Security Management Strategies for the CIO
Email Alerts
-
Improving your network security strategy in a recession
In difficult economic times, security pros must measure risk and prioritize projects. Get tips from the experts to improve your network security strategy during a recession. Plus, read the results of our yearly priorities survey and find out what mad... E-Zine
-
How to be successful with your security steering committee
This special issue of Information Security magazine explains the ins and outs of security steering committees. Learn who needs to be there, why they need to be there, what they need to be doing, and how to help them do it. We review the GoldKey Secur... E-Zine
-
Why business managers are a breed of security professional
Some companies are making their business managers responsible for security: How does that change the game? Also, get tips on access strategies and closing the policy gap. E-Zine
-
Closing the gap: How to decide when (and if) to patch vulnerabilities
Deciding when to patch and when not to patch can be very tricky. It all depends on the value of your protected assets, the threat level, the presence of other mitigating factors and the required effort and resources. E-Zine
-
Dollars and sense: Getting the security budget you need -- and spending it wisely
Four of the industry's top enterprise chief information security officers discuss how to increase the security budget, and how best to use the extra cash. Also this month: Joel Snyder puts five vulnerability scanners through their paces; how to condu... E-Zine
-
IT content and vendor engagement evaluation survey
When IT professionals, such as you, have an IT project at their organization, there is a need to research multiple pieces of content from a variety of sources including vendors, third-parties and experts. This survey will allow TechTarget to identify... Survey
-
Book chapter: Obtain Buy-In from Stakeholders
This is an excerpt from the book Security Metrics: A Beginner’s Guide . Author Caroline Wong discussing strategies for managing a team of stakeholders Feature
-
Quiz: How IDS/IPS can enable business objectives
How much have you learned about integrating IDS/IPS with your enterprise's business goals? Find out with this short quiz. Quiz
-
Information Security Blueprint
Magazine download
-
Results Chain for Information Security and Assurance
Magazine download
-
Information Security Governance Guide
This guide provides an introduction to what information security governance and a security program are, and examines how to deploy security policies within any environment. Learning Guide
-
Owning the C-suite
If you've found yourself on the losing end of a few too many battles, and security is suffering because of a lack of support from top executives, a bit of positive social engineering may be just the thing. Information Security maga
-
The Business Model
Step-by-Step Guide
-
Life Cycles
Security Architectural Mo
-
Executive Security Management
Security Architectural Mo
- See more Essential Knowledge on Business Management: Security Support and Executive Communications
-
Expert urges security pros to speak out, educate upper management
Security expert Jayson E. Street explains why security pros must learn to communicate effectively to gain trust from management and empower employees. News | 02 Oct 2012
-
For Target, retailer's risk management program hinged on executive buy-in
To get executive buy-in, the retailer's risk management program architect had to define success and make sure everyone could speak the same language. News | 11 Sep 2012
-
Black Hat 2012: Dan Kaminsky tackles secure software development
Security researcher Dan Kaminsky’s annual "black ops" talk at Black Hat 2012 focused improving secure software development with better code. News | 25 Jul 2012
-
Why execs really need corporate security training
Senior executives may be the most likely to disobey all your hard-won corporate security training. Here are five reasons why. News | 31 May 2012
-
Division of CISO responsibilities may prevent burnout
CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs. News | 17 May 2012
-
Business and IT security alignment is off
Aligning IT security with business goals is nice, but is it always realistic? Mandates from management often clash with the industry’s ideal characterization of an IT security leader. News | 09 Apr 2012
-
Industry is doomed by automation, misguided IT security strategy, experts warn
Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch. News | 04 Apr 2012
-
Why businesses should care about proposed Protect IP, SOPA pirating laws
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups. News | 20 Dec 2011
-
Security innovation must hurdle academic, regulatory roadblocks
Regulators, lawmakers, academia share equal blame in putting the brakes on innovation in security, experts say News | 05 Oct 2011
-
Black Hat 2011: Money for secure application development proves elusive
For most security teams, it’s still a struggle to find money for secure application development, according to a panel of Black Hat 2011 experts. News | 04 Aug 2011
- See more News on Business Management: Security Support and Executive Communications
-
Oracle security patches, InfoSec World 2012 controversy offer important lessons
Editor Eric B. Parizo says controversies involving Oracle security patches and InfoSec World 2012 prove the importance of differing opinions. Opinion
-
Lessons of cyberwar: A chance to boost information security budgets
In the wake of an incident, CISOs should make the most of the opportunity to increase information security budgets. Column
-
IT security strategy 2.0: Adjusting for a shifting infosec landscape
Seismic shifts in the infosec landscape can no longer be ignored. Ernie Hayden explains how to update an IT security strategy to account for change. Tip
-
Corporate compliance program: How to give a status update to the board
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings. Tip
-
Aligning business and IT security: Learning from South Carolina breach
Ernie Hayden details how South Carolina's Department of Revenue breach proves business and IT security are often out of alignment, and how to fix it. Tip
-
Assumption of breach: How a new mindset can help protect critical data
By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains. Tip
-
Why the role of a CISO can reduce the average cost of a data breach
Filling the CISO position with the right person can reduce the costs a company will experience from a data breach. Expert Ernest Hayden explains why. Tip
-
Aligning enterprise identity and access management with CIO priorities
Randall Gamby says aligning enterprise identity and access management with business and CIO priorities demands a more strategic approach to IAM. Tip
-
What to do when the CIO gets in the way of enterprise IT security
Here's what to do if your CIO ends up creating hurdles for you and what needs to be done with enterprise IT security. Tip
-
How to begin corporate security awareness training for executives
Expert Ernie Hayden provides advice for enterprises that are establishing security awareness training for their security-unaware executives. Tip
-
CISO responsibilities: Commit senior management to security governance
A CISO’s responsibilities must include convincing executives to take an active role in security governance. Expert Ernie Hayden explains how. Tip
-
Modern security management strategy requires security separation of duties
Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy. Tip
- See more Tips on Business Management: Security Support and Executive Communications
-
How to make a good first impression when presenting to executives
Explaining an information security program to C-suite executives can be nerve-racking. Here's how to make a good first impression. Answer
-
Reframing discussions about return on security investment
According to expert Joe Granneman, return on security investment is a misnomer. Here's a better way to view security expenditures. Answer
-
The effects of secure application development practices
Selling the CIO and others on secure application development requires understanding how it will impact the development process. Answer
-
IT security risk training for executives: How to get started
Executives don’t have time for formalized security risk training, so the onus is on the security team to become involved with core business processes. Answer
-
Boosting information security budgets: How to get the funds you need
Getting executive support to boost the information security budget is no easy task. Expert Joe Granneman offers tips for getting the funds you need. Answer
-
Information Sharing and Analysis Centers: Getting started with ISACs
Joe Granneman explains how ISACs enable cybersecurity information sharing and the basic requirements for joining an ISAC. Answer
-
Why a security conscience is key among CISO responsibilities
Every firm needs a security conscience, according to expert Ernie Hayden, who says it is critical among key CISO responsibilities. Answer
-
Sharing security intelligence: How to build a strong network
Expert Nick Lewis explains how enterprises can forge strong security networks that support sharing security intelligence. Answer
-
Best practices: Gaining executive support for the software security lifecycle
Recent BSIMM3 study results provide guidelines for why executive support for the software security lifecycle is so important. Michael Cobb explains. Answer
-
Privileged account policy: Securely managing privileged accounts
Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information. Answer
- See more Expert Advice on Business Management: Security Support and Executive Communications
-
security
In information technology, security is the protection of information assets through the use of technology, processes, and training. Definition
-
International data protection: 'Evil maid' attacks, HDD cloning risks
Video: Cryptoseal CEO Ryan Lackey details the threats associated with international data protection, from cloned hard drives to evil maid attacks. Video
-
Ernie Hayden on the keys for success in the role of CISO
Ernie Hayden discusses the role of CISO and draws on examples from his own career as he lists the most important attributes for a successful CISO. Video
-
Peter Kuper on IT and the economy; IT security spending outlook
In this special keynote, In-Q-Tel's Peter Kuper analyzes the state of IT and the economy in 2012, and the resulting IT security spending outlook. Video
-
Brian Contos on detecting rootkits with hardware-based security
Hardware-based security tools can help security teams detect rootkits that are used by attackers to hide malware below the operating system. Video
-
MGH security director on making the security business case
Bonnie Michelman, security chief for Massachusetts General Hospital, discusses making the security business case to executives. Video
-
Default deny security: How to implement a positive security model
What is 'default deny' security? How difficult is the implementation process, and how could you sell it to executives? In this video, expert Mike Rothman explains how a positive security model works and how to decide if it's right for your enterprise... Video
-
Meeting business goals with network security technologies
This video will discuss how moving from primary business functions to more detailed business tasks can help identify goals that network security can assist in meeting. Video
-
Countdown: Top 5 ways to tune IDS/IPS to meet business needs
In this podcast, we'll count down the top five ways to tune an IDS/IPS to make sure it's meeting the business requirements you purchased it to meet. Podcast
-
Compliance and security: Schneier-Ranum face-off
In this third part of Schneier and Ranum's Face-off at ISD 2009, the two security pros address questions surrounding how security and compliance interact, and how to get executives to care about security beyond simple compliance. Video
-
Kumbaya: How the storage and security teams can work together
Typically the storage and security teams of a company rarely work together. Unfortunately, as a result most organizations miss out on the benefits that come with storage-security cooperation. This Podcast features a countdown of the top 5 tips for g... Podcast
- See more Multimedia on Business Management: Security Support and Executive Communications
-
How to make a good first impression when presenting to executives
Explaining an information security program to C-suite executives can be nerve-racking. Here's how to make a good first impression. Answer
-
IT security strategy 2.0: Adjusting for a shifting infosec landscape
Seismic shifts in the infosec landscape can no longer be ignored. Ernie Hayden explains how to update an IT security strategy to account for change. Tip
-
Corporate compliance program: How to give a status update to the board
Expert Mike Chapple explains how to communicate the status of a corporate compliance program to the board, including both successes and shortcomings. Tip
-
IT content and vendor engagement evaluation survey
When IT professionals, such as you, have an IT project at their organization, there is a need to research multiple pieces of content from a variety of sources including vendors, third-parties and experts. This survey will allow TechTarget to identify... Survey
-
Reframing discussions about return on security investment
According to expert Joe Granneman, return on security investment is a misnomer. Here's a better way to view security expenditures. Answer
-
The effects of secure application development practices
Selling the CIO and others on secure application development requires understanding how it will impact the development process. Answer
-
IT security risk training for executives: How to get started
Executives don’t have time for formalized security risk training, so the onus is on the security team to become involved with core business processes. Answer
-
Aligning business and IT security: Learning from South Carolina breach
Ernie Hayden details how South Carolina's Department of Revenue breach proves business and IT security are often out of alignment, and how to fix it. Tip
-
Boosting information security budgets: How to get the funds you need
Getting executive support to boost the information security budget is no easy task. Expert Joe Granneman offers tips for getting the funds you need. Answer
-
Information Sharing and Analysis Centers: Getting started with ISACs
Joe Granneman explains how ISACs enable cybersecurity information sharing and the basic requirements for joining an ISAC. Answer
- See more All on Business Management: Security Support and Executive Communications
About Business Management: Security Support and Executive Communications
In this resource guide get tips and tricks from the experts on business management, how to get information security support and how to properly engage in executive communications.