Security Management Strategies for the CIO
High-profile attacks, inadequate defenses burden IT security
programs
Robert Westervelt, News Director
A plethora of high-profile data security breaches that marred the first half of 2011, and other recent high-profile attacks, such as
Requires Free Membership to View
Stuxnet,
Operation
Aurora and state-sponsored persistent threats, have dominated the discussion in the information
security community. These incidents have highlighted a critical question for nearly all
enterprises: How can an organization be more proactive, monitoring the threat landscape for
actionable information to improve
IT security programs?
While log management, security reporting tools and automated patch management systems can be effective in helping prevent successful attacks and collecting data after the fact, experts say in most organizations a more proactive security program is sorely needed, namely one that get’s employees thinking about risk management to thwart attacks before they infect endpoint machines. But turning around a security program stuck in a reactive mode is easier said than done.
Read the rest of this story: High-profile attacks, inadequate defenses burden IT security programs
MORE ARTICLES:
- Cloud
computing contracts and security’s role
Cloud computing has put the spotlight on contracts and service-level agreements, along with security’s role in the contract process. There are many security provisions that need to be included in cloud computing contracts to ensure corporate data is protected, making it critical for security managers to participate in contract preparation and negotiation, experts say.
- Gartner:
Dodd-Frank Act adherence demands compliance bureau
All companies, not just financials, must comply with the Dodd-Frank Act; Gartner recommends having a compliance bureau monitor the implications. The act has a number of compliance hurdles, including several which enterprise security and compliance managers should give scrutiny.
- Security
awareness tips: Making programmes more effective
Several information security pros, via LinkedIn, share their best security awareness tips.
- IT
security awareness training tutorial: Employee compliance education
Learn best practices for employee awareness training — an essential aspect of compliance, as well as overall security — in this tutorial.
MULTIMEDIA:
Gartner
Security Summit attendees on IT security, government issues
In this video (right), Senior Site Editor Eric B. Parizo spoke with two government infosec practitioners about a variety of issues, including risk management strategy, cloud computing security and the consumerization of IT at the 2011 Gartner Security & Risk Management Summit.
- Podcast:
Marketing security services: Ideas for marketing your business
Get advice for marketing security products and services, including how much to spend on marketing, using video and talking up breaches.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation