Comments
5 Black Hat Security Lessons For CIOs
Newest First  |  Oldest First  |  Threaded View
RichardGorman
50%
50%
RichardGorman,
User Rank: Apprentice
8/2/2012 | 5:37:14 PM
re: 5 Black Hat Security Lessons For CIOs
Andy, the intrinsic value of stolen usernames, passwords and email addresses from an online gaming site like Gamingo may not be apparent at first blush. However, as you point out, since many people reuse the same passwords on multiple sites including sensitive banking and financial applications G㢠the fallout from this and other apparently innocuous data breaches is being underestimated. Any company that gathers and stores customer information needs to make sure the data is unusable if it is stolen.

@a_greenberg
@Forbes
jrandels342
50%
50%
jrandels342,
User Rank: Apprentice
7/31/2012 | 7:50:20 PM
re: 5 Black Hat Security Lessons For CIOs
You make several salient points here. Considering the mountains of data on enterprise networks today it is crucial to understand the value of data and the necessary safeguards required to protect your critical assets.

Generating internal buy-in and agreement on priorities and acceptable risk are key in securing assets and funding for protecting them.

A little forethought and planning goes a long way in security!

Joy Randels, CISM,CIPP,CWSP
pcalento011
50%
50%
pcalento011,
User Rank: Apprentice
7/31/2012 | 7:24:30 PM
re: 5 Black Hat Security Lessons For CIOs
Eric, what role does TRANSPARENCY play? All to often, we may have a predisposition to "hide" what's going on. Is this what you mean by, "... Developers and security professionals don't need to party together, but they sure do need to work together". --Paul Calento http://bit.ly/paul_calento
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
7/28/2012 | 8:02:42 PM
re: 5 Black Hat Security Lessons For CIOs
If the end of point 2 is accurate, and I really hope it is, that's a great thing.

While I really like the idea of cloud computing, organizations absolutely MUST sit down and look at the risks associated with adopting this technology in it's currentl state. The push to make data and applications available to anyone authorized from any authorized device has the fallout of only being a secure as the authorization methods used.

Weak password here, lack of proper encryption there, a little social engineering and you'll see your confidential business data on the e-reader screen of your neighbor on the train tomorrow (if it's not in the headlines of the newspaper already).

Andrew Hornback
InformationWeek Contributor


IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.