Data breach


  • What data breach notification policy should enterprises follow?

    A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices.Continue Reading

  • How to identify and handle potential cloud security breaches

    With the increasing popularity of the cloud over traditional data centers, it's important to be aware of some of the potential risks of cloud computing.Continue Reading

  • Mastering the cloud contract

    Cynthia Nustad recalls a time not that long ago when businesses didn't have much flexibility in negotiating contracts with cloud providers. "Maybe you could negotiate on price or add-ons, but the core service was pretty vanilla and hardened," said the CIO at HMS, a healthcare management services company. Back then, agreements that had the provider assuming part of the risk in the event of a breach were a no-go. Today, however, things have markedly changed. The rapid growth of cloud computing has given IT leaders an edge when it comes to negotiating a cloud contract.

    In this issue of CIO Decisions, get advice from CIOs and experts on how to procure more safeguards and custom features in your cloud contract that address your business needs. Also in this issue, we walk through UPS' journey from analog to digital business; outline common mistakes companies make when implementing hybrid cloud; take a look at what's under the hood of Etsy's business model; talk to former McCormick CIO Jerry Wolfe about how the spice company is using its platform business model to shake up the food industry; and examine why getting the most out of knowledge workers today requires "Supportive Leadership."Continue Reading

  • The best endpoint security approach in this interconnected age

    Some endpoint security suites have reached a level where they create almost all the capabilities of an enterprise in microcosm. New emphasis has been placed on protections that don't depend on traditional static scanning, but how well are these various approaches (whitelisting, sandboxing and so on) working out? And could the cloud possibly be the best endpoint security solution in today's mobile age? This handbook looks at the current state of endpoint protection and offers tips on how to best ensure endpoint security in the future.

    SearchSecurity contributors examine the question of how best to secure endpoints, and provide actionable advice. Karen Scarfone questions the all-too-common assumption that using the cloud undermines security, and also outlines specific ways in which cloud-based tools can be useful in improving endpoint security. In a separate chapter, Scarfone considers whether the best endpoint security is achieved by combining tools and methods -- that is, by using an endpoint security suite. Ed Tittel focuses on the threat to endpoint security from malware and how antimalware tools can beef up defenses, offering scenarios that show how antimalware products work to secure endpoints.Continue Reading

  • Azure AD PowerShell supports MFA to protect authentication

    The preview of the Azure AD PowerShell module flexes its muscles by supporting MFA and device management.Continue Reading

  • Why did Anthem resist government vulnerability assessments?

    Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business.Continue Reading

  • Data security in a cyberthreat landscape

    President Obama couldn't have put the current state of cybersecurity better: "Whether it's phishing or botnets, spyware or malware, and now ransomware, these attacks are getting more and more sophisticated every day," he said at a summit at Stanford University earlier this year. And yet, many enterprises remain complacent in the face of these grave threats. In fact, in a study cited by SearchCIO expert Harvey Koeppel, a measly 9% of executives at companies that have experienced a breach run ongoing security tests. "What's the deal here? If this bad stuff has been going on for more than 30 years, why can't we get it under control?" Koeppel asks.

    In this SearchCIO handbook, Koeppel attempts to answer that question for CIOs: He provides a checklist for IT leaders on how to manage data security in a landscape riddled with evolving cyberthreats. In our second piece, CTO Niel Nickolaisen offers three security processes that can help mitigate the one constant in the midst of ever-evolving cyber-risks: human error. Lastly, writer Mary K. Pratt talks to top security experts about what companies need to do to make their security systems less "brittle" and more resilient.Continue Reading

  • What admins should know about Microsoft Azure security

    Although Microsoft performs its own Azure testing, end users bear the responsibility of making sure their systems meet company security requirements.Continue Reading

  • How is cloud data loss prevention changed by shadow IT?

    Shadow IT means enterprises are at increasing risk of cloud data loss, but providing employees with comparable file sharing apps can help.Continue Reading

  • How NIST SP 800-171 affects the protection of CUI

    The recently released NIST SP 800-171 is designed to protect controlled unclassified information (CUI) outside of the government. Expert Mike O. Villegas explores the impact of these guidelines.Continue Reading

  • Are cloud-based data warehousing and business analytics worth the risk?

    Cloud services have become a popular cost-saving option for businesses, but they must be careful to protect against constantly evolving data risk.Continue Reading

  • Finding the right balance in hybrid cloud security

    The growing complexity of hybrid cloud security has many CIOs working to update their controls, particularly with cloud resources, which offer less visibility.Continue Reading

  • Five ways CIOs build hybrid cloud security

    As CIOs adopt hybrid cloud strategies, some quickly learn that force-fitting traditional security methods to public and private clouds, or some combination, doesn't work. Whether it's migrating non-sensitive workloads to off-site data centers or standardizing cloud-based tools at global business units, the business value of these strategies hinges on effective security programs. In this issue of Information Security magazine, we look at what CIOs have learned so far about hybrid cloud security, and the native-cloud and cloud-first technologies that are easing these transitions.

    Along with migration toward cloud, more companies are faced with protecting IP and other assets as mergers and acquisitions gain momentum. CISOs are increasingly brought into M&A due diligence to help evaluate the information security of acquisition targets. Integrating systems and ensuring application and data security before, during and after M&A requires a unique set of survival skills. We outline key actions during different stages of the process.

    Federal government agencies are conducting a 30-day cybersecurity sprint after the U.S. Office of Personnel Management's disclosure that its systems were breached. Despite numerous security warnings, OPM used a decentralized approach to security. We look at the lack of accountability and InfoSec leadership and why, in an age when nation-states represent a national security threat, security professionals still face an uphill climb in some government agencies.Continue Reading

  • Wearables security: Do enterprises need a separate WYOD policy?

    Wearable technology is infiltrating the enterprise, much like BYOD has. Expert Michael Cobb discusses the security concerns of wearables and outlines how to create a WYOD policy.Continue Reading

  • What happens if the Data Accountability and Trust Act becomes a law?

    The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.Continue Reading