionals, but where will these skilled people come from?
-
Information security job titles: Irrelevant to your career
by Lee Kushner and Mike Murray
Remember, potential new security roles are doled out based on experience and accomplishments, not some fancy title.
-
Breaches highlight need for better employee security awareness training
by Marcia Savage, Editor
Companies need to improve their employee security awareness training to fight today’s threats.
-
Information security professionals and the resource gap
by (ISC)2 Advisory Board of the Americas Executive Writers Bureau
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...