Security Management Strategies for the CIO
Email Alerts
-
Worst practices: Recognizing the biggest compliance mistakes
With all of the compliance requirements and regulations organizations need to abide by these days, corporate compliance blunders are inevitable. In this tip, security management expert Mike Rothman highlights the biggest compliance mistakes seen in t... Tip
-
The TJX data security breach: 10-K filing shows IAM and compliance mistakes
Analysis of TJX's recent 10-K regulatory filing with the Securities and Exchange Commission exposes the company's lack of basic security and non-compliance with industry standards. But as Joel Dubin writes, a closer look highlights lessons from which... Tip
-
The security risks of Google Notebook
Security practitioners know to keep sensitive information under lock and key, but, as Web services proliferate, ensuring information remains private is more difficult than ever. In this tip, Ed Skoudis examines how one of Google's latest Web applica... Tip
-
PCI compliance after the TJX data breach
The massive TJX data breach reinforced the need for stricter controls when handling credit card information. In this tip, Joel Dubin reexamines the need for the PCI Data Security Standard and advises how to ease the PCI compliance burden. Tip
-
Lessons learned from TJX: Best practices for enterprise wireless encryption
The TJX data breach revealed all too well the weaknesses of the Wired Equivalent Privacy security model. The retailer's well-documented compromise of more than 94 million credit card numbers proved that intruders can easily take advantage of unprote... Tip
-
Encryption strategies for preventing laptop data leaks
The majority of enterprise notebook computers contain sensitive information. Should those devices fall into the wrong hands, encryption can keep the data safe. Expert Lisa Phifer discusses the pros and cons of today's notebook data encryption methods... Tip
-
PCI Data Security Standard compliance: Setting the record straight
Helping executives understand what PCI Data Security Standard compliance is all about can be a challenge, especially when it comes to debunking the many myths that have been perpetuated over the years. Read this tip by contributor John Kindervag as h... Tip
-
CISSP certification can serve as introduction to regulatory compliance
The CISSP is widely considered a valuable baseline certification for information security professionals, but its coursework can also be a valuable introduction to the complex world of regulatory compliance. As certification expert Peter H. Gregory ex... Tip
-
The cost of data breaches: Looking at the hard numbers
Trying to determine the cost of a data breach is no easy task. After calculating the expenses of legal fees, call centers, lost employee productivity, regulatory fines, stock plummets and customer losses, it can be dizzying, if not impossible, to com... Tip
-
Public wireless networks present a raft of dangers
A company's end-users don't always have the luxury of a protected network, as many often leave the comfort of their guarded corporate environment and access the Internet from coffee shops, hotels, airports and other public areas. In this tip, Mike Ch... Tip