Data breach


  • How to ensure a secure API

    Application program interfaces, or APIs, are nothing new in the IT world, but over the past ten years, public-facing APIs have risen from a handful to over 10,000. The function of APIs is to add capabilitiies to Web applications and mobile apps, allowing the automation of common processes that interact with services on other machines. APIs, in other words, let programs and websites "talk" to each other, which means APIs allow those programs and websites to provide even greater value to the end users.

    Like almost all good things in the world of IT, this raises security questions. When developers create an API, they can also inadvertently open a window to hackers. So this three-part guide looks carefully at both the nature of the security risk and also outlines best practices for managing your organization's use of outside APIs in a secure fashion, as well as making sure that any API's you make publicly available are not opening you up to attack.Continue Reading

  • Cybersecurity risk management benefits from analytics, reporting

    Data breaches continue to threaten businesses, but companies are turning to data analytics to help identify vulnerabilities and make cybersecurity risk management more efficient.Continue Reading

  • Mastering the cloud contract

    Cynthia Nustad recalls a time not that long ago when businesses didn't have much flexibility in negotiating contracts with cloud providers. "Maybe you could negotiate on price or add-ons, but the core service was pretty vanilla and hardened," said the CIO at HMS, a healthcare management services company. Back then, agreements that had the provider assuming part of the risk in the event of a breach were a no-go. Today, however, things have markedly changed. The rapid growth of cloud computing has given IT leaders an edge when it comes to negotiating a cloud contract.

    In this issue of CIO Decisions, get advice from CIOs and experts on how to procure more safeguards and custom features in your cloud contract that address your business needs. Also in this issue, we walk through UPS' journey from analog to digital business; outline common mistakes companies make when implementing hybrid cloud; take a look at what's under the hood of Etsy's business model; talk to former McCormick CIO Jerry Wolfe about how the spice company is using its platform business model to shake up the food industry; and examine why getting the most out of knowledge workers today requires "Supportive Leadership."Continue Reading

  • The best endpoint security approach in this interconnected age

    Some endpoint security suites have reached a level where they create almost all the capabilities of an enterprise in microcosm. New emphasis has been placed on protections that don't depend on traditional static scanning, but how well are these various approaches (whitelisting, sandboxing and so on) working out? And could the cloud possibly be the best endpoint security solution in today's mobile age? This handbook looks at the current state of endpoint protection and offers tips on how to best ensure endpoint security in the future.

    SearchSecurity contributors examine the question of how best to secure endpoints, and provide actionable advice. Karen Scarfone questions the all-too-common assumption that using the cloud undermines security, and also outlines specific ways in which cloud-based tools can be useful in improving endpoint security. In a separate chapter, Scarfone considers whether the best endpoint security is achieved by combining tools and methods -- that is, by using an endpoint security suite. Ed Tittel focuses on the threat to endpoint security from malware and how antimalware tools can beef up defenses, offering scenarios that show how antimalware products work to secure endpoints.Continue Reading

  • CSA Guide to Cloud Computing

    In this excerpt of CSA Guide to Cloud Computing, authors Rai Samani, Brian Honan and Jim Reavis review cloud security threats based on research by the CSA's Top Threats Working Group.Continue Reading

  • The CISO role rises: How is it working out?

    An unusual game of musical chairs is unfolding as companies scramble to ensure information security and shore up their ranks to the tune of regulators.Continue Reading

  • Steps to take in order to secure virtual machines

    Something as small as a flash drive can be a danger to your virtual machines and the data inside them. Make sure to keep your info secure.Continue Reading

  • IoT data governance challenges discussed at Dreamforce

    As Salesforce pushes its IoT Cloud, companies must be ready and willing to properly handle the massive influx of device data coming their way.Continue Reading

  • How to introduce data security management into the cloud

    Enterprises are adopting mobile and cloud computing rapidly -- raising concerns about data security management. George Lawton explores how IT can address those challenges.Continue Reading

  • How is cloud data loss prevention changed by shadow IT?

    Shadow IT means enterprises are at increasing risk of cloud data loss, but providing employees with comparable file sharing apps can help.Continue Reading

  • Are cloud-based data warehousing and business analytics worth the risk?

    Cloud services have become a popular cost-saving option for businesses, but they must be careful to protect against constantly evolving data risk.Continue Reading

  • Three mobile security threats IT should know

    When it comes to mobile security threats, IT has more to deal with than just risky, malicious apps.Continue Reading

  • Does the HHS Web portal affect data breach reporting?

    HIPAA data breach reporting now uses an electronic Web portal, so what does this mean for covered entities? Expert Mike Chapple explains.Continue Reading

  • Cybersecurity experts: 'Brittle' security systems need overhaul

    Cybersecurity experts urge enterprises to embrace new tools, including micro-virtualization and intelligence-led security.Continue Reading

  • Stop a healthcare data breach with help from analytics, AI

    Catching a healthcare data breach before it damages an organization's operations may be as simple as adding analytics to existing security.Continue Reading