Security Management Strategies for the CIO
Email Alerts
-
Book chapter: Obtain Buy-In from Stakeholders
This is an excerpt from the book Security Metrics: A Beginner’s Guide . Author Caroline Wong discussing strategies for managing a team of stakeholders Feature
-
Quiz: How IDS/IPS can enable business objectives
How much have you learned about integrating IDS/IPS with your enterprise's business goals? Find out with this short quiz. Quiz
-
Results Chain for Information Security and Assurance
Magazine download
-
Information Security Blueprint
Magazine download
-
Information Security Governance Guide
This guide provides an introduction to what information security governance and a security program are, and examines how to deploy security policies within any environment. Learning Guide
-
Owning the C-suite
If you've found yourself on the losing end of a few too many battles, and security is suffering because of a lack of support from top executives, a bit of positive social engineering may be just the thing. Information Security maga
-
Executive Security Management
Security Architectural Mo
-
Life Cycles
Security Architectural Mo
-
The Business Model
Step-by-Step Guide
-
Ability to work independently
Book Chapter
- See More: Essential Knowledge on Business Management: Security Support and Executive Communications
-
Division of CISO responsibilities may prevent burnout
CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs. News | 17 May 2012
-
Business and IT security alignment is off
Aligning IT security with business goals is nice, but is it always realistic? Mandates from management often clash with the industry’s ideal characterization of an IT security leader. News | 09 Apr 2012
-
Industry is doomed by automation, misguided IT security strategy, experts warn
Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch. News | 04 Apr 2012
-
Why businesses should care about proposed Protect IP, SOPA pirating laws
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups. News | 20 Dec 2011
-
Security innovation must hurdle academic, regulatory roadblocks
Regulators, lawmakers, academia share equal blame in putting the brakes on innovation in security, experts say News | 05 Oct 2011
-
Black Hat 2011: Money for secure application development proves elusive
For most security teams, it’s still a struggle to find money for secure application development, according to a panel of Black Hat 2011 experts. News | 04 Aug 2011
-
Stealthy attacks contribute to skyrocketing cost of cybercrime, report finds
A new study by the Ponemon Institute found the cost of cybercrime to enterprises has increased 56% over the previous year. News | 02 Aug 2011
-
High-profile attacks, inadequate defenses burden IT security programs
Can CISOs turnaround IT security programs to be more proactive? Experts say many programs are frozen in a reactive mode. News | 27 Jun 2011
-
Eye On: CISO Management Issues
SearchSecurity.com's "Eye On" series examines a security topic each month. In June, the series explores cloud contracts, compliance demands, security awareness and risk-based decision making. News | 23 Jun 2011
-
Smart grid security issues hinge on infosec, operator teamwork
Bridging the chasm between information security and utility infrastructure teams is the only way to solve smart grid security issues. Fortunately, NERC CIP compliance is forcing change. Article | 17 Feb 2011
- See More: News on Business Management: Security Support and Executive Communications
-
Modern security management strategy requires security separation of duties
Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy. Tip
-
Aligning network security with business priorities
Too often, network security administrators have their security budget requests nixed by executives because they weren't able to align their requests with business priorities. In this tip, learn how to make sure your security and business priorities m... Tip
-
How to align an information security framework to your business model
CISOs should consider blending traditional business models with information security frameworks, and not rely solely on regulations to drive security programs. Tip
-
How to get information security buy-in from the executive team
When pitching security to the big bosses, it's important to brush up on public-speaking skills and lay out the case in advance. Mike Rothman gives his recommendations on how to prepare for a security presentation in order to receive the necessary man... Tip
-
M&A: Merging network security policies
Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple explai... Tip
-
Mergers and acquisitions: Building up security after an M&A
Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave themselves open to attack. In this tip, contributor Ed Sko... Tip
-
Ensuring Web application security during a company merger
When companies merge, so must their Web application infrastructures. Securing and integrating applications, however, can be a struggle without cooperation from all sides. In this tip, Michael Cobb explains how a merged organization can avoid turf bat... Tip
-
Best practices for compliance during a merger
Company mergers involve more than just aligning two different security infrastructures. When one vendor acquires another, it's the handling of compliance issues that can be an IT security staff's toughest task. In this tip, security expert Joel Dubin... Tip
-
Key elements when building an information security program
Discover how to achieve information security governance by learning the essential elements behind a sucessful security program. Tip
-
A guide to governance, security and safeguarding your business
In this presentation, Dr. Fred Cohen, who is one of the world's leading researchers and analysts in information protection, investigates the link between corporate governance and information protection. Tip
- See More: Tips on Business Management: Security Support and Executive Communications
-
Best practices: Gaining executive support for the software security lifecycle
Recent BSIMM3 study results provide guidelines for why executive support for the software security lifecycle is so important. Michael Cobb explains. Answer
-
Privileged account policy: Securely managing privileged accounts
Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information. Answer
-
Best practices for information security reward incentive programs
While employee termination may be necessary in cases of insecure conduct, most employees are more encouraged by the carrot than the stick when it comes to security and compliance. Ask the Expert
-
Negotiating an IT security budget for a data loss prevention tool
If your enterprise is considering a DLP purchase, read this expert response for advice on getting the information security budget to buy the best product possible. Ask the Expert
-
How to enforce a USB security policy with support from management
A USB security policy is only as good as its enforcement. In this expert response from Ernie Hayden, learn how to make sure your employees take USB security policies seriously. Ask the Expert
-
Information security program development: Security vs. compliance
Some enterprises can be compliant for their audits, but let security slip the rest of the time. In this expert response, Ernie Hayden explains how to get your enterprise to focus on security rather than just compliance. Ask the Expert
-
How to update a disaster recovery, contingency planning strategy
Have your disaster recovery plans fallen woefully behind the current state of your business? In this expert response, Ernie Hayden discusses how to conduct tabletop exercises to get your plans back on track. Ask the Expert
-
Security report template: How to write an executive report
Writing a security report for executives doesn't have to be difficult or extensive, but security management expert Ernie Hayden describes how to make it comprehensive and clear. Ask the Expert
-
How to talk to executives about an information security team hire
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about making an uncertified hire. Ask the Expert
-
How to talk to executives after a data breach
In the wake of a data breach, how do you know when to talk to executives, and, more importantly, what to say? In this expert response, learn how to talk to executives after a data breach. Ask the Expert
- See More: Expert Advice on Business Management: Security Support and Executive Communications
-
security
In information technology, security is the protection of information assets through the use of technology, processes, and training. Definition
-
MGH security director on making the security business case
Bonnie Michelman, security chief for Massachusetts General Hospital, discusses making the security business case to executives. Video
-
Default deny security: How to implement a positive security model
What is 'default deny' security? How difficult is the implementation process, and how could you sell it to executives? In this video, expert Mike Rothman explains how a positive security model works and how to decide if it's right for your enterprise... Video
-
Meeting business goals with network security technologies
This video will discuss how moving from primary business functions to more detailed business tasks can help identify goals that network security can assist in meeting. Video
-
Countdown: Top 5 ways to tune IDS/IPS to meet business needs
In this podcast, we'll count down the top five ways to tune an IDS/IPS to make sure it's meeting the business requirements you purchased it to meet. Podcast
-
Schneier-Ranum face-off, part 3: Compliance and security
In this third part of Schneier and Ranum's Face-off at ISD 2009, the two security pros address questions surrounding how security and compliance interact, and how to get executives to care about security beyond simple compliance. Video
-
Kumbaya: How the storage and security teams can work together
Typically the storage and security teams of a company rarely work together. Unfortunately, as a result most organizations miss out on the benefits that come with storage-security cooperation. This Podcast features a countdown of the top 5 tips for ge... Podcast
-
Webcast: The business case for intrusion, perimeter defense security
In this presentation, Joel Snyder explains how to secure the necessary funds to implement intrusion defense and perimeter defense security tactics. Webcast
-
Division of CISO responsibilities may prevent burnout
CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs. News
-
Business and IT security alignment is off
Aligning IT security with business goals is nice, but is it always realistic? Mandates from management often clash with the industry’s ideal characterization of an IT security leader. News
-
Industry is doomed by automation, misguided IT security strategy, experts warn
Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch. News
-
Book chapter: Obtain Buy-In from Stakeholders
This is an excerpt from the book Security Metrics: A Beginner’s Guide . Author Caroline Wong discussing strategies for managing a team of stakeholders Feature
-
Best practices: Gaining executive support for the software security lifecycle
Recent BSIMM3 study results provide guidelines for why executive support for the software security lifecycle is so important. Michael Cobb explains. Answer
-
Privileged account policy: Securely managing privileged accounts
Randall Gamby discusses how to securely implement a privileged account policy within the enterprise and collectively manage sensitive account information. Answer
-
Why businesses should care about proposed Protect IP, SOPA pirating laws
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups. News
-
Modern security management strategy requires security separation of duties
Contributor Matthew Pascucci argues that enterprises need security separation of duties to ensure an effective, modern security management strategy. Tip
-
Security innovation must hurdle academic, regulatory roadblocks
Regulators, lawmakers, academia share equal blame in putting the brakes on innovation in security, experts say News
-
MGH security director on making the security business case
Bonnie Michelman, security chief for Massachusetts General Hospital, discusses making the security business case to executives. Video
- See More: All on Business Management: Security Support and Executive Communications
About Business Management: Security Support and Executive Communications
In this resource guide get tips and tricks from the experts on business management, how to get information security support and how to properly engage in executive communications.