Data breach


  • Data security in a cyberthreat landscape

    President Obama couldn't have put the current state of cybersecurity better: "Whether it's phishing or botnets, spyware or malware, and now ransomware, these attacks are getting more and more sophisticated every day," he said at a summit at Stanford University earlier this year. And yet, many enterprises remain complacent in the face of these grave threats. In fact, in a study cited by SearchCIO expert Harvey Koeppel, a measly 9% of executives at companies that have experienced a breach run ongoing security tests. "What's the deal here? If this bad stuff has been going on for more than 30 years, why can't we get it under control?" Koeppel asks.

    In this SearchCIO handbook, Koeppel attempts to answer that question for CIOs: He provides a checklist for IT leaders on how to manage data security in a landscape riddled with evolving cyberthreats. In our second piece, CTO Niel Nickolaisen offers three security processes that can help mitigate the one constant in the midst of ever-evolving cyber-risks: human error. Lastly, writer Mary K. Pratt talks to top security experts about what companies need to do to make their security systems less "brittle" and more resilient.Continue Reading

  • What admins should know about Microsoft Azure security

    Although Microsoft performs its own Azure testing, end users bear the responsibility of making sure their systems meet company security requirements.Continue Reading

  • How is cloud data loss prevention changed by shadow IT?

    Shadow IT means enterprises are at increasing risk of cloud data loss, but providing employees with comparable file sharing apps can help.Continue Reading

  • How NIST SP 800-171 affects the protection of CUI

    The recently released NIST SP 800-171 is designed to protect controlled unclassified information (CUI) outside of the government. Expert Mike O. Villegas explores the impact of these guidelines.Continue Reading

  • Are cloud-based data warehousing and business analytics worth the risk?

    Cloud services have become a popular cost-saving option for businesses, but they must be careful to protect against constantly evolving data risk.Continue Reading

  • Finding the right balance in hybrid cloud security

    The growing complexity of hybrid cloud security has many CIOs working to update their controls, particularly with cloud resources, which offer less visibility.Continue Reading

  • Five ways CIOs build hybrid cloud security

    As CIOs adopt hybrid cloud strategies, some quickly learn that force-fitting traditional security methods to public and private clouds, or some combination, doesn't work. Whether it's migrating non-sensitive workloads to off-site data centers or standardizing cloud-based tools at global business units, the business value of these strategies hinges on effective security programs. In this issue of Information Security magazine, we look at what CIOs have learned so far about hybrid cloud security, and the native-cloud and cloud-first technologies that are easing these transitions.

    Along with migration toward cloud, more companies are faced with protecting IP and other assets as mergers and acquisitions gain momentum. CISOs are increasingly brought into M&A due diligence to help evaluate the information security of acquisition targets. Integrating systems and ensuring application and data security before, during and after M&A requires a unique set of survival skills. We outline key actions during different stages of the process.

    Federal government agencies are conducting a 30-day cybersecurity sprint after the U.S. Office of Personnel Management's disclosure that its systems were breached. Despite numerous security warnings, OPM used a decentralized approach to security. We look at the lack of accountability and InfoSec leadership and why, in an age when nation-states represent a national security threat, security professionals still face an uphill climb in some government agencies.Continue Reading

  • Wearables security: Do enterprises need a separate WYOD policy?

    Wearable technology is infiltrating the enterprise, much like BYOD has. Expert Michael Cobb discusses the security concerns of wearables and outlines how to create a WYOD policy.Continue Reading

  • What happens if the Data Accountability and Trust Act becomes a law?

    The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.Continue Reading

  • OPM breach a teachable moment in security basics

    The recent OPM breach exposed personal information for nearly 22 million people. Here's how enterprises can prevent a similar attack.Continue Reading

  • Can the security industry handle a chief information risk officer?

    Chief information risk officers seem to be on the horizon as CISOs become inundated with responsibilities, but adding another c-level could cause more harm than good.Continue Reading

  • The right approach for a vulnerability disclosure policy

    Qualys CTO Wolfgang Kandek discussed the hot topic of responsible vulnerability disclosure policies, and the friction between Google and Microsoft, at RSA Conference 2015.Continue Reading

  • Security alerts: What's the best way to reduce false positives?

    False positive security alerts are troublesome, costly and time-consuming. Expert Kevin Beaver explains how to reduce the number of false positivesContinue Reading

  • WebRTC security concerns shouldn't deter enterprises

    Native media encryption and regular Web browser updates mitigate WebRTC security threats. Authorization and fraud-prevention mechanisms can help, too.Continue Reading

  • Telemedicine security has the attention of healthcare providers

    Healthcare organizations willing to take on remote monitoring projects should allow their IT teams time to craft a telemedicine security plan.Continue Reading